diff options
| author | Marcel Raad <Marcel.Raad@teamviewer.com> | 2019-05-11 21:42:48 +0200 |
|---|---|---|
| committer | Marcel Raad <Marcel.Raad@teamviewer.com> | 2019-05-20 08:51:11 +0200 |
| commit | 10db3ef21eef1c7a1727579952a81ced2f4afc8b (patch) | |
| tree | 57129a847b5913959063a60290201b1f52482fee /lib/vtls | |
| parent | 27af2ec219244bef24e6d11649d41aad3668da45 (diff) | |
| download | curl-10db3ef21eef1c7a1727579952a81ced2f4afc8b.tar.gz | |
lib: reduce variable scopes
Fixes Codacy/CppCheck warnings.
Closes https://github.com/curl/curl/pull/3872
Diffstat (limited to 'lib/vtls')
| -rw-r--r-- | lib/vtls/cyassl.c | 2 | ||||
| -rw-r--r-- | lib/vtls/gskit.c | 15 | ||||
| -rw-r--r-- | lib/vtls/gtls.c | 37 | ||||
| -rw-r--r-- | lib/vtls/mbedtls.c | 11 | ||||
| -rw-r--r-- | lib/vtls/polarssl_threadlock.c | 32 | ||||
| -rw-r--r-- | lib/vtls/schannel.c | 16 | ||||
| -rw-r--r-- | lib/vtls/vtls.c | 22 |
7 files changed, 63 insertions, 72 deletions
diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c index 2fd8f486c..44a2bdda6 100644 --- a/lib/vtls/cyassl.c +++ b/lib/vtls/cyassl.c @@ -143,7 +143,6 @@ static CURLcode cyassl_connect_step1(struct connectdata *conn, int sockindex) { - char error_buffer[CYASSL_MAX_ERROR_SZ]; char *ciphers; struct Curl_easy *data = conn->data; struct ssl_connect_data* connssl = &conn->ssl[sockindex]; @@ -420,6 +419,7 @@ cyassl_connect_step1(struct connectdata *conn, if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) { /* we got a session id, use it! */ if(!SSL_set_session(BACKEND->handle, ssl_sessionid)) { + char error_buffer[CYASSL_MAX_ERROR_SZ]; Curl_ssl_sessionid_unlock(conn); failf(data, "SSL: SSL_set_session failed: %s", ERR_error_string(SSL_get_error(BACKEND->handle, 0), diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c index 0498bf05f..130d82a81 100644 --- a/lib/vtls/gskit.c +++ b/lib/vtls/gskit.c @@ -734,12 +734,11 @@ static ssize_t gskit_recv(struct connectdata *conn, int num, char *buf, { struct ssl_connect_data *connssl = &conn->ssl[num]; struct Curl_easy *data = conn->data; - int buffsize; int nread; CURLcode cc = CURLE_RECV_ERROR; if(pipe_ssloverssl(conn, num, SOS_READ) >= 0) { - buffsize = buffersize > (size_t) INT_MAX? INT_MAX: (int) buffersize; + int buffsize = buffersize > (size_t) INT_MAX? INT_MAX: (int) buffersize; cc = gskit_status(data, gsk_secure_soc_read(BACKEND->handle, buf, buffsize, &nread), "gsk_secure_soc_read()", CURLE_RECV_ERROR); @@ -806,7 +805,6 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex) conn->host.name; const char *sni; unsigned int protoflags = 0; - long timeout; Qso_OverlappedIO_t commarea; int sockpair[2]; static const int sobufsize = CURL_MAX_WRITE_SIZE; @@ -914,7 +912,7 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex) if(!result) { /* Compute the handshake timeout. Since GSKit granularity is 1 second, we round up the required value. */ - timeout = Curl_timeleft(data, NULL, TRUE); + long timeout = Curl_timeleft(data, NULL, TRUE); if(timeout < 0) result = CURLE_OPERATION_TIMEDOUT; else @@ -1021,14 +1019,13 @@ static CURLcode gskit_connect_step2(struct connectdata *conn, int sockindex, struct Curl_easy *data = conn->data; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; Qso_OverlappedIO_t cstat; - long timeout_ms; struct timeval stmv; CURLcode result; /* Poll or wait for end of SSL asynchronous handshake. */ for(;;) { - timeout_ms = nonblocking? 0: Curl_timeleft(data, NULL, TRUE); + long timeout_ms = nonblocking? 0: Curl_timeleft(data, NULL, TRUE); if(timeout_ms < 0) timeout_ms = 0; stmv.tv_sec = timeout_ms / 1000; @@ -1077,7 +1074,6 @@ static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex) const char *cert = (const char *) NULL; const char *certend; const char *ptr; - int i; CURLcode result; /* SSL handshake done: gather certificate info and verify host. */ @@ -1087,6 +1083,8 @@ static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex) &cdev, &cdec), "gsk_attribute_get_cert_info()", CURLE_SSL_CONNECT_ERROR) == CURLE_OK) { + int i; + infof(data, "Server certificate:\n"); p = cdev; for(i = 0; i++ < cdec; p++) @@ -1261,7 +1259,6 @@ static int Curl_gskit_shutdown(struct connectdata *conn, int sockindex) { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct Curl_easy *data = conn->data; - ssize_t nread; int