[hipl-commit] [trunk] Rev 4745: firewall: fix a signed/unsigned comparison

From: Mircea Gherzan <mircea.gherzan@xxxxxxxxxxxxxx>
To: hipl-commit@xxxxxxxxxxxxx
Date: Wed, 9 Jun 2010 17:11:14 +0300
Committer: Mircea Gherzan <mircea.gherzan@xxxxxxxxxxxxxx>
Date: 09/06/2010 at 17:11:14
Revision: 4745
Revision-id: mircea.gherzan@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Branch nick: trunk

Log:
  firewall: fix a signed/unsigned comparison

Modified:
  M  firewall/midauth.c
  M  firewall/pisa.c
  M  firewall/pisa_cert.c

=== modified file 'firewall/midauth.c'
--- firewall/midauth.c  2010-06-09 14:05:14 +0000
+++ firewall/midauth.c  2010-06-09 14:10:57 +0000
@@ -277,7 +277,7 @@
     len       = hip_get_param_total_len(last);
     type      = hip_get_param_type(last);
 
-    HIP_IFEL(len > sizeof(buffer), -1,
+    HIP_IFEL(len > (int)sizeof(buffer), -1,
              "Last parameter's length exceeds HIP_MAX_PACKET\n");
 
     /* @todo check for signature parameter to avoid broken packets */

=== modified file 'firewall/pisa.c'
--- firewall/pisa.c     2010-05-23 13:14:30 +0000
+++ firewall/pisa.c     2010-06-09 14:10:57 +0000
@@ -334,7 +334,7 @@
  * @param ctx context of the packet containing the I1
  * @return NF_ACCEPT verdict
  */
-static int pisa_handler_i1(hip_fw_context_t *ctx)
+static int pisa_handler_i1(UNUSED hip_fw_context_t *ctx)
 {
 #ifdef CONFIG_HIP_PERFORMANCE
     HIP_DEBUG("Start PERF_BASE, PERF_I1\n");
@@ -357,7 +357,7 @@
  * @param ctx context of the packet containing the R1
  * @return NF_ACCEPT verdict
  */
-static int pisa_handler_r1(hip_fw_context_t *ctx)
+static int pisa_handler_r1(UNUSED hip_fw_context_t *ctx)
 {
 #ifdef CONFIG_HIP_PERFORMANCE
     HIP_DEBUG("Start PERF_R1\n");

=== modified file 'firewall/pisa_cert.c'
--- firewall/pisa_cert.c        2010-05-31 09:44:40 +0000
+++ firewall/pisa_cert.c        2010-06-09 14:10:57 +0000
@@ -28,10 +28,9 @@
  * @param cert pointer to the certificate text or part of a certificate text
  * @param name pointer to the pattern we are looking for
  * @param r pointer to a buffer that the search result will be copied to
- * @param size size of the buffer result
  * @return 0 on success
  */
-static char *pisa_cert_get_part(char *cert, const char *name, char *r, size_t 
size)
+static char *pisa_cert_get_part(char *cert, const char *name, char *r)
 {
     int level = 0, len = 0;
     char *p   = cert, *start = NULL;
@@ -111,10 +110,9 @@
  * @param cert pointer to the certificate text or part of a certificate text
  * @param name pointer to the pattern we are looking for
  * @param r pointer to a buffer that the search result will be copied to
- * @param size size of the buffer result
  * @return 0 on success
  */
-static void pisa_cert_get_content(char *cert, const char *name, char *r, 
size_t size)
+static void pisa_cert_get_content(char *cert, const char *name, char *r)
 {
     char *start = cert;
     int len     = 0;
@@ -164,25 +162,25 @@
     char buffer1[224], buffer2[224];
     struct in6_addr addr;
 
-    pisa_cert_get_part(cert, "not-before", buffer1, sizeof(buffer1));
-    pisa_cert_get_content(buffer1, "not-before", buffer2, sizeof(buffer2));
+    pisa_cert_get_part(cert, "not-before", buffer1);
+    pisa_cert_get_content(buffer1, "not-before", buffer2);
     strptime(buffer2, "\"%Y-%m-%d_%H:%M:%S\"", &t);
     pc->not_before = mktime(&t);
 
-    pisa_cert_get_part(cert, "not-after", buffer1, sizeof(buffer1));
-    pisa_cert_get_content(buffer1, "not-after", buffer2, sizeof(buffer2));
+    pisa_cert_get_part(cert, "not-after", buffer1);
+    pisa_cert_get_content(buffer1, "not-after", buffer2);
     strptime(buffer2, "\"%Y-%m-%d_%H:%M:%S\"", &t);
     pc->not_after = mktime(&t);
 
-    pisa_cert_get_part(cert, "issuer", buffer1, sizeof(buffer1));
-    pisa_cert_get_part(buffer1, "hash hit", buffer2, sizeof(buffer2));
-    pisa_cert_get_content(buffer2, "hash hit", buffer1, sizeof(buffer1));
+    pisa_cert_get_part(cert, "issuer", buffer1);
+    pisa_cert_get_part(buffer1, "hash hit", buffer2);
+    pisa_cert_get_content(buffer2, "hash hit", buffer1);
     inet_pton(AF_INET6, buffer1, &addr);
     memcpy(&pc->hit_issuer, &addr, sizeof(struct in6_addr));
 
-    pisa_cert_get_part(cert, "subject", buffer1, sizeof(buffer1));
-    pisa_cert_get_part(buffer1, "hash hit", buffer2, sizeof(buffer2));
-    pisa_cert_get_content(buffer2, "hash hit", buffer1, sizeof(buffer1));
+    pisa_cert_get_part(cert, "subject", buffer1);
+    pisa_cert_get_part(buffer1, "hash hit", buffer2);
+    pisa_cert_get_content(buffer2, "hash hit", buffer1);
     inet_pton(AF_INET6, buffer1, &addr);
     memcpy(&pc->hit_subject, &addr, sizeof(struct in6_addr));
 }
[hipl-commit] [trunk] Rev 4745: firewall: fix a signed/unsigned comparison

Other related posts:
