lib: reduce variable scopes

Fixes Codacy/CppCheck warnings. Closes https://github.com/curl/curl/pull/3872
2024-08-13 17:03:50 -04:00 · 2019-05-11 21:42:48 +02:00 · 2019-05-11 21:42:48 +02:00 · 10db3ef21e
commit 10db3ef21e
parent 27af2ec219
23 changed files with 115 additions and 124 deletions
--- a/lib/connect.c
+++ b/lib/connect.c
@ -628,7 +628,6 @@ UNITTEST bool getaddressinfo(struct sockaddr *sa, char *addr,
 UNITTEST bool getaddressinfo(struct sockaddr *sa, char *addr,
                             long *port)
 {
  unsigned short us_port;
  struct sockaddr_in *si = NULL;
 #ifdef ENABLE_IPV6
  struct sockaddr_in6 *si6 = NULL;
@ -642,7 +641,7 @@ UNITTEST bool getaddressinfo(struct sockaddr *sa, char *addr,
      si = (struct sockaddr_in *)(void *) sa;
      if(Curl_inet_ntop(sa->sa_family, &si->sin_addr,
                        addr, MAX_IPADR_LEN)) {
-        us_port = ntohs(si->sin_port);
+        unsigned short us_port = ntohs(si->sin_port);
        *port = us_port;
        return TRUE;
      }
@ -652,7 +651,7 @@ UNITTEST bool getaddressinfo(struct sockaddr *sa, char *addr,
      si6 = (struct sockaddr_in6 *)(void *) sa;
      if(Curl_inet_ntop(sa->sa_family, &si6->sin6_addr,
                        addr, MAX_IPADR_LEN)) {
-        us_port = ntohs(si6->sin6_port);
+        unsigned short us_port = ntohs(si6->sin6_port);
        *port = us_port;
        return TRUE;
      }
--- a/lib/cookie.c
+++ b/lib/cookie.c
@ -1509,10 +1509,6 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
  struct Cookie *co;
  FILE *out;
  bool use_stdout = FALSE;
  char *format_ptr;
  unsigned int i;
  unsigned int j;
  struct Cookie **array;
  if(!c)
    /* no cookie engine alive */
@ -1539,6 +1535,10 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
        out);
  if(c->numcookies) {
    unsigned int i;
    unsigned int j;
    struct Cookie **array;
    array = malloc(sizeof(struct Cookie *) * c->numcookies);
    if(!array) {
      if(!use_stdout)
@ -1558,7 +1558,7 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
    qsort(array, c->numcookies, sizeof(struct Cookie *), cookie_sort_ct);
    for(i = 0; i < j; i++) {
-      format_ptr = get_netscape_format(array[i]);
+      char *format_ptr = get_netscape_format(array[i]);
      if(format_ptr == NULL) {
        fprintf(out, "#\n# Fatal libcurl error\n");
        free(array);
--- a/lib/doh.c
+++ b/lib/doh.c
@ -584,7 +584,6 @@ UNITTEST DOHcode doh_decode(unsigned char *doh,
  unsigned short qdcount;
  unsigned short ancount;
  unsigned short type = 0;
  unsigned short class;
  unsigned short rdlength;
  unsigned short nscount;
  unsigned short arcount;
@ -612,6 +611,7 @@ UNITTEST DOHcode doh_decode(unsigned char *doh,
  ancount = get16bit(doh, 6);
  while(ancount) {
    unsigned short class;
    unsigned int ttl;
    rc = skipqname(doh, dohlen, &index);
@ -896,8 +896,6 @@ CURLcode Curl_doh_is_resolved(struct connectdata *conn,
    DOHcode rc;
    DOHcode rc2;
    struct dohentry de;
    struct Curl_dns_entry *dns;
    struct Curl_addrinfo *ai;
    /* remove DOH handles from multi handle and close them */
    curl_multi_remove_handle(data->multi, data->req.doh.probe[0].easy);
    Curl_close(data->req.doh.probe[0].easy);
@ -927,6 +925,9 @@ CURLcode Curl_doh_is_resolved(struct connectdata *conn,
            data->req.doh.host);
    }
    if(!rc || !rc2) {
      struct Curl_dns_entry *dns;
      struct Curl_addrinfo *ai;
      infof(data, "DOH Host name: %s\n", data->req.doh.host);
      showdoh(data, &de);
--- a/lib/hostcheck.c
+++ b/lib/hostcheck.c
@ -127,16 +127,14 @@ static int hostmatch(char *hostname, char *pattern)
 int Curl_cert_hostcheck(const char *match_pattern, const char *hostname)
 {
  char *matchp;
  char *hostp;
  int res = 0;
  if(!match_pattern || !*match_pattern ||
      !hostname || !*hostname) /* sanity check */
    ;
  else {
-    matchp = strdup(match_pattern);
+    char *matchp = strdup(match_pattern);