what; int rc; char buf[120]; @@ -1278,6 +1275,8 @@ static int Curl_gskit_shutdown(struct connectdata *conn, int sockindex) SSL_SHUTDOWN_TIMEOUT); for(;;) { + ssize_t nread; + if(what < 0) { /* anything that gets here is fatally bad */ failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO); diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index 639fa58e2..e597eac5e 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -286,11 +286,11 @@ static CURLcode handshake(struct connectdata *conn, struct ssl_connect_data *connssl = &conn->ssl[sockindex]; gnutls_session_t session = BACKEND->session; curl_socket_t sockfd = conn->sock[sockindex]; - time_t timeout_ms; - int rc; - int what; for(;;) { + time_t timeout_ms; + int rc; + /* check allowed time left */ timeout_ms = Curl_timeleft(data, NULL, duringconnect); @@ -303,7 +303,7 @@ static CURLcode handshake(struct connectdata *conn, /* if ssl is expecting something, check if it's available. */ if(connssl->connecting_state == ssl_connect_2_reading || connssl->connecting_state == ssl_connect_2_writing) { - + int what; curl_socket_t writefd = ssl_connect_2_writing == connssl->connecting_state?sockfd:CURL_SOCKET_BAD; curl_socket_t readfd = ssl_connect_2_reading == @@ -957,7 +957,6 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, gnutls_pubkey_t key = NULL; /* Result is returned to caller */ - int ret = 0; CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; /* if a path wasn't specified, don't pin */ @@ -968,6 +967,8 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, return result; do { + int ret; + /* Begin Gyrations to get the public key */ gnutls_pubkey_init(&key); @@ -1279,10 +1280,7 @@ gtls_connect_step3(struct connectdata *conn, #define use_addr in_addr #endif unsigned char addrbuf[sizeof(struct use_addr)]; - unsigned char certaddr[sizeof(struct use_addr)]; - size_t addrlen = 0, certaddrlen; - int i; - int ret = 0; + size_t addrlen = 0; if(Curl_inet_pton(AF_INET, hostname, addrbuf) > 0) addrlen = 4; @@ -1292,10 +1290,13 @@ gtls_connect_step3(struct connectdata *conn, #endif if(addrlen) { + unsigned char certaddr[sizeof(struct use_addr)]; + int i; + for(i = 0; ; i++) { - certaddrlen = sizeof(certaddr); - ret = gnutls_x509_crt_get_subject_alt_name(x509_cert, i, certaddr, - &certaddrlen, NULL); + size_t certaddrlen = sizeof(certaddr); + int ret = gnutls_x509_crt_get_subject_alt_name(x509_cert, i, certaddr, + &certaddrlen, NULL); /* If this happens, it wasn't an IP address. */ if(ret == GNUTLS_E_SHORT_MEMORY_BUFFER) continue; @@ -1465,8 +1466,6 @@ gtls_connect_step3(struct connectdata *conn, already got it from the cache and asked to use it in the connection, it might've been rejected and then a new one is in use now and we need to detect that. */ - bool incache; - void *ssl_sessionid; void *connect_sessionid; size_t connect_idsize = 0; @@ -1475,6 +1474,9 @@ gtls_connect_step3(struct connectdata *conn, connect_sessionid = malloc(connect_idsize); /* get a buffer for it */ if(connect_sessionid) { + bool incache; + void *ssl_sessionid; + /* extract session ID to the allocated buffer */ gnutls_session_get_data(session, connect_sessionid, &connect_idsize); @@ -1635,11 +1637,8 @@ static void Curl_gtls_close(struct connectdata *conn, int sockindex) static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex) { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - ssize_t result; int retval = 0; struct Curl_easy *data = conn->data; - bool done = FALSE; - char buf[120]; /* This has only been tested on the proftpd server, and the mod_tls code sends a close notify alert without waiting for a close notify alert in @@ -1650,6 +1649,10 @@ static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex) gnutls_bye(BACKEND->session, GNUTLS_SHUT_WR); if(BACKEND->session) { + ssize_t result; + bool done = FALSE; + char buf[120]; + while(!done) { int what = SOCKET_READABLE(conn->sock[sockindex], SSL_SHUTDOWN_TIMEOUT); diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c index 22c22fa78..ab357dd87 100644 --- a/lib/vtls/mbedtls.c +++ b/lib/vtls/mbedtls.c @@ -540,13 +540,6 @@ mbed_connect_step2(struct connectdata *conn, data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] : data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]; -#ifdef HAS_ALPN - const char *next_protocol; -#endif - - char errorbuf[128]; - errorbuf[0] = 0; - conn->recv[sockindex] = mbed_recv; conn->send[sockindex] = mbed_send; @@ -561,6 +554,8 @@ mbed_connect_step2(struct connectdata *conn, return CURLE_OK; } else if(ret) { + char errorbuf[128]; + errorbuf[0] = 0; #ifdef MBEDTLS_ERROR_C mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); #endif /* MBEDTLS_ERROR_C */ @@ -665,7 +660,7 @@ mbed_connect_step2(struct connectdata *conn, #ifdef HAS_ALPN if(conn->bits.tls_enable_alpn) { - next_protocol = mbedtls_ssl_get_alpn_protocol(&BACKEND->ssl); + const char *next_protocol = mbedtls_ssl_get_alpn_protocol(&BACKEND->ssl); if(next_protocol) { infof(data, "ALPN, server accepted to use %s\n", next_protocol); diff --git a/lib/vtls/polarssl_threadlock.c b/lib/vtls/polarssl_threadlock.c index 8ef651d40..27c94b11e 100644 --- a/lib/vtls/polarssl_threadlock.c +++ b/lib/vtls/polarssl_threadlock.c @@ -49,25 +49,23 @@ static POLARSSL_MUTEX_T *mutex_buf = NULL; int Curl_polarsslthreadlock_thread_setup(void) { int i; - int ret; mutex_buf = calloc(NUMT * sizeof(POLARSSL_MUTEX_T), 1); if(!mutex_buf) return 0; /* error, no number of threads defined */ -#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) for(i = 0; i < NUMT; i++) { + int ret; +#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) ret = pthread_mutex_init(&mutex_buf[i], NULL); if(ret) return 0; /* pthread_mutex_init failed */ - } #elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H) - for(i = 0; i < NUMT; i++) { mutex_buf[i] = CreateMutex(0, FALSE, 0); if(mutex_buf[i] == 0) return 0; /* CreateMutex failed */ - } #endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */ + } return 1; /* OK */ } @@ -75,24 +73,22 @@ int Curl_polarsslthreadlock_thread_setup(void) int Curl_polarsslthreadlock_thread_cleanup(void) { int i; - int ret; if(!mutex_buf) return 0; /* error, no threads locks defined */ -#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) for(i = 0; i < NUMT; i++) { + int ret; +#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) ret = pthread_mutex_destroy(&mutex_buf[i]); if(ret) return 0; /* pthread_mutex_destroy failed */ - } #elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H) - for(i = 0; i < NUMT; i++) { ret = CloseHandle(mutex_buf[i]); if(!ret) return 0; /* CloseHandle failed */ - } #endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */ + } free(mutex_buf); mutex_buf = NULL; @@ -101,51 +97,47 @@ int Curl_polarsslthreadlock_thread_cleanup(void) int Curl_polarsslthreadlock_lock_function(int n) { - int ret; -#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) if(n < NUMT) { + int ret; +#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) ret = pthread_mutex_lock(&mutex_buf[n]); if(ret) { DEBUGF(fprintf(stderr, "Error: polarsslthreadlock_lock_function failed\n")); return 0; /* pthread_mutex_lock failed */ } - } #elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H) - if(n < NUMT) { ret = (WaitForSingleObject(mutex_buf[n], INFINITE) == WAIT_FAILED?1:0); if(ret) { DEBUGF(fprintf(stderr, "Error: polarsslthreadlock_lock_function failed\n")); return 0; /* pthread_mutex_lock failed */ } - } #endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */ + } return 1; /* OK */ } int Curl_polarsslthreadlock_unlock_function(int n) { - int ret; -#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) if(n < NUMT) { + int ret; +#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) ret = pthread_mutex_unlock(&mutex_buf[n]); if(ret) { DEBUGF(fprintf(stderr, "Error: polarsslthreadlock_unlock_function failed\n")); return 0; /* pthread_mutex_unlock failed */ } - } #elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H) - if(n < NUMT) { ret = ReleaseMutex(mutex_buf[n]); if(!ret) { DEBUGF(fprintf(stderr, "Error: polarsslthreadlock_unlock_function failed\n")); return 0; /* pthread_mutex_lock failed */ } - } #endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */ + } return 1; /* OK */ } diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c index 2480bbbe3..0f6f734fd 100644 --- a/lib/vtls/schannel.c +++ b/lib/vtls/schannel.c @@ -868,13 +868,11 @@ schannel_connect_step2(struct connectdata *conn, int sockindex) struct Curl_easy *data = conn->data; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; unsigned char *reallocated_buffer; - size_t