You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by sc...@apache.org on 2017/09/11 00:35:09 UTC
svn commit: r1807981 - in /santuario/xml-security-cpp/trunk: ./ xsec/dsig/
xsec/tools/siginf/ xsec/tools/xklient/ xsec/utils/
Author: scantor
Date: Mon Sep 11 00:35:08 2017
New Revision: 1807981
URL: http://svn.apache.org/viewvc?rev=1807981&view=rev
Log:
Add warning to build, plug some signed/unsigned bugs.
Modified:
santuario/xml-security-cpp/trunk/configure.ac
santuario/xml-security-cpp/trunk/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp
santuario/xml-security-cpp/trunk/xsec/dsig/DSIGSignature.cpp
santuario/xml-security-cpp/trunk/xsec/tools/siginf/siginf.cpp
santuario/xml-security-cpp/trunk/xsec/tools/xklient/xklient.cpp
santuario/xml-security-cpp/trunk/xsec/utils/XSECSafeBuffer.cpp
santuario/xml-security-cpp/trunk/xsec/utils/XSECSafeBuffer.hpp
Modified: santuario/xml-security-cpp/trunk/configure.ac
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/configure.ac?rev=1807981&r1=1807980&r2=1807981&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/configure.ac (original)
+++ santuario/xml-security-cpp/trunk/configure.ac Mon Sep 11 00:35:08 2017
@@ -55,8 +55,8 @@ AC_PROG_AWK
AC_CHECK_PROG(AUTOCONF, autoconf, autoconf, true)
if test "$GCC" = "yes" ; then
- CFLAGS="-Wall $GCC_CFLAGS"
- CXXFLAGS="-Wall $GCC_CXXFLAGS"
+ CFLAGS="-Wall -Wstrict-overflow=5 $GCC_CFLAGS"
+ CXXFLAGS="-Wall -Wstrict-overflow=5 $GCC_CXXFLAGS"
fi
# pthreads
@@ -344,7 +344,7 @@ AC_ARG_ENABLE(xkms,
[have_xkms=${enableval}],
[have_xkms=yes])
if test x"$have_xkms" = "xyes" ; then
- AC_DEFINE([XSEC_XKMS_ENABLED],[1],[Define to 1 if XKMS support is included.])]
+ AC_DEFINE([XSEC_XKMS_ENABLED],[1],[Define to 1 if XKMS support is included.])
fi
# Populate the Makefile conditionals
Modified: santuario/xml-security-cpp/trunk/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp?rev=1807981&r1=1807980&r2=1807981&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp Mon Sep 11 00:35:08 2017
@@ -524,7 +524,7 @@ unsigned int DSIGAlgorithmHandlerDefault
// Signature already created, so just translate to base 64 and enter string
// FIX: CVE-2009-0217
- if (outputLength > 0 && (outputLength > hashLen || outputLength < 80 || outputLength < hashLen / 2)) {
+ if (outputLength > 0 && (outputLength > (unsigned int)hashLen || outputLength < 80 || outputLength < (unsigned int)hashLen / 2)) {
throw XSECException(XSECException::AlgorithmMapperError,
"HMACOutputLength set to unsafe value.");
}
@@ -646,10 +646,10 @@ bool DSIGAlgorithmHandlerDefault::verify
case (XSECCryptoKey::KEY_HMAC) :
- // Already done - just compare calculated value with read value
+ // Already done - just compare calculated value with read value
// FIX: CVE-2009-0217
- if (outputLength > 0 && (outputLength > hashLen || outputLength < 80 || outputLength < hashLen / 2)) {
+ if (outputLength > 0 && (outputLength > (unsigned int)hashLen || outputLength < 80 || outputLength < (unsigned int)hashLen / 2)) {
throw XSECException(XSECException::AlgorithmMapperError,
"HMACOutputLength set to unsafe value.");
}
Modified: santuario/xml-security-cpp/trunk/xsec/dsig/DSIGSignature.cpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGSignature.cpp?rev=1807981&r1=1807980&r2=1807981&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/dsig/DSIGSignature.cpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/dsig/DSIGSignature.cpp Mon Sep 11 00:35:08 2017
@@ -903,7 +903,6 @@ unsigned int DSIGSignature::calculateSig
bool DSIGSignature::verifySignatureOnlyInternal(void) {
unsigned char hash[4096];
- int hashLen;
if (!m_loaded) {
@@ -949,7 +948,7 @@ bool DSIGSignature::verifySignatureOnlyI
TXFMChain * chain = getSignedInfoInput();
Janitor<TXFMChain> j_chain(chain);
- hashLen = calculateSignedInfoHash(hash, 4096);
+ calculateSignedInfoHash(hash, 4096);
// Now set up to verify
// First find the appropriate handler for the URI
Modified: santuario/xml-security-cpp/trunk/xsec/tools/siginf/siginf.cpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/tools/siginf/siginf.cpp?rev=1807981&r1=1807980&r2=1807981&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/tools/siginf/siginf.cpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/tools/siginf/siginf.cpp Mon Sep 11 00:35:08 2017
@@ -127,14 +127,14 @@ ostream & operator<<(ostream& target, X2
}
inline
-void levelSet(int level) {
+void levelSet(unsigned int level) {
- for (int i = 0; i < level; ++i)
+ for (unsigned int i = 0; i < level; ++i)
cout << " ";
}
-void outputTransform(DSIGTransform * t, int level) {
+void outputTransform(DSIGTransform * t, unsigned int level) {
switch (t->getTransformType()) {
@@ -260,7 +260,7 @@ void outputTransform(DSIGTransform * t,
}
-void outputReferences(DSIGReferenceList *rl, int level) {
+void outputReferences(DSIGReferenceList *rl, unsigned int level) {
int s = (int) rl->getSize();
Modified: santuario/xml-security-cpp/trunk/xsec/tools/xklient/xklient.cpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/tools/xklient/xklient.cpp?rev=1807981&r1=1807980&r2=1807981&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/tools/xklient/xklient.cpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/tools/xklient/xklient.cpp Mon Sep 11 00:35:08 2017
@@ -200,9 +200,9 @@ ostream & operator<<(ostream& target, X2
}
inline
-void levelSet(int level) {
+void levelSet(unsigned int level) {
- for (int i = 0; i < level; ++i)
+ for (unsigned int i = 0; i < level; ++i)
cout << " ";
}
@@ -2780,7 +2780,7 @@ XKMSMessageAbstractType * createCompound
// MsgDump
// --------------------------------------------------------------------------------
-void doMessageAbstractTypeDump(XKMSMessageAbstractType *msg, int level) {
+void doMessageAbstractTypeDump(XKMSMessageAbstractType *msg, unsigned int level) {
cout << endl;
levelSet(level);
@@ -2820,7 +2820,7 @@ void doMessageAbstractTypeDump(XKMSMessa
}
}
-void doRequestAbstractTypeDump(XKMSRequestAbstractType *msg, int level) {
+void doRequestAbstractTypeDump(XKMSRequestAbstractType *msg, unsigned int level) {
levelSet(level);
int i = msg->getRespondWithSize();
@@ -2836,7 +2836,7 @@ void doRequestAbstractTypeDump(XKMSReque
}
-void doResultTypeDump(XKMSResultType *msg, int level) {
+void doResultTypeDump(XKMSResultType *msg, unsigned int level) {
const XMLCh * rid = msg->getRequestId();
char * s;
@@ -2874,7 +2874,7 @@ void doResultTypeDump(XKMSResultType *ms
}
}
-void doKeyInfoDump(DSIGKeyInfoList * l, int level) {
+void doKeyInfoDump(DSIGKeyInfoList * l, unsigned int level) {
int size = (int) l->getSize();
@@ -2959,7 +2959,7 @@ void doKeyInfoDump(DSIGKeyInfoList * l,
}
-void doKeyBindingAbstractDump(XKMSKeyBindingAbstractType * msg, int level) {
+void doKeyBindingAbstractDump(XKMSKeyBindingAbstractType * msg, unsigned int level) {
levelSet(level);
cout << "Key Binding found." << endl;
@@ -3016,7 +3016,7 @@ void doKeyBindingAbstractDump(XKMSKeyBin
}
-void doUnverifiedKeyBindingDump(XKMSUnverifiedKeyBinding * ukb, int level) {
+void doUnverifiedKeyBindingDump(XKMSUnverifiedKeyBinding * ukb, unsigned int level) {
doKeyBindingAbstractDump((XKMSKeyBindingAbstractType *) ukb, level);
@@ -3038,7 +3038,7 @@ void doStatusReasonDump(XKMSStatus::Stat
}
-void doKeyBindingDump(XKMSKeyBinding * kb, int level) {
+void doKeyBindingDump(XKMSKeyBinding * kb, unsigned int level) {
/* Dump the status */
@@ -3061,7 +3061,7 @@ void doKeyBindingDump(XKMSKeyBinding * k
}
-void doRevokeKeyBindingDump(XKMSRevokeKeyBinding * kb, int level) {
+void doRevokeKeyBindingDump(XKMSRevokeKeyBinding * kb, unsigned int level) {
/* Dump the status */
@@ -3084,7 +3084,7 @@ void doRevokeKeyBindingDump(XKMSRevokeKe
}
-void doRecoverKeyBindingDump(XKMSRecoverKeyBinding * kb, int level) {
+void doRecoverKeyBindingDump(XKMSRecoverKeyBinding * kb, unsigned int level) {
/* Dump the status */
@@ -3107,7 +3107,7 @@ void doRecoverKeyBindingDump(XKMSRecover
}
-void doReissueKeyBindingDump(XKMSReissueKeyBinding * kb, int level) {
+void doReissueKeyBindingDump(XKMSReissueKeyBinding * kb, unsigned int level) {
/* Dump the status */
@@ -3130,7 +3130,7 @@ void doReissueKeyBindingDump(XKMSReissue
}
-void doAuthenticationDump(XKMSAuthentication *a, int level) {
+void doAuthenticationDump(XKMSAuthentication *a, unsigned int level) {
if (a == NULL)
@@ -3176,7 +3176,7 @@ void doAuthenticationDump(XKMSAuthentica
int doLocateRequestDump(XKMSLocateRequest *msg) {
cout << endl << "This is a LocateRequest Message" << endl;
- int level = 1;
+ unsigned int level = 1;
doMessageAbstractTypeDump(msg, level);
doRequestAbstractTypeDump(msg, level);
@@ -3191,7 +3191,7 @@ int doLocateRequestDump(XKMSLocateReques
int doStatusRequestDump(XKMSStatusRequest *msg) {
cout << endl << "This is a StatusRequest Message" << endl;
- int level = 1;
+ unsigned int level = 1;
doMessageAbstractTypeDump(msg, level);
doRequestAbstractTypeDump(msg, level);
@@ -3202,7 +3202,7 @@ int doStatusRequestDump(XKMSStatusReques
int doValidateRequestDump(XKMSValidateRequest *msg) {
cout << endl << "This is a ValidateRequest Message" << endl;
- int level = 1;
+ unsigned int level = 1;
doMessageAbstractTypeDump(msg, level);
doRequestAbstractTypeDump(msg, level);
@@ -3217,7 +3217,7 @@ int doValidateRequestDump(XKMSValidateRe
int doLocateResultDump(XKMSLocateResult *msg) {
cout << endl << "This is a LocateResult Message" << endl;
- int level = 1;
+ unsigned int level = 1;
doMessageAbstractTypeDump(msg, level);
doResultTypeDump(msg, level);
@@ -3244,7 +3244,7 @@ int doLocateResultDump(XKMSLocateResult
int doValidateResultDump(XKMSValidateResult *msg) {
cout << endl << "This is a ValidateResult Message" << endl;
- int level = 1;
+ unsigned int level = 1;
doMessageAbstractTypeDump(msg, level);
doResultTypeDump(msg, level);
@@ -3271,7 +3271,7 @@ int doValidateResultDump(XKMSValidateRes
int doRegisterResultDump(XKMSRegisterResult *msg) {
cout << endl << "This is a RegisterResult Message" << endl;
- int level = 1;
+ unsigned int level = 1;
doMessageAbstractTypeDump(msg, level);
doResultTypeDump(msg, level);
@@ -3392,7 +3392,7 @@ int doRegisterResultDump(XKMSRegisterRes
int doRecoverResultDump(XKMSRecoverResult *msg) {
cout << endl << "This is a RecoverResult Message" << endl;
- int level = 1;
+ unsigned int level = 1;
doMessageAbstractTypeDump(msg, level);
doResultTypeDump(msg, level);
@@ -3514,7 +3514,7 @@ int doRecoverResultDump(XKMSRecoverResul
int doRevokeResultDump(XKMSRevokeResult *msg) {
cout << endl << "This is a RevokeResult Message" << endl;
- int level = 1;
+ unsigned int level = 1;
doMessageAbstractTypeDump(msg, level);
doResultTypeDump(msg, level);
@@ -3541,7 +3541,7 @@ int doRevokeResultDump(XKMSRevokeResult