    if(matchp) {
-      hostp = strdup(hostname);
+      char *hostp = strdup(hostname);
      if(hostp) {
        if(hostmatch(hostp, matchp) == CURL_HOST_MATCH)
          res = 1;
--- a/lib/hostip6.c
+++ b/lib/hostip6.c
@ -102,15 +102,16 @@ static void dump_addrinfo(struct connectdata *conn, const Curl_addrinfo *ai)
  printf("dump_addrinfo:\n");
  for(; ai; ai = ai->ai_next) {
    char buf[INET6_ADDRSTRLEN];
    char buffer[STRERROR_LEN];
    printf("    fam %2d, CNAME %s, ",
           ai->ai_family, ai->ai_canonname ? ai->ai_canonname : "<none>");
    if(Curl_printable_address(ai, buf, sizeof(buf)))
      printf("%s\n", buf);
-    else
+    else {
      char buffer[STRERROR_LEN];
      printf("failed; %s\n",
             Curl_strerror(SOCKERRNO, buffer, sizeof(buffer)));
    }
  }
 }
 #else
 #define dump_addrinfo(x,y) Curl_nop_stmt
--- a/lib/inet_pton.c
+++ b/lib/inet_pton.c
@ -153,7 +153,7 @@ inet_pton6(const char *src, unsigned char *dst)
  static const char xdigits_l[] = "0123456789abcdef",
    xdigits_u[] = "0123456789ABCDEF";
  unsigned char tmp[IN6ADDRSZ], *tp, *endp, *colonp;
-  const char *xdigits, *curtok;
+  const char *curtok;
  int ch, saw_xdigit;
  size_t val;
@ -168,6 +168,7 @@ inet_pton6(const char *src, unsigned char *dst)
  saw_xdigit = 0;
  val = 0;
  while((ch = *src++) != '\0') {
    const char *xdigits;
    const char *pch;
    pch = strchr((xdigits = xdigits_l), ch);
--- a/lib/ldap.c
+++ b/lib/ldap.c
@ -1069,8 +1069,6 @@ static int _ldap_url_parse(const struct connectdata *conn,
 static void _ldap_free_urldesc(LDAPURLDesc *ludp)
 {
  size_t i;
  if(!ludp)
    return;
@ -1078,6 +1076,7 @@ static void _ldap_free_urldesc(LDAPURLDesc *ludp)
  free(ludp->lud_filter);
  if(ludp->lud_attrs) {
    size_t i;
    for(i = 0; i < ludp->lud_attrs_dups; i++)
      free(ludp->lud_attrs[i]);
    free(ludp->lud_attrs);
--- a/lib/md4.c
+++ b/lib/md4.c
@ -115,7 +115,6 @@ static const void *body(MD4_CTX *ctx, const void *data, unsigned long size)
 {
  const unsigned char *ptr;
  MD4_u32plus a, b, c, d;
  MD4_u32plus saved_a, saved_b, saved_c, saved_d;
  ptr = (const unsigned char *)data;
@ -125,6 +124,8 @@ static const void *body(MD4_CTX *ctx, const void *data, unsigned long size)
  d = ctx->d;
  do {
    MD4_u32plus saved_a, saved_b, saved_c, saved_d;
    saved_a = a;
    saved_b = b;
    saved_c = c;
@ -214,7 +215,7 @@ static void MD4_Init(MD4_CTX *ctx)
 static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
 {
  MD4_u32plus saved_lo;
-  unsigned long used, available;
+  unsigned long used;
  saved_lo = ctx->lo;
  ctx->lo = (saved_lo + size) & 0x1fffffff;
@ -225,7 +226,7 @@ static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
  used = saved_lo & 0x3f;
  if(used) {
-    available = 64 - used;
+    unsigned long available = 64 - used;
    if(size < available) {
      memcpy(&ctx->buffer[used], data, size);
--- a/lib/md5.c
+++ b/lib/md5.c
@ -275,7 +275,6 @@ static const void *body(MD5_CTX *ctx, const void *data, unsigned long size)
 {
  const unsigned char *ptr;
  MD5_u32plus a, b, c, d;
  MD5_u32plus saved_a, saved_b, saved_c, saved_d;
  ptr = (const unsigned char *)data;
@ -285,6 +284,8 @@ static const void *body(MD5_CTX *ctx, const void *data, unsigned long size)
  d = ctx->d;
  do {
    MD5_u32plus saved_a, saved_b, saved_c, saved_d;
    saved_a = a;
    saved_b = b;
    saved_c = c;
@ -392,7 +393,7 @@ static void MD5_Init(MD5_CTX *ctx)
 static void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size)
 {
  MD5_u32plus saved_lo;
-  unsigned long used, available;
+  unsigned long used;
  saved_lo = ctx->lo;
  ctx->lo = (saved_lo + size) & 0x1fffffff;
@ -403,7 +404,7 @@ static void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size)
  used = saved_lo & 0x3f;
  if(used) {
-    available = 64 - used;
+    unsigned long available = 64 - used;
    if(size < available) {
      memcpy(&ctx->buffer[used], data, size);