reallocated_length; SecBuffer outbuf[3]; SecBufferDesc outbuf_desc; SecBuffer inbuf[2]; SecBufferDesc inbuf_desc; SECURITY_STATUS sspi_status = SEC_E_OK; - TCHAR *host_name; CURLcode result; bool doread; char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : @@ -917,7 +915,7 @@ schannel_connect_step2(struct connectdata *conn, int sockindex) if(BACKEND->encdata_length - BACKEND->encdata_offset < CURL_SCHANNEL_BUFFER_FREE_SIZE) { /* increase internal encrypted data buffer */ - reallocated_length = BACKEND->encdata_offset + + size_t reallocated_length = BACKEND->encdata_offset + CURL_SCHANNEL_BUFFER_FREE_SIZE; reallocated_buffer = realloc(BACKEND->encdata_buffer, reallocated_length); @@ -933,6 +931,7 @@ schannel_connect_step2(struct connectdata *conn, int sockindex) } for(;;) { + TCHAR *host_name; if(doread) { /* read encrypted handshake data from socket */ result = Curl_read_plain(conn->sock[sockindex], @@ -2131,14 +2130,9 @@ static CURLcode Curl_schannel_random(struct Curl_easy *data UNUSED_PARAM, static CURLcode pkp_pin_peer_pubkey(struct connectdata *conn, int sockindex, const char *pinnedpubkey) { - SECURITY_STATUS sspi_status; struct Curl_easy *data = conn->data; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; CERT_CONTEXT *pCertContextServer = NULL; - const char *x509_der; - DWORD x509_der_len; - curl_X509certificate x509_parsed; - curl_asn1Element *pubkey; /* Result is returned to caller */ CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; @@ -2148,6 +2142,12 @@ static CURLcode pkp_pin_peer_pubkey(struct connectdata *conn, int sockindex, return CURLE_OK; do { + SECURITY_STATUS sspi_status; + const char *x509_der; + DWORD x509_der_len; + curl_X509certificate x509_parsed; + curl_asn1Element *pubkey; + sspi_status = s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle, SECPKG_ATTR_REMOTE_CERT_CONTEXT, diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index 25391443f..a7452dcd5 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -498,9 +498,9 @@ CURLcode Curl_ssl_addsessionid(struct connectdata *conn, void Curl_ssl_close_all(struct Curl_easy *data) { - size_t i; /* kill the session ID cache if not shared */ if(data->state.session && !SSLSESSION_SHARED(data)) { + size_t i; for(i = 0; i < data->set.general_ssl.max_ssl_sessions; i++) /* the single-killer function handles empty table slots */ Curl_ssl_kill_session(&data->state.session[i]); @@ -644,11 +644,11 @@ bool Curl_ssl_data_pending(const struct connectdata *conn, void Curl_ssl_free_certinfo(struct Curl_easy *data) { - int i; struct curl_certinfo *ci = &data->info.certs; if(ci->num_of_certs) { /* free all individual lists used */ + int i; for(i = 0; i<ci->num_of_certs; i++) { curl_slist_free_all(ci->certinfo[i]); ci->certinfo[i] = NULL; @@ -808,14 +808,7 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, { FILE *fp; unsigned char *buf = NULL, *pem_ptr = NULL; - long filesize; - size_t size, pem_len; - CURLcode pem_read; CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; - CURLcode encode; - size_t encodedlen, pinkeylen; - char *encoded, *pinkeycopy, *begin_pos, *end_pos; - unsigned char *sha256sumdigest = NULL; /* if a path wasn't specified, don't pin */ if(!pinnedpubkey) @@ -825,6 +818,11 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, /* only do this if pinnedpubkey starts with "sha256//", length 8 */ if(strncmp(pinnedpubkey, "sha256//", 8) == 0) { + CURLcode encode; + size_t encodedlen, pinkeylen; + char *encoded, *pinkeycopy, *begin_pos, *end_pos; + unsigned char *sha256sumdigest; + if(!Curl_ssl->sha256sum) { /* without sha256 support, this cannot match */ return result; @@ -895,6 +893,10 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, return result; do { + long filesize; + size_t size, pem_len; + CURLcode pem_read; + /* Determine the file's size */ if(fseek(fp, 0, SEEK_END)) break; @@ -1271,7 +1273,6 @@ static int multissl_init(const struct Curl_ssl *backend) { const char *env; char *env_tmp; - int i; if(Curl_ssl != &Curl_ssl_multi) return 1; @@ -1290,6 +1291,7 @@ static int multissl_init(const struct Curl_ssl *backend) env = CURL_DEFAULT_SSL_BACKEND; #endif if(env) { + int i; for(i = 0; available_backends[i]; i++) { if(strcasecompare(env, available_backends[i]->info.name)) { Curl_ssl = available_backends[i]; |