int doReissueResultDump(XKMSReissueResult *msg) {
cout << endl << "This is a ReissueResult Message" << endl;
- int level = 1;
+ unsigned int level = 1;
doMessageAbstractTypeDump(msg, level);
doResultTypeDump(msg, level);
@@ -3568,7 +3568,7 @@ int doReissueResultDump(XKMSReissueResul
int doStatusResultDump(XKMSStatusResult *msg) {
cout << endl << "This is a StatusResult Message" << endl;
- int level = 1;
+ unsigned int level = 1;
doMessageAbstractTypeDump(msg, level);
doResultTypeDump(msg, level);
@@ -3579,7 +3579,7 @@ int doStatusResultDump(XKMSStatusResult
int doResultDump(XKMSResult *msg) {
cout << endl << "This is a Result Message" << endl;
- int level = 1;
+ unsigned int level = 1;
doMessageAbstractTypeDump(msg, level);
doResultTypeDump(msg, level);
@@ -3590,7 +3590,7 @@ int doResultDump(XKMSResult *msg) {
int doRegisterRequestDump(XKMSRegisterRequest *msg) {
cout << endl << "This is a RegisterRequest Message" << endl;
- int level = 1;
+ unsigned int level = 1;
doMessageAbstractTypeDump(msg, level);
doRequestAbstractTypeDump(msg, level);
@@ -3647,7 +3647,7 @@ int doRegisterRequestDump(XKMSRegisterRe
int doRevokeRequestDump(XKMSRevokeRequest *msg) {
cout << endl << "This is a RevokeRequest Message" << endl;
- int level = 1;
+ unsigned int level = 1;
doMessageAbstractTypeDump(msg, level);
doRequestAbstractTypeDump(msg, level);
@@ -3677,7 +3677,7 @@ int doRevokeRequestDump(XKMSRevokeReques
int doRecoverRequestDump(XKMSRecoverRequest *msg) {
cout << endl << "This is a RecoverRequest Message" << endl;
- int level = 1;
+ unsigned int level = 1;
doMessageAbstractTypeDump(msg, level);
doRequestAbstractTypeDump(msg, level);
@@ -3698,7 +3698,7 @@ int doRecoverRequestDump(XKMSRecoverRequ
int doReissueRequestDump(XKMSReissueRequest *msg) {
cout << endl << "This is a ReiussueRequest Message" << endl;
- int level = 1;
+ unsigned int level = 1;
doMessageAbstractTypeDump(msg, level);
doRequestAbstractTypeDump(msg, level);
Modified: santuario/xml-security-cpp/trunk/xsec/utils/XSECSafeBuffer.cpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/utils/XSECSafeBuffer.cpp?rev=1807981&r1=1807980&r2=1807981&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/utils/XSECSafeBuffer.cpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/utils/XSECSafeBuffer.cpp Mon Sep 11 00:35:08 2017
@@ -387,39 +387,23 @@ int safeBuffer::sbOffsetStrncmp(const ch
}
-long safeBuffer::sbStrstr(const char * inStr) const {
+xsecsize_t safeBuffer::sbStrstr(const char * inStr) const {
checkBufferType(BUFFER_CHAR);
- char* p = strstr((char *) buffer, inStr);
+ const char* p = strstr((char *) buffer, inStr);
if (p == NULL)
return -1;
- long d = (unsigned long) p - (unsigned long) buffer;
- if (d < 0 || d > bufferSize)
+ xsecsize_t d = p - (char*) buffer;
+ if (d > bufferSize)
return -1;
return d;
}
-long safeBuffer::sbStrstr(const XMLCh * inStr) const {
-
- checkBufferType(BUFFER_UNICODE);
- XMLCh* p = XMLString::findAny((XMLCh *) buffer, inStr);
-
- if (p == NULL)
- return -1;
-
- long d = ((unsigned long) ((p - (unsigned long) buffer)) / size_XMLCh);
- if (d < 0 || d > bufferSize)
- return -1;
-
- return d;
-
-}
-
-long safeBuffer::sbOffsetStrstr(const char * inStr, xsecsize_t offset) const {
+xsecsize_t safeBuffer::sbOffsetStrstr(const char * inStr, xsecsize_t offset) const {
checkBufferType(BUFFER_CHAR);
xsecsize_t bl = (xsecsize_t) strlen((char *) buffer);
@@ -427,13 +411,13 @@ long safeBuffer::sbOffsetStrstr(const ch
if (offset > bl)
return -1;
- char* p = strstr((char *) &buffer[offset], inStr);
+