--- a/lib/memdebug.c
+++ b/lib/memdebug.c
@ -306,9 +306,8 @@ void *curl_dbg_realloc(void *ptr, size_t wantedsize,
 void curl_dbg_free(void *ptr, int line, const char *source)
 {
  struct memdebug *mem;
  if(ptr) {
    struct memdebug *mem;
 #ifdef __INTEL_COMPILER
 #  pragma warning(push)
--- a/lib/security.c
+++ b/lib/security.c
@ -410,8 +410,6 @@ int Curl_sec_read_msg(struct connectdata *conn, char *buffer,
 static int sec_set_protection_level(struct connectdata *conn)
 {
  int code;
  char *pbsz;
  static unsigned int buffer_size = 1 << 20; /* 1048576 */
  enum protection_level level = conn->request_data_prot;
  DEBUGASSERT(level > PROT_NONE && level < PROT_LAST);
@ -427,6 +425,9 @@ static int sec_set_protection_level(struct connectdata *conn)
    return 0;
  if(level) {
    char *pbsz;
    static unsigned int buffer_size = 1 << 20; /* 1048576 */
    code = ftp_send_command(conn, "PBSZ %u", buffer_size);
    if(code < 0)
      return -1;
--- a/lib/ssh-libssh.c
+++ b/lib/ssh-libssh.c
@ -1946,14 +1946,13 @@ static int myssh_getsock(struct connectdata *conn,
 static void myssh_block2waitfor(struct connectdata *conn, bool block)
 {
  struct ssh_conn *sshc = &conn->proto.sshc;
  int dir;
  /* If it didn't block, or nothing was returned by ssh_get_poll_flags
   * have the original set */
  conn->waitfor = sshc->orig_waitfor;
  if(block) {
-    dir = ssh_get_poll_flags(sshc->ssh_session);
+    int dir = ssh_get_poll_flags(sshc->ssh_session);
    if(dir & SSH_READ_PENDING) {
      /* translate the libssh define bits into our own bit defines */
      conn->waitfor = KEEP_RECV;
@ -2050,7 +2049,6 @@ static CURLcode myssh_connect(struct connectdata *conn, bool *done)
  CURLcode result;
  curl_socket_t sock = conn->sock[FIRSTSOCKET];
  struct Curl_easy *data = conn->data;
  int rc;
  /* initialize per-handle data if not already */
  if(!data->req.protop)
@ -2104,7 +2102,7 @@ static CURLcode myssh_connect(struct connectdata *conn, bool *done)
  ssh->pubkey = NULL;
  if(data->set.str[STRING_SSH_PUBLIC_KEY]) {
-    rc = ssh_pki_import_pubkey_file(data->set.str[STRING_SSH_PUBLIC_KEY],
+    int rc = ssh_pki_import_pubkey_file(data->set.str[STRING_SSH_PUBLIC_KEY],
                                        &ssh->pubkey);
    if(rc != SSH_OK) {
      failf(data, "Could not load public key file");
--- a/lib/ssh.c
+++ b/lib/ssh.c
@ -587,13 +587,13 @@ static CURLcode ssh_check_fingerprint(struct connectdata *conn)
  struct Curl_easy *data = conn->data;
  const char *pubkey_md5 = data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5];
  char md5buffer[33];
  int i;
  const char *fingerprint = libssh2_hostkey_hash(sshc->ssh_session,
      LIBSSH2_HOSTKEY_HASH_MD5);
  if(fingerprint) {
    /* The fingerprint points to static storage (!), don't free() it. */
    int i;
    for(i = 0; i < 16; i++)
      msnprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]);
    infof(data, "SSH MD5 fingerprint: %s\n", md5buffer);
--- a/lib/transfer.c
+++ b/lib/transfer.c
@ -157,15 +157,8 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes,
  size_t buffersize = bytes;
  size_t nread;
 #ifndef CURL_DISABLE_HTTP
  struct curl_slist *trailers = NULL;
  CURLcode c;
  int trailers_ret_code;
 #endif
  curl_read_callback readfunc = NULL;
  void *extra_data = NULL;
  bool added_crlf = FALSE;
 #ifdef CURL_DOES_CONVERSIONS
  bool sending_http_headers = FALSE;
@ -182,6 +175,10 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes,
 #ifndef CURL_DISABLE_HTTP
  if(data->state.trailers_state == TRAILERS_INITIALIZED) {
    struct curl_slist *trailers = NULL;
    CURLcode c;
    int trailers_ret_code;
    /* at this point we already verified that the callback exists
       so we compile and store the trailers buffer, then proceed */
    infof(data,
@ -296,7 +293,7 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes,
       here, knowing they'll become CRLFs later on.
