diff options
-rw-r--r-- | lib/connect.c | 5 | ||||
-rw-r--r-- | lib/cookie.c | 10 | ||||
-rw-r--r-- | lib/doh.c | 7 | ||||
-rw-r--r-- | lib/hostcheck.c | 6 | ||||
-rw-r--r-- | lib/hostip6.c | 5 | ||||
-rw-r--r-- | lib/inet_pton.c | 3 | ||||
-rw-r--r-- | lib/ldap.c | 3 | ||||
-rw-r--r-- | lib/md4.c | 7 | ||||
-rw-r--r-- | lib/md5.c | 7 | ||||
-rw-r--r-- | lib/memdebug.c | 3 | ||||
-rw-r--r-- | lib/security.c | 5 | ||||
-rw-r--r-- | lib/ssh-libssh.c | 8 | ||||
-rw-r--r-- | lib/ssh.c | 2 | ||||
-rw-r--r-- | lib/transfer.c | 14 | ||||
-rw-r--r-- | lib/urlapi.c | 4 | ||||
-rw-r--r-- | lib/vtls/cyassl.c | 2 | ||||
-rw-r--r-- | lib/vtls/gskit.c | 15 | ||||
-rw-r--r-- | lib/vtls/gtls.c | 37 | ||||
-rw-r--r-- | lib/vtls/mbedtls.c | 11 | ||||
-rw-r--r-- | lib/vtls/polarssl_threadlock.c | 32 | ||||
-rw-r--r-- | lib/vtls/schannel.c | 16 | ||||
-rw-r--r-- | lib/vtls/vtls.c | 22 | ||||
-rw-r--r-- | lib/x509asn1.c | 15 |
23 files changed, 115 insertions, 124 deletions
diff --git a/lib/connect.c b/lib/connect.c index 0250ceb45..b106fa872 100644 --- a/lib/connect.c +++ b/lib/connect.c @@ -628,7 +628,6 @@ UNITTEST bool getaddressinfo(struct sockaddr *sa, char *addr, UNITTEST bool getaddressinfo(struct sockaddr *sa, char *addr, long *port) { - unsigned short us_port; struct sockaddr_in *si = NULL; #ifdef ENABLE_IPV6 struct sockaddr_in6 *si6 = NULL; @@ -642,7 +641,7 @@ UNITTEST bool getaddressinfo(struct sockaddr *sa, char *addr, si = (struct sockaddr_in *)(void *) sa; if(Curl_inet_ntop(sa->sa_family, &si->sin_addr, addr, MAX_IPADR_LEN)) { - us_port = ntohs(si->sin_port); + unsigned short us_port = ntohs(si->sin_port); *port = us_port; return TRUE; } @@ -652,7 +651,7 @@ UNITTEST bool getaddressinfo(struct sockaddr *sa, char *addr, si6 = (struct sockaddr_in6 *)(void *) sa; if(Curl_inet_ntop(sa->sa_family, &si6->sin6_addr, addr, MAX_IPADR_LEN)) { - us_port = ntohs(si6->sin6_port); + unsigned short us_port = ntohs(si6->sin6_port); *port = us_port; return TRUE; } diff --git a/lib/cookie.c b/lib/cookie.c index 15bb28166..05ce62193 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -1509,10 +1509,6 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere) struct Cookie *co; FILE *out; bool use_stdout = FALSE; - char *format_ptr; - unsigned int i; - unsigned int j; - struct Cookie **array; if(!c) /* no cookie engine alive */ @@ -1539,6 +1535,10 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere) out); if(c->numcookies) { + unsigned int i; + unsigned int j; + struct Cookie **array; + array = malloc(sizeof(struct Cookie *) * c->numcookies); if(!array) { if(!use_stdout) @@ -1558,7 +1558,7 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere) qsort(array, c->numcookies, sizeof(struct Cookie *), cookie_sort_ct); for(i = 0; i < j; i++) { - format_ptr = get_netscape_format(array[i]); + char *format_ptr = get_netscape_format(array[i]); if(format_ptr == NULL) { fprintf(out, "#\n# Fatal libcurl error\n"); free(array); @@ -584,7 +584,6 @@ UNITTEST DOHcode doh_decode(unsigned char *doh, unsigned short qdcount; unsigned short ancount; unsigned short type = 0; - unsigned short class; unsigned short rdlength; unsigned short nscount; unsigned short arcount; @@ -612,6 +611,7 @@ UNITTEST DOHcode doh_decode(unsigned char *doh, ancount = get16bit(doh, 6); while(ancount) { + unsigned short class; unsigned int ttl; rc = skipqname(doh, dohlen, &index); @@ -896,8 +896,6 @@ CURLcode Curl_doh_is_resolved(struct connectdata *conn, DOHcode rc; DOHcode rc2; struct dohentry de; - struct Curl_dns_entry *dns; - struct Curl_addrinfo *ai; /* remove DOH handles from multi handle and close them */ curl_multi_remove_handle(data->multi, data->req.doh.probe[0].easy); Curl_close(data->req.doh.probe[0].easy); @@ -927,6 +925,9 @@ CURLcode Curl_doh_is_resolved(struct connectdata *conn, data->req.doh.host); } if(!rc || !rc2) { + struct Curl_dns_entry *dns; + struct Curl_addrinfo *ai; + infof(data, "DOH Host name: %s\n", data->req.doh.host); showdoh(data, &de); diff --git a/lib/hostcheck.c b/lib/hostcheck.c index 6fcd0a901..115d24b2e 100644 --- a/lib/hostcheck.c +++ b/lib/hostcheck.c @@ -127,16 +127,14 @@ static int hostmatch(char *hostname, char *pattern) int Curl_cert_hostcheck(const char *match_pattern, const char *hostname) { - char *matchp; - char *hostp; int res = 0; if(!match_pattern || !