Committer: Mircea Gherzan <mircea.gherzan@xxxxxxxxxxxxxx> Date: 09/06/2010 at 17:11:14 Revision: 4745 Revision-id: mircea.gherzan@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Branch nick: trunk Log: firewall: fix a signed/unsigned comparison Modified: M firewall/midauth.c M firewall/pisa.c M firewall/pisa_cert.c === modified file 'firewall/midauth.c' --- firewall/midauth.c 2010-06-09 14:05:14 +0000 +++ firewall/midauth.c 2010-06-09 14:10:57 +0000 @@ -277,7 +277,7 @@ len = hip_get_param_total_len(last); type = hip_get_param_type(last); - HIP_IFEL(len > sizeof(buffer), -1, + HIP_IFEL(len > (int)sizeof(buffer), -1, "Last parameter's length exceeds HIP_MAX_PACKET\n"); /* @todo check for signature parameter to avoid broken packets */ === modified file 'firewall/pisa.c' --- firewall/pisa.c 2010-05-23 13:14:30 +0000 +++ firewall/pisa.c 2010-06-09 14:10:57 +0000 @@ -334,7 +334,7 @@ * @param ctx context of the packet containing the I1 * @return NF_ACCEPT verdict */ -static int pisa_handler_i1(hip_fw_context_t *ctx) +static int pisa_handler_i1(UNUSED hip_fw_context_t *ctx) { #ifdef CONFIG_HIP_PERFORMANCE HIP_DEBUG("Start PERF_BASE, PERF_I1\n"); @@ -357,7 +357,7 @@ * @param ctx context of the packet containing the R1 * @return NF_ACCEPT verdict */ -static int pisa_handler_r1(hip_fw_context_t *ctx) +static int pisa_handler_r1(UNUSED hip_fw_context_t *ctx) { #ifdef CONFIG_HIP_PERFORMANCE HIP_DEBUG("Start PERF_R1\n"); === modified file 'firewall/pisa_cert.c' --- firewall/pisa_cert.c 2010-05-31 09:44:40 +0000 +++ firewall/pisa_cert.c 2010-06-09 14:10:57 +0000 @@ -28,10 +28,9 @@ * @param cert pointer to the certificate text or part of a certificate text * @param name pointer to the pattern we are looking for * @param r pointer to a buffer that the search result will be copied to - * @param size size of the buffer result * @return 0 on success */ -static char *pisa_cert_get_part(char *cert, const char *name, char *r, size_t size) +static char *pisa_cert_get_part(char *cert, const char *name, char *r) { int level = 0, len = 0; char *p = cert, *start = NULL; @@ -111,10 +110,9 @@ * @param cert pointer to the certificate text or part of a certificate text * @param name pointer to the pattern we are looking for * @param r pointer to a buffer that the search result will be copied to - * @param size size of the buffer result * @return 0 on success */ -static void pisa_cert_get_content(char *cert, const char *name, char *r, size_t size) +static void pisa_cert_get_content(char *cert, const char *name, char *r) { char *start = cert; int len = 0; @@ -164,25 +162,25 @@ char buffer1[224], buffer2[224]; struct in6_addr addr; - pisa_cert_get_part(cert, "not-before", buffer1, sizeof(buffer1)); - pisa_cert_get_content(buffer1, "not-before", buffer2, sizeof(buffer2)); + pisa_cert_get_part(cert, "not-before", buffer1); + pisa_cert_get_content(buffer1, "not-before", buffer2); strptime(buffer2, "\"%Y-%m-%d_%H:%M:%S\"", &t); pc->not_before = mktime(&t); - pisa_cert_get_part(cert, "not-after", buffer1, sizeof(buffer1)); - pisa_cert_get_content(buffer1, "not-after", buffer2, sizeof(buffer2)); + pisa_cert_get_part(cert, "not-after", buffer1); + pisa_cert_get_content(buffer1, "not-after", buffer2); strptime(buffer2, "\"%Y-%m-%d_%H:%M:%S\"", &t); pc->not_after = mktime(&t); - pisa_cert_get_part(cert, "issuer", buffer1, sizeof(buffer1)); - pisa_cert_get_part(buffer1, "hash hit", buffer2, sizeof(buffer2)); - pisa_cert_get_content(buffer2, "hash hit", buffer1, sizeof(buffer1)); + pisa_cert_get_part(cert, "issuer", buffer1); + pisa_cert_get_part(buffer1, "hash hit", buffer2); + pisa_cert_get_content(buffer2, "hash hit", buffer1); inet_pton(AF_INET6, buffer1, &addr); memcpy(&pc->hit_issuer, &addr, sizeof(struct in6_addr)); - pisa_cert_get_part(cert, "subject", buffer1, sizeof(buffer1)); - pisa_cert_get_part(buffer1, "hash hit", buffer2, sizeof(buffer2)); - pisa_cert_get_content(buffer2, "hash hit", buffer1, sizeof(buffer1)); + pisa_cert_get_part(cert, "subject", buffer1); + pisa_cert_get_part(buffer1, "hash hit", buffer2); + pisa_cert_get_content(buffer2, "hash hit", buffer1); inet_pton(AF_INET6, buffer1, &addr); memcpy(&pc->hit_subject, &addr, sizeof(struct in6_addr)); }