     */
-    char hexbuffer[11] = "";
+    bool added_crlf = FALSE;
    int hexlen = 0;
    const char *endofline_native;
    const char *endofline_network;
@ -317,6 +314,7 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes,
    /* if we're not handling trailing data, proceed as usual */
    if(data->state.trailers_state != TRAILERS_SENDING) {
      char hexbuffer[11] = "";
      hexlen = msnprintf(hexbuffer, sizeof(hexbuffer),
                         "%zx%s", nread, endofline_native);
--- a/lib/urlapi.c
+++ b/lib/urlapi.c
@ -605,9 +605,9 @@ static CURLUcode hostname_check(struct Curl_URL *u, char *hostname)
    /* only valid letters are ok */
    len = strspn(hostname, l);
    if(hlen != len) {
      if(hostname[len] == '%') {
        /* this could now be '%[zone id]' */
        char zoneid[16];
      if(hostname[len] == '%') {
        int i = 0;
        char *h = &hostname[len + 1];
        /* pass '25' if present and is a url encoded percent sign */
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@ -143,7 +143,6 @@ static CURLcode
 cyassl_connect_step1(struct connectdata *conn,
                     int sockindex)
 {
  char error_buffer[CYASSL_MAX_ERROR_SZ];
  char *ciphers;
  struct Curl_easy *data = conn->data;
  struct ssl_connect_data* connssl = &conn->ssl[sockindex];
@ -420,6 +419,7 @@ cyassl_connect_step1(struct connectdata *conn,
    if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) {
      /* we got a session id, use it! */
      if(!SSL_set_session(BACKEND->handle, ssl_sessionid)) {
        char error_buffer[CYASSL_MAX_ERROR_SZ];
        Curl_ssl_sessionid_unlock(conn);
        failf(data, "SSL: SSL_set_session failed: %s",
              ERR_error_string(SSL_get_error(BACKEND->handle, 0),
--- a/lib/vtls/gskit.c
+++ b/lib/vtls/gskit.c
@ -734,12 +734,11 @@ static ssize_t gskit_recv(struct connectdata *conn, int num, char *buf,
 {
  struct ssl_connect_data *connssl = &conn->ssl[num];
  struct Curl_easy *data = conn->data;
  int buffsize;
  int nread;
  CURLcode cc = CURLE_RECV_ERROR;
  if(pipe_ssloverssl(conn, num, SOS_READ) >= 0) {
-    buffsize = buffersize > (size_t) INT_MAX? INT_MAX: (int) buffersize;
+    int buffsize = buffersize > (size_t) INT_MAX? INT_MAX: (int) buffersize;
    cc = gskit_status(data, gsk_secure_soc_read(BACKEND->handle,
                                                buf, buffsize, &nread),
                      "gsk_secure_soc_read()", CURLE_RECV_ERROR);
@ -806,7 +805,6 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex)
    conn->host.name;
  const char *sni;
  unsigned int protoflags = 0;
  long timeout;
  Qso_OverlappedIO_t commarea;
  int sockpair[2];
  static const int sobufsize = CURL_MAX_WRITE_SIZE;
@ -914,7 +912,7 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex)
  if(!result) {
    /* Compute the handshake timeout. Since GSKit granularity is 1 second,
       we round up the required value. */
-    timeout = Curl_timeleft(data, NULL, TRUE);
+    long timeout = Curl_timeleft(data, NULL, TRUE);
    if(timeout < 0)
      result = CURLE_OPERATION_TIMEDOUT;
    else
@ -1021,14 +1019,13 @@ static CURLcode gskit_connect_step2(struct connectdata *conn, int sockindex,
  struct Curl_easy *data = conn->data;
  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  Qso_OverlappedIO_t cstat;
  long timeout_ms;
  struct timeval stmv;
  CURLcode result;
  /* Poll or wait for end of SSL asynchronous handshake. */
  for(;;) {
-    timeout_ms = nonblocking? 0: Curl_timeleft(data, NULL, TRUE);
+    long timeout_ms = nonblocking? 0: Curl_timeleft(data, NULL, TRUE);
    if(timeout_ms < 0)
      timeout_ms = 0;
    stmv.tv_sec = timeout_ms / 1000;
@ -1077,7 +1074,6 @@ static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex)
  const char *cert = (const char *) NULL;
  const char *certend;
  const char *ptr;
  int i;