*match_pattern || !hostname || !*hostname) /* sanity check */ ; else { - matchp = strdup(match_pattern); + char *matchp = strdup(match_pattern); if(matchp) { - hostp = strdup(hostname); + char *hostp = strdup(hostname); if(hostp) { if(hostmatch(hostp, matchp) == CURL_HOST_MATCH) res = 1; diff --git a/lib/hostip6.c b/lib/hostip6.c index fb2f35ce3..5511f1aab 100644 --- a/lib/hostip6.c +++ b/lib/hostip6.c @@ -102,14 +102,15 @@ static void dump_addrinfo(struct connectdata *conn, const Curl_addrinfo *ai) printf("dump_addrinfo:\n"); for(; ai; ai = ai->ai_next) { char buf[INET6_ADDRSTRLEN]; - char buffer[STRERROR_LEN]; printf(" fam %2d, CNAME %s, ", ai->ai_family, ai->ai_canonname ? ai->ai_canonname : "<none>"); if(Curl_printable_address(ai, buf, sizeof(buf))) printf("%s\n", buf); - else + else { + char buffer[STRERROR_LEN]; printf("failed; %s\n", Curl_strerror(SOCKERRNO, buffer, sizeof(buffer))); + } } } #else diff --git a/lib/inet_pton.c b/lib/inet_pton.c index fef9610d1..0d65ae0ec 100644 --- a/lib/inet_pton.c +++ b/lib/inet_pton.c @@ -153,7 +153,7 @@ inet_pton6(const char *src, unsigned char *dst) static const char xdigits_l[] = "0123456789abcdef", xdigits_u[] = "0123456789ABCDEF"; unsigned char tmp[IN6ADDRSZ], *tp, *endp, *colonp; - const char *xdigits, *curtok; + const char *curtok; int ch, saw_xdigit; size_t val; @@ -168,6 +168,7 @@ inet_pton6(const char *src, unsigned char *dst) saw_xdigit = 0; val = 0; while((ch = *src++) != '\0') { + const char *xdigits; const char *pch; pch = strchr((xdigits = xdigits_l), ch); diff --git a/lib/ldap.c b/lib/ldap.c index 79dc2f2ed..fd31faa3e 100644 --- a/lib/ldap.c +++ b/lib/ldap.c @@ -1069,8 +1069,6 @@ static int _ldap_url_parse(const struct connectdata *conn, static void _ldap_free_urldesc(LDAPURLDesc *ludp) { - size_t i; - if(!ludp) return; @@ -1078,6 +1076,7 @@ static void _ldap_free_urldesc(LDAPURLDesc *ludp) free(ludp->lud_filter); if(ludp->lud_attrs) { + size_t i; for(i = 0; i < ludp->lud_attrs_dups; i++) free(ludp->lud_attrs[i]); free(ludp->lud_attrs); @@ -115,7 +115,6 @@ static const void *body(MD4_CTX *ctx, const void *data, unsigned long size) { const unsigned char *ptr; MD4_u32plus a, b, c, d; - MD4_u32plus saved_a, saved_b, saved_c, saved_d; ptr = (const unsigned char *)data; @@ -125,6 +124,8 @@ static const void *body(MD4_CTX *ctx, const void *data, unsigned long size) d = ctx->d; do { + MD4_u32plus saved_a, saved_b, saved_c, saved_d; + saved_a = a; saved_b = b; saved_c = c; @@ -214,7 +215,7 @@ static void MD4_Init(MD4_CTX *ctx) static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size) { MD4_u32plus saved_lo; - unsigned long used, available; + unsigned long used; saved_lo = ctx->lo; ctx->lo = (saved_lo + size) & 0x1fffffff; @@ -225,7 +226,7 @@ static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size) used = saved_lo & 0x3f; if(used) { - available = 64 - used; + unsigned long available = 64 - used; if(size < available) { memcpy(&ctx->buffer[used], data, size); @@ -275,7 +275,6 @@ static const void *body(MD5_CTX *ctx, const void *data, unsigned long size) { const unsigned char *ptr; MD5_u32plus a, b, c, d; - MD5_u32plus saved_a, saved_b, saved_c, saved_d; ptr = (const unsigned char *)data; @@ -285,6 +284,8 @@ static const void *body(MD5_CTX *ctx, const void *data, unsigned long size) d = ctx->d; do { + MD5_u32plus saved_a, saved_b, saved_c, saved_d; + saved_a = a; saved_b = b; saved_c = c; @@ -392,7 +393,7 @@ static void MD5_Init(MD5_CTX *ctx) static void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size) { MD5_u32plus saved_lo; - unsigned long used, available; + unsigned long used; saved_lo = ctx->lo; ctx->lo = (saved_lo + size) & 0x1fffffff; @@ -403,7 +404,7 @@ static void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size) used = saved_lo & 0x3f; if(used) { - available = 64 - used; + unsigned long available = 64 - used; if(size < available) { memcpy(&ctx->buffer[used], data, size); diff --git a/lib/memdebug.c b/lib/memdebug.c index 00e57e9a1..ede60094b 100644 --- a/lib/memdebug.c +++ b/lib/memdebug.c @@ -306,9 +306,8 @@ void *curl_dbg_realloc(void *ptr, size_t wantedsize, void curl_dbg_free(void *ptr, int line, const char *source) { - struct memdebug *mem; - if(ptr) { + struct memdebug *mem; #ifdef __INTEL_COMPILER # pragma warning(push) diff --git a/lib/security.c b/lib/security.c index d64f49a03..82ae5c2cd 100644 --- a/lib/security.c +++ b/lib/security.c @@ -410,8 +410,6 @@ int Curl_sec_read_msg(struct connectdata *conn, char *buffer, static int sec_set_protection_level(struct connectdata *conn) { int code; - char *pbsz; - static unsigned int buffer_size = 1 << 20; /* 1048576 */ enum protection_level level = conn->request_data_prot; DEBUGASSERT(level > PROT_NONE && level < PROT_LAST); @@ -427,6 +425,9 @@ static int sec_set_protection_level(struct connectdata *conn) return 0; if(level) { + char *pbsz; + static unsigned int buffer_size = 1 << 20; /* 1048576 */ + code = ftp_send_command(conn, "PBSZ %u", buffer_size); if(code < 0) return -1; diff --git a/lib/ssh-libssh.c b/lib/ssh-libssh.c index 9bc092390..6cfd6bda8 100644 --- a/lib/ssh-libssh.c +++ b/lib/ssh-libssh.c @@ -1946,14 +1946,13 @@ static int myssh_getsock(struct connectdata *conn, static void myssh_block2waitfor(struct connectdata *conn, bool block) { struct ssh_conn *sshc = &conn->proto.sshc; - int dir; /* If it didn't block, or nothing was returned by ssh_get_poll_flags * have the original set */ conn->waitfor = sshc->orig_waitfor; if(block) { - dir = ssh_get_poll_flags(sshc->ssh_session); + int dir = ssh_get_poll_flags(sshc->ssh_session); if(dir & SSH_READ_PENDING) { /* translate the libssh define bits into our own bit defines */ conn->waitfor = KEEP_RECV; @@ -2050,7 +2049,6 @@ static CURLcode myssh_connect(struct connectdata *conn, bool *done) CURLcode result; curl_socket_t sock = conn->sock[FIRSTSOCKET]; struct Curl_easy *data = conn->data; - int rc; /* initialize per-handle data if not already */ if(!data->req.protop) @@ -2104,8 +2102,8 @@ static CURLcode myssh_connect(struct connectdata *conn, bool *done) ssh->pubkey = NULL; if(data->set.str[STRING_SSH_PUBLIC_KEY]) { - rc = ssh_pki_import_pubkey_file(data->set.str[STRING_SSH_PUBLIC_KEY], - &ssh->pubkey); + int rc = ssh_pki_import_pubkey_file(data->set.str[STRING_SSH_PUBLIC_KEY], + &ssh->pubkey); if(rc != SSH_OK) { failf(data, "Could not load public key file"); /* ignore */ @@ -587,13 +587,13 @@ static CURLcode ssh_check_fingerprint(struct connectdata *conn) struct Curl_easy *data = conn->data; const char *pubkey_md5 = data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5]; char md5buffer[33]; - int i; const char *fingerprint = libssh2_hostkey_hash(sshc->ssh_session, LIBSSH2_HOSTKEY_HASH_MD5); if(fingerprint) { /* The fingerprint points to static storage (!), don't free() it. */ + int i; for(i = 0; i < 16; i++) msnprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]); infof(data, "SSH MD5 fingerprint: %s\n", md5buffer); diff --git a/lib/transfer.c b/lib/transfer.c index 60ad1bb7e..514330e8c 100644 --- a/lib/transfer.c +++ b/lib/transfer.c @@ -157,15 +157,8 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes, size_t buffersize = bytes; size_t nread; -#ifndef CURL_DISABLE_HTTP - struct curl_slist *trailers = NULL; - CURLcode c; - int trailers_ret_code; -#endif - curl_read_callback readfunc = NULL; void *extra_data = NULL; - bool added_crlf = FALSE; #ifdef CURL_DOES_CONVERSIONS bool sending_http_headers = FALSE; @@ -182,6 +175,10 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes, #ifndef CURL_DISABLE_HTTP if(data->state.trailers_state == TRAILERS_INITIALIZED) { + struct curl_slist *trailers = NULL; + CURLcode c; + int trailers_ret_code; + /* at this point we already verified that the callback exists so we compile and store the trailers buffer, then proceed */ infof(data, @@ -296,7 +293,7 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes, here, knowing they'll become CRLFs later on. */ - char hexbuffer[11] = ""; + bool added_crlf = FALSE; int hexlen = 0; const char *endofline_native; const char *endofline_network; @@ -317,6 +314,7 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes, /* if we're not handling trailing data, proceed as usual */ if(data->state.trailers_state != TRAILERS_SENDING) { + char hexbuffer[11] = ""; hexlen = msnprintf(hexbuffer, sizeof(hexbuffer), "%zx%s", nread, endofline_native); diff --git a/lib/urlapi.c b/lib/urlapi.c index 0d05f4d92..3fef2fcf7 100644 --- a/lib/urlapi.c +++ b/lib/urlapi.c @@ -605,9 +605,9 @@ static CURLUcode hostname_check(struct Curl_URL *u, char *hostname) /* only valid letters are ok */ len = strspn(hostname, l); if(hlen != len) { - /* this could now be '%[zone id]' */ - char zoneid[16]; if(hostname[len] == '%') { + /* this could now be '%[zone id]' */ + char zoneid[16]; int i = 0; char *h = &hostname[len + 1]; /* pass '25' if present and is a url encoded percent sign */ diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c index 2fd8f486c..44a2bdda6 100644 --- a/lib/vtls/cyassl.c +++ b/lib/vtls/cyassl.c @@ -143,7 +143,6 @@ static CURLcode cyassl_connect_step1(struct connectdata *conn, int sockindex) { - char error_buffer[CYASSL_MAX_ERROR_SZ]; char *ciphers; struct Curl_easy *data = conn->data; struct ssl_connect_data* connssl = &conn->ssl[sockindex]; @@ -420,6 +419,7 @@ cyassl_connect_step1(struct connectdata *conn, if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) { /* we got a session id, use it! */ if(!SSL_set_session(BACKEND->handle, ssl_sessionid)) { + char error_buffer[CYASSL_MAX_ERROR_SZ]; Curl_ssl_sessionid_unlock(conn); failf(data, "SSL: SSL_set_session failed: %s", ERR_error_string(SSL_get_error(BACKEND->handle, 0), diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c index 0498bf05f..130d82a81 100644 --- a/lib/vtls/gskit.c +++ b/lib/vtls/gskit.c @@ -734,12 +734,11 @@ static ssize_t gskit_recv(struct connectdata *conn, int num, char *buf, { struct ssl_connect_data *connssl = &conn->ssl[num]; struct Curl_easy *data = conn->data; - int buffsize; int nread; CURLcode cc = CURLE_RECV_ERROR; if(pipe_ssloverssl(conn, num, SOS_READ) >= 0) { - buffsize = buffersize > (size_t) INT_MAX? INT_MAX: (int) buffersize; + int buffsize = buffersize > (size_t) INT_MAX? INT_MAX: (int) buffersize; cc = gskit_status(data, gsk_secure_soc_read(BACKEND->handle, buf, buffsize, &nread), "gsk_secure_soc_read()", CURLE_RECV_ERROR); @@ -806,7 +805,6 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex) conn->host.name; const char *sni; unsigned int protoflags = 0; - long timeout; Qso_OverlappedIO_t commarea; int sockpair[2]; static const int sobufsize = CURL_MAX_WRITE_SIZE; @@ -914,7 +912,7 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex) if(!result) { /* Compute the handshake timeout. Since GSKit granularity is 1 second, we round up the required value. */ - timeout = Curl_timeleft(data, NULL, TRUE); + long timeout = Curl_timeleft(data, NULL, TRUE); if(timeout < 0) result = CURLE_OPERATION_TIMEDOUT; else @@ -1021,14 +1019,13 @@ static CURLcode gskit_connect_step2(struct connectdata *conn, int sockindex, struct Curl_easy *data = conn->data; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; Qso_OverlappedIO_t cstat; - long timeout_ms; struct timeval stmv; CURLcode result; /* Poll or wait for end of SSL asynchronous handshake. */ for(;;) { - timeout_ms = nonblocking? 