  CURLcode result;
  /* SSL handshake done: gather certificate info and verify host. */
@ -1087,6 +1083,8 @@ static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex)
                                                    &cdev, &cdec),
                  "gsk_attribute_get_cert_info()", CURLE_SSL_CONNECT_ERROR) ==
     CURLE_OK) {
    int i;
    infof(data, "Server certificate:\n");
    p = cdev;
    for(i = 0; i++ < cdec; p++)
@ -1261,7 +1259,6 @@ static int Curl_gskit_shutdown(struct connectdata *conn, int sockindex)
 {
  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  struct Curl_easy *data = conn->data;
  ssize_t nread;
  int what;
  int rc;
  char buf[120];
@ -1278,6 +1275,8 @@ static int Curl_gskit_shutdown(struct connectdata *conn, int sockindex)
                         SSL_SHUTDOWN_TIMEOUT);
  for(;;) {
    ssize_t nread;
    if(what < 0) {
      /* anything that gets here is fatally bad */
      failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@ -286,11 +286,11 @@ static CURLcode handshake(struct connectdata *conn,
  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  gnutls_session_t session = BACKEND->session;
  curl_socket_t sockfd = conn->sock[sockindex];
  time_t timeout_ms;
  int rc;
  int what;
  for(;;) {
    time_t timeout_ms;
    int rc;
    /* check allowed time left */
    timeout_ms = Curl_timeleft(data, NULL, duringconnect);
@ -303,7 +303,7 @@ static CURLcode handshake(struct connectdata *conn,
    /* if ssl is expecting something, check if it's available. */
    if(connssl->connecting_state == ssl_connect_2_reading
       || connssl->connecting_state == ssl_connect_2_writing) {
-
+      int what;
      curl_socket_t writefd = ssl_connect_2_writing ==
        connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
      curl_socket_t readfd = ssl_connect_2_reading ==
@ -957,7 +957,6 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
  gnutls_pubkey_t key = NULL;
  /* Result is returned to caller */
  int ret = 0;
  CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
  /* if a path wasn't specified, don't pin */
@ -968,6 +967,8 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
    return result;
  do {
    int ret;
    /* Begin Gyrations to get the public key     */
    gnutls_pubkey_init(&key);
@ -1279,10 +1280,7 @@ gtls_connect_step3(struct connectdata *conn,
    #define use_addr in_addr
 #endif
    unsigned char addrbuf[sizeof(struct use_addr)];
-    unsigned char certaddr[sizeof(struct use_addr)];
+    size_t addrlen = 0;
    size_t addrlen = 0, certaddrlen;
    int i;
    int ret = 0;
    if(Curl_inet_pton(AF_INET, hostname, addrbuf) > 0)
      addrlen = 4;
@ -1292,9 +1290,12 @@ gtls_connect_step3(struct connectdata *conn,
 #endif
    if(addrlen) {
      unsigned char certaddr[sizeof(struct use_addr)];
      int i;
      for(i = 0; ; i++) {
-        certaddrlen = sizeof(certaddr);
+        size_t certaddrlen = sizeof(certaddr);
-        ret = gnutls_x509_crt_get_subject_alt_name(x509_cert, i, certaddr,
+        int ret = gnutls_x509_crt_get_subject_alt_name(x509_cert, i, certaddr,
                                                       &certaddrlen, NULL);
        /* If this happens, it wasn't an IP address. */
        if(ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
@ -1465,8 +1466,6 @@ gtls_connect_step3(struct connectdata *conn,
       already got it from the cache and asked to use it in the connection, it
       might've been rejected and then a new one is in use now and we need to
       detect that. */
    bool incache;
    void *ssl_sessionid;
    void *connect_sessionid;
    size_t connect_idsize = 0;
@ -1475,6 +1474,9 @@ gtls_connect_step3(struct connectdata *conn,
    connect_sessionid = malloc(connect_idsize); /* get a buffer for it */
    if(connect_sessionid) {
      bool incache;
      void *ssl_sessionid;
      /* extract session ID to the allocated buffer */
      gnutls_session_get_data(session, connect_sessionid, &connect_idsize);
@ -1635,11 +1637,8 @@ static void Curl_gtls_close(struct connectdata *conn, int sockindex)
 static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
 {
  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  ssize_t result;
  int retval = 0;
  struct Curl_easy *data = conn->data;
  bool done = FALSE;
  char buf[120];
  /* This has only been tested on the proftpd server, and the mod_tls code
     sends a close notify alert without waiting for a close notify alert in
@ -1650,6 +1649,10 @@ static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
      gnutls_bye(BACKEND->session, GNUTLS_SHUT_WR);
  if(BACKEND->session) {
    ssize_t result;
    bool done = FALSE;
    char buf[120];
    while(!done) {
      int what = SOCKET_READABLE(conn->sock[sockindex],
                                 SSL_SHUTDOWN_TIMEOUT);
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@ -540,13 +540,6 @@ mbed_connect_step2(struct connectdata *conn,
        data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
        data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
 #ifdef HAS_ALPN
  const char *next_protocol;
 #endif
  char errorbuf[128];
  errorbuf[0] = 0;
  conn->recv[sockindex] = mbed_recv;
  conn->send[sockindex] = mbed_send;
@ -561,6 +554,8 @@ mbed_connect_step2(struct connectdata *conn,
    return CURLE_OK;
  }
  else if(ret) {
    char errorbuf[128];
    errorbuf[0] = 0;
 #ifdef MBEDTLS_ERROR_C
    mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
 #endif /* MBEDTLS_ERROR_C */
@ -665,7 +660,7 @@ mbed_connect_step2(struct connectdata *conn,
 #ifdef HAS_ALPN
  if(conn->bits.tls_enable_alpn) {
-    next_protocol = mbedtls_ssl_get_alpn_protocol(&BACKEND->ssl);
+    const char *next_protocol = mbedtls_ssl_get_alpn_protocol(&BACKEND->ssl);
    if(next_protocol) {
      infof(data, "ALPN, server accepted to use %s\n", next_protocol);
--- a/lib/vtls/polarssl_threadlock.c
+++ b/lib/vtls/polarssl_threadlock.c
@ -49,25 +49,23 @@ static POLARSSL_MUTEX_T *mutex_buf = NULL;
 int Curl_polarsslthreadlock_thread_setup(void)
 {
  int i;
  int ret;
  mutex_buf = calloc(NUMT * sizeof(POLARSSL_MUTEX_T), 1);
  if(!mutex_buf)
    return 0;     /* error, no number of threads defined */
 #if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
  for(i = 0;  i < NUMT;  i++) {
    int ret;
 #if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
    ret = pthread_mutex_init(&mutex_buf[i], NULL);
    if(ret)
      return 0; /* pthread_mutex_init failed */
  }
 #elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H)
  for(i = 0;  i < NUMT;  i++) {
    mutex_buf[i] = CreateMutex(0, FALSE, 0);
    if(mutex_buf[i] == 0)
      return 0;  /* CreateMutex failed */
  }
 #endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */
  }
  return 1; /* OK */
 }
@ -75,24 +73,22 @@ int Curl_polarsslthreadlock_thread_setup(void)
 int Curl_polarsslthreadlock_thread_cleanup(void)
 {
  int i;
  int ret;
  if(!mutex_buf)
    return 0; /* error, no threads locks defined */
 #if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
  for(i = 0; i < NUMT; i++) {
    int ret;
 #if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
    ret = pthread_mutex_destroy(&mutex_buf[i]);
    if(ret)
      return 0; /* pthread_mutex_destroy failed */
  }
 #elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H)
  for(i = 0; i < NUMT; i++) {
    ret = CloseHandle(mutex_buf[i]);
    if(!ret)
      return 0; /* CloseHandle failed */
  }
 #endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */
  }
  free(mutex_buf);
  mutex_buf = NULL;
@ -101,51 +97,47 @@ int Curl_polarsslthreadlock_thread_cleanup(void)
 int Curl_polarsslthreadlock_lock_function(int n)
 {
  if(n < NUMT) {
    int ret;