0: Curl_timeleft(data, NULL, TRUE); + long timeout_ms = nonblocking? 0: Curl_timeleft(data, NULL, TRUE); if(timeout_ms < 0) timeout_ms = 0; stmv.tv_sec = timeout_ms / 1000; @@ -1077,7 +1074,6 @@ static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex) const char *cert = (const char *) NULL; const char *certend; const char *ptr; - int i; CURLcode result; /* SSL handshake done: gather certificate info and verify host. */ @@ -1087,6 +1083,8 @@ static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex) &cdev, &cdec), "gsk_attribute_get_cert_info()", CURLE_SSL_CONNECT_ERROR) == CURLE_OK) { + int i; + infof(data, "Server certificate:\n"); p = cdev; for(i = 0; i++ < cdec; p++) @@ -1261,7 +1259,6 @@ static int Curl_gskit_shutdown(struct connectdata *conn, int sockindex) { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct Curl_easy *data = conn->data; - ssize_t nread; int what; int rc; char buf[120]; @@ -1278,6 +1275,8 @@ static int Curl_gskit_shutdown(struct connectdata *conn, int sockindex) SSL_SHUTDOWN_TIMEOUT); for(;;) { + ssize_t nread; + if(what < 0) { /* anything that gets here is fatally bad */ failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO); diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index 639fa58e2..e597eac5e 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -286,11 +286,11 @@ static CURLcode handshake(struct connectdata *conn, struct ssl_connect_data *connssl = &conn->ssl[sockindex]; gnutls_session_t session = BACKEND->session; curl_socket_t sockfd = conn->sock[sockindex]; - time_t timeout_ms; - int rc; - int what; for(;;) { + time_t timeout_ms; + int rc; + /* check allowed time left */ timeout_ms = Curl_timeleft(data, NULL, duringconnect); @@ -303,7 +303,7 @@ static CURLcode handshake(struct connectdata *conn, /* if ssl is expecting something, check if it's available. */ if(connssl->connecting_state == ssl_connect_2_reading || connssl->connecting_state == ssl_connect_2_writing) { - + int what; curl_socket_t writefd = ssl_connect_2_writing == connssl->connecting_state?sockfd:CURL_SOCKET_BAD; curl_socket_t readfd = ssl_connect_2_reading == @@ -957,7 +957,6 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, gnutls_pubkey_t key = NULL; /* Result is returned to caller */ - int ret = 0; CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; /* if a path wasn't specified, don't pin */ @@ -968,6 +967,8 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, return result; do { + int ret; + /* Begin Gyrations to get the public key */ gnutls_pubkey_init(&key); @@ -1279,10 +1280,7 @@ gtls_connect_step3(struct connectdata *conn, #define use_addr in_addr #endif unsigned char addrbuf[sizeof(struct use_addr)]; - unsigned char certaddr[sizeof(struct use_addr)]; - size_t addrlen = 0, certaddrlen; - int i; - int ret = 0; + size_t addrlen = 0; if(Curl_inet_pton(AF_INET, hostname, addrbuf) > 0) addrlen = 4; @@ -1292,10 +1290,13 @@ gtls_connect_step3(struct connectdata *conn, #endif if(addrlen) { + unsigned char certaddr[sizeof(struct use_addr)]; + int i; + for(i = 0; ; i++) { - certaddrlen = sizeof(certaddr); - ret = gnutls_x509_crt_get_subject_alt_name(x509_cert, i, certaddr, - &certaddrlen, NULL); + size_t certaddrlen = sizeof(certaddr); + int ret = gnutls_x509_crt_get_subject_alt_name(x509_cert, i, certaddr, + &certaddrlen, NULL); /* If this happens, it wasn't an IP address. */ if(ret == GNUTLS_E_SHORT_MEMORY_BUFFER) continue; @@ -1465,8 +1466,6 @@ gtls_connect_step3(struct connectdata *conn, already got it from the cache and asked to use it in the connection, it might've been rejected and then