 #if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
  if(n < NUMT) {
    ret = pthread_mutex_lock(&mutex_buf[n]);
    if(ret) {
      DEBUGF(fprintf(stderr,
                     "Error: polarsslthreadlock_lock_function failed\n"));
      return 0; /* pthread_mutex_lock failed */
    }
  }
 #elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H)
  if(n < NUMT) {
    ret = (WaitForSingleObject(mutex_buf[n], INFINITE) == WAIT_FAILED?1:0);
    if(ret) {
      DEBUGF(fprintf(stderr,
                     "Error: polarsslthreadlock_lock_function failed\n"));
      return 0; /* pthread_mutex_lock failed */
    }
  }
 #endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */
  }
  return 1; /* OK */
 }
 int Curl_polarsslthreadlock_unlock_function(int n)
 {
  if(n < NUMT) {
    int ret;
 #if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
  if(n < NUMT) {
    ret = pthread_mutex_unlock(&mutex_buf[n]);
    if(ret) {
      DEBUGF(fprintf(stderr,
                     "Error: polarsslthreadlock_unlock_function failed\n"));
      return 0; /* pthread_mutex_unlock failed */
    }
  }
 #elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H)
  if(n < NUMT) {
    ret = ReleaseMutex(mutex_buf[n]);
    if(!ret) {
      DEBUGF(fprintf(stderr,
                     "Error: polarsslthreadlock_unlock_function failed\n"));
      return 0; /* pthread_mutex_lock failed */
    }
  }
 #endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */
  }
  return 1; /* OK */
 }
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@ -868,13 +868,11 @@ schannel_connect_step2(struct connectdata *conn, int sockindex)
  struct Curl_easy *data = conn->data;
  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  unsigned char *reallocated_buffer;
  size_t reallocated_length;
  SecBuffer outbuf[3];
  SecBufferDesc outbuf_desc;
  SecBuffer inbuf[2];
  SecBufferDesc inbuf_desc;
  SECURITY_STATUS sspi_status = SEC_E_OK;
  TCHAR *host_name;
  CURLcode result;
  bool doread;
  char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
@ -917,7 +915,7 @@ schannel_connect_step2(struct connectdata *conn, int sockindex)
  if(BACKEND->encdata_length - BACKEND->encdata_offset <
     CURL_SCHANNEL_BUFFER_FREE_SIZE) {
    /* increase internal encrypted data buffer */
-    reallocated_length = BACKEND->encdata_offset +
+    size_t reallocated_length = BACKEND->encdata_offset +
      CURL_SCHANNEL_BUFFER_FREE_SIZE;
    reallocated_buffer = realloc(BACKEND->encdata_buffer,
                                 reallocated_length);
@ -933,6 +931,7 @@ schannel_connect_step2(struct connectdata *conn, int sockindex)
  }
  for(;;) {
    TCHAR *host_name;
    if(doread) {
      /* read encrypted handshake data from socket */
      result = Curl_read_plain(conn->sock[sockindex],
@ -2131,14 +2130,9 @@ static CURLcode Curl_schannel_random(struct Curl_easy *data UNUSED_PARAM,
 static CURLcode pkp_pin_peer_pubkey(struct connectdata *conn, int sockindex,
                                    const char *pinnedpubkey)
 {
  SECURITY_STATUS sspi_status;
  struct Curl_easy *data = conn->data;
  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  CERT_CONTEXT *pCertContextServer = NULL;
  const char *x509_der;
  DWORD x509_der_len;
  curl_X509certificate x509_parsed;
  curl_asn1Element *pubkey;
  /* Result is returned to caller */
  CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
@ -2148,6 +2142,12 @@ static CURLcode pkp_pin_peer_pubkey(struct connectdata *conn, int sockindex,
    return CURLE_OK;
  do {
    SECURITY_STATUS sspi_status;
    const char *x509_der;
    DWORD x509_der_len;
    curl_X509certificate x509_parsed;
    curl_asn1Element *pubkey;
    sspi_status =
      s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle,
                                       SECPKG_ATTR_REMOTE_CERT_CONTEXT,