a new one is in use now and we need to detect that. */ - bool incache; - void *ssl_sessionid; void *connect_sessionid; size_t connect_idsize = 0; @@ -1475,6 +1474,9 @@ gtls_connect_step3(struct connectdata *conn, connect_sessionid = malloc(connect_idsize); /* get a buffer for it */ if(connect_sessionid) { + bool incache; + void *ssl_sessionid; + /* extract session ID to the allocated buffer */ gnutls_session_get_data(session, connect_sessionid, &connect_idsize); @@ -1635,11 +1637,8 @@ static void Curl_gtls_close(struct connectdata *conn, int sockindex) static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex) { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - ssize_t result; int retval = 0; struct Curl_easy *data = conn->data; - bool done = FALSE; - char buf[120]; /* This has only been tested on the proftpd server, and the mod_tls code sends a close notify alert without waiting for a close notify alert in @@ -1650,6 +1649,10 @@ static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex) gnutls_bye(BACKEND->session, GNUTLS_SHUT_WR); if(BACKEND->session) { + ssize_t result; + bool done = FALSE; + char buf[120]; + while(!done) { int what = SOCKET_READABLE(conn->sock[sockindex], SSL_SHUTDOWN_TIMEOUT); diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c index 22c22fa78..ab357dd87 100644 --- a/lib/vtls/mbedtls.c +++ b/lib/vtls/mbedtls.c @@ -540,13 +540,6 @@ mbed_connect_step2(struct connectdata *conn, data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] : data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]; -#ifdef HAS_ALPN - const char *next_protocol; -#endif - - char errorbuf[128]; - errorbuf[0] = 0; - conn->recv[sockindex] = mbed_recv; conn->send[sockindex] = mbed_send; @@ -561,6 +554,8 @@ mbed_connect_step2(struct connectdata *conn, return CURLE_OK; } else if(ret) { + char errorbuf[128]; + errorbuf[0] = 0; #ifdef MBEDTLS_ERROR_C mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); #endif /* MBEDTLS_ERROR_C */ @@ -665,7 +660,7 @@ mbed_connect_step2(struct connectdata *conn, #ifdef HAS_ALPN if(conn->bits.tls_enable_alpn) { - next_protocol = mbedtls_ssl_get_alpn_protocol(&BACKEND->ssl); + const char *next_protocol = mbedtls_ssl_get_alpn_protocol(&BACKEND->ssl); if(next_protocol) { infof(data, "ALPN, server accepted to use %s\n", next_protocol); diff --git a/lib/vtls/polarssl_threadlock.c b/lib/vtls/polarssl_threadlock.c index 8ef651d40..27c94b11e 100644 --- a/lib/vtls/polarssl_threadlock.c +++ b/lib/vtls/polarssl_threadlock.c @@ -49,25 +49,23 @@ static POLARSSL_MUTEX_T *mutex_buf = NULL; int Curl_polarsslthreadlock_thread_setup(void) { int i; - int ret; mutex_buf = calloc(NUMT * sizeof(POLARSSL_MUTEX_T), 1); if(!mutex_buf) return 0; /* error, no number of threads defined */ -#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) for(i = 0; i < NUMT; i++) { + int ret; +#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) ret = pthread_mutex_init(&mutex_buf[i], NULL); if(ret) return 0; /* pthread_mutex_init failed */ - } #elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H) - for(i = 0; i < NUMT; i++) { mutex_buf[i] = CreateMutex(0, FALSE, 0); if(mutex_buf[i] == 0) return 0; /* CreateMutex failed */ - } #endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */ + } return 1; /* OK */ } @@ -75,24 +73,22 @@ int Curl_polarsslthreadlock_thread_setup(void) int Curl_polarsslthreadlock_thread_cleanup(void) { int i; - int ret; if(!mutex_buf) return 0; /* error, no threads locks defined */ -#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) for(i = 0; i < NUMT; i++) { + int ret; +#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) ret = pthread_mutex_destroy(&mutex_buf[i]); if(ret) return 0; /* pthread_mutex_destroy failed */ - } #elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H) - for(i = 0; i < NUMT; i++) { ret = CloseHandle(mutex_buf[i]); if(!ret) return 0; /* CloseHandle failed */ - } #endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */ + } free(mutex_buf); mutex_buf = NULL; @@ -101,51 +97,47 @@ int Curl_polarsslthreadlock_thread_cleanup(void) int Curl_polarsslthreadlock_lock_function(int n) { - int ret; -#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) if(n < NUMT) { + int ret; +#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) ret = pthread_mutex_lock(&mutex_buf[n]); if(ret) { DEBUGF(fprintf(stderr, "Error: polarsslthreadlock_lock_function failed\n")); return 0; /* pthread_mutex_lock failed */ } - } #elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H) - if(n < NUMT) { ret = (WaitForSingleObject(mutex_buf[n], INFINITE) == WAIT_FAILED?1:0); if(ret) { DEBUGF(fprintf(stderr, "Error: polarsslthreadlock_lock_function failed\n")); return 0; /* pthread_mutex_lock failed */ } - } #endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */ + } return 1; /* OK */ } int Curl_polarsslthreadlock_unlock_function(int n) { - int ret; -#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) if(n < NUMT) { + int ret; +#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) ret = pthread_mutex_unlock(&mutex_buf[n]); if(ret) { DEBUGF(fprintf(stderr, "Error: polarsslthreadlock_unlock_function failed\n")); return 0; /* pthread_mutex_unlock failed */ } - } #elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H) - if(n < NUMT) { ret = ReleaseMutex(mutex_buf[n]); if(!ret) { DEBUGF(fprintf(stderr, "Error: polarsslthreadlock_unlock_function failed\n")); return 0; /* pthread_mutex_lock failed */ } - } #endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */ + } return 1; /* OK */ } diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c index 2480bbbe3..0f6f734fd 100644 --- a/lib/vtls/schannel.c +++ b/lib/vtls/schannel.c @@ -868,13 +868,11 @@ schannel_connect_step2(struct connectdata *conn, int sockindex) struct Curl_easy *data = conn->data; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; unsigned char *reallocated_buffer; - size_t reallocated_length; SecBuffer outbuf[3]; SecBufferDesc outbuf_desc; SecBuffer inbuf[2]; SecBufferDesc inbuf_desc; SECURITY_STATUS sspi_status = SEC_E_OK; - TCHAR *host_name; CURLcode result; bool doread; char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : @@ -917,7 +915,7 @@ schannel_connect_step2(struct connectdata *conn, int sockindex) if(BACKEND->encdata_length - BACKEND->encdata_offset < CURL_SCHANNEL_BUFFER_FREE_SIZE) { /* increase internal encrypted data buffer */ - reallocated_length = BACKEND->encdata_offset + + size_t reallocated_length = BACKEND->encdata_offset + CURL_SCHANNEL_BUFFER_FREE_SIZE; reallocated_buffer = realloc(BACKEND->encdata_buffer, reallocated_length); @@ -933,6 +931,7 @@ schannel_connect_step2(struct connectdata *conn, int sockindex) } for(;;) { + TCHAR *host_name; if(doread) { /* read encrypted handshake data from socket */ result = Curl_read_plain(conn->sock[sockindex], @@ -2131,14 +2130,9 @@ static CURLcode Curl_schannel_random(struct Curl_easy *data UNUSED_PARAM, static CURLcode pkp_pin_peer_pubkey(struct connectdata *conn, int sockindex, const char *pinnedpubkey) { - SECURITY_STATUS sspi_status; struct Curl_easy *data = conn->data; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; CERT_CONTEXT *pCertContextServer = NULL; - const char *x509_der; - DWORD x509_der_len; - curl_X509certificate x509_parsed; - curl_asn1Element *pubkey; /* Result is returned to caller */ CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; @@ -2148,6 +2142,12 @@ static CURLcode pkp_pin_peer_pubkey(struct connectdata *conn, int sockindex, return CURLE_OK; do { + SECURITY_STATUS sspi_status; + const char *x509_der; + DWORD x509_der_len; + curl_X509certificate x509_parsed; + curl_asn1Element *pubkey; + sspi_status = s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle, SECPKG_ATTR_REMOTE_CERT_CONTEXT, diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index 25391443f..a7452dcd5 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -498,9 +498,9 @@ CURLcode Curl_ssl_addsessionid(struct connectdata *conn, void Curl_ssl_close_all(struct Curl_easy *data) { - size_t i; /* kill the session ID cache if not shared */ if(data->state.session && !SSLSESSION_SHARED(data)) { + size_t i; for(i = 0; i < data->set.general_ssl.max_ssl_sessions; i++) /* the single-killer function handles empty table slots */ Curl_ssl_kill_session(&data->state.session[i]); @@ -644,11 +644,11 @@ bool Curl_ssl_data_pending(const struct connectdata *conn, void Curl_ssl_free_certinfo(struct Curl_easy *data) { - int i; struct curl_certinfo *ci = &data->info.certs; if(ci->num_of_certs) { /* free all individual lists used */ + int i; for(i = 0; i<ci->num_of_certs; i++) { curl_slist_free_all(ci->certinfo[i]); ci->certinfo[i] = NULL; @@ -808,14 +808,7 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, { FILE *fp; unsigned char *buf = NULL, *pem_ptr = NULL; - long filesize; - size_t size, pem_len; - CURLcode pem_read; CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; - CURLcode encode; - size_t encodedlen, pinkeylen; - char *encoded, *pinkeycopy, *begin_pos, *end_pos; - unsigned char *sha256sumdigest = NULL; /* if a path wasn't specified, don't pin */ if(!pinnedpubkey) @@ -825,6 +818,11 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, /* only do this if pinnedpubkey starts with "sha256//", length 8 */ if(strncmp(pinnedpubkey, "sha256//", 8) == 0) { + CURLcode encode; + size_t encodedlen, pinkeylen; + char *encoded, *pinkeycopy, *begin_pos, *end_pos; + unsigned char *sha256sumdigest; + if(!Curl_ssl->sha256sum) { /* without sha256 support, this cannot match */ return result; @@ -895,6 +893,10 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, return result; do { + long filesize; + size_t size, pem_len; + CURLcode pem_read; + /* Determine the file's size */ if(fseek(fp, 0, SEEK_END)) break; @@ -1271,7 +1273,6 @@ static int multissl_init(const struct Curl_ssl *backend) { const char *env; char *env_tmp; - int i; if(Curl_ssl != &Curl_ssl_multi) return 1; @@ -1290,6 +1291,7 @@ static int multissl_init(const struct Curl_ssl *backend) env = CURL_DEFAULT_SSL_BACKEND; #endif if(env) { + int i; for(i = 0; available_backends[i]; i++) { if(strcasecompare(env, available_backends[i]->info.name)) { Curl_ssl = available_backends[i]; diff --git a/lib/x509asn1.c b/lib/x509asn1.c index 35a036fbe..0c1256ba8 100644 --- a/lib/x509asn1.c +++ b/lib/x509asn1.c @@ -266,8 +266,6 @@ utf8asn1str(char **to, int type, const char *from, const char *end) size_t inlength = end - from; int size = 1; size_t outlength; - int charsize; - unsigned int wc; char *buf; *to = NULL; @@ -305,6 +303,9 @@ utf8asn1str(char **to, int type, const char *from, const char *end) } else { for(outlength = 0; from < end;) { + int charsize; + unsigned int wc; + wc = 0; switch(size) { case 4: @@ -877,9 +878,6 @@ static void do_pubkey(struct Curl_easy *data, int certnum, curl_asn1Element elem; curl_asn1Element pk; const char *p; - const char *q; - unsigned long len; - unsigned int i; /* Generate all information records for the public key. */ @@ -888,6 +886,9 @@ static void do_pubkey(struct Curl_easy *data, int certnum, return; if(strcasecompare(algo, "rsaEncryption")) { + const char *q; + unsigned long len; + p = getASN1Element(&elem, pk.beg, pk.end); if(!p) return; @@ -896,9 +897,11 @@ static void do_pubkey(struct Curl_easy *data, int certnum, for(q = elem.beg; !*q && q < elem.end; q++) ; len = (unsigned long)((elem.end - q) * 8); - if(len) + if(len) { + unsigned int i; for(i = *(unsigned char *) q; !(i & 0x80); i <<= 1) len--; + } if(len > 32) elem.beg = q; /* Strip leading zero bytes. */ if(!certnum) |