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@ -498,9 +498,9 @@ CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
 void Curl_ssl_close_all(struct Curl_easy *data)
 {
  size_t i;
  /* kill the session ID cache if not shared */
  if(data->state.session && !SSLSESSION_SHARED(data)) {
    size_t i;
    for(i = 0; i < data->set.general_ssl.max_ssl_sessions; i++)
      /* the single-killer function handles empty table slots */
      Curl_ssl_kill_session(&data->state.session[i]);
@ -644,11 +644,11 @@ bool Curl_ssl_data_pending(const struct connectdata *conn,
 void Curl_ssl_free_certinfo(struct Curl_easy *data)
 {
  int i;
  struct curl_certinfo *ci = &data->info.certs;
  if(ci->num_of_certs) {
    /* free all individual lists used */
    int i;
    for(i = 0; i<ci->num_of_certs; i++) {
      curl_slist_free_all(ci->certinfo[i]);
      ci->certinfo[i] = NULL;
@ -808,14 +808,7 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
 {
  FILE *fp;
  unsigned char *buf = NULL, *pem_ptr = NULL;
  long filesize;
  size_t size, pem_len;
  CURLcode pem_read;
  CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
  CURLcode encode;
  size_t encodedlen, pinkeylen;
  char *encoded, *pinkeycopy, *begin_pos, *end_pos;
  unsigned char *sha256sumdigest = NULL;
  /* if a path wasn't specified, don't pin */
  if(!pinnedpubkey)
@ -825,6 +818,11 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
  /* only do this if pinnedpubkey starts with "sha256//", length 8 */
  if(strncmp(pinnedpubkey, "sha256//", 8) == 0) {
    CURLcode encode;
    size_t encodedlen, pinkeylen;
    char *encoded, *pinkeycopy, *begin_pos, *end_pos;
    unsigned char *sha256sumdigest;
    if(!Curl_ssl->sha256sum) {
      /* without sha256 support, this cannot match */
      return result;
@ -895,6 +893,10 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
    return result;
  do {
    long filesize;
    size_t size, pem_len;
    CURLcode pem_read;
    /* Determine the file's size */
    if(fseek(fp, 0, SEEK_END))
      break;
@ -1271,7 +1273,6 @@ static int multissl_init(const struct Curl_ssl *backend)
 {
  const char *env;
  char *env_tmp;
  int i;
  if(Curl_ssl != &Curl_ssl_multi)
    return 1;
@ -1290,6 +1291,7 @@ static int multissl_init(const struct Curl_ssl *backend)
    env = CURL_DEFAULT_SSL_BACKEND;
 #endif
  if(env) {
    int i;
    for(i = 0; available_backends[i]; i++) {
      if(strcasecompare(env, available_backends[i]->info.name)) {
        Curl_ssl = available_backends[i];
--- a/lib/x509asn1.c
+++ b/lib/x509asn1.c
@ -266,8 +266,6 @@ utf8asn1str(char **to, int type, const char *from, const char *end)
  size_t inlength = end - from;
  int size = 1;
  size_t outlength;
  int charsize;
  unsigned int wc;
  char *buf;
  *to = NULL;
@ -305,6 +303,9 @@ utf8asn1str(char **to, int type, const char *from, const char *end)
  }
  else {
    for(outlength = 0; from < end;) {
      int charsize;
      unsigned int wc;
      wc = 0;
      switch(size) {
      case 4:
@ -877,9 +878,6 @@ static void do_pubkey(struct Curl_easy *data, int certnum,
  curl_asn1Element elem;
  curl_asn1Element pk;
  const char *p;
  const char *q;
  unsigned long len;
  unsigned int i;
  /* Generate all information records for the public key. */
@ -888,6 +886,9 @@ static void do_pubkey(struct Curl_easy *data, int certnum,
    return;
  if(strcasecompare(algo, "rsaEncryption")) {
    const char *q;
    unsigned long len;
    p = getASN1Element(&elem, pk.beg, pk.end);
    if(!p)
      return;
@ -896,9 +897,11 @@ static void do_pubkey(struct Curl_easy *data, int certnum,
    for(q = elem.beg; !*q && q < elem.end; q++)
      ;
    len = (unsigned long)((elem.end - q) * 8);
-    if(len)
+    if(len) {
      unsigned int i;
      for(i = *(unsigned char *) q; !(i & 0x80); i <<= 1)
        len--;
    }
    if(len > 32)
      elem.beg = q;     /* Strip leading zero bytes. */
    if(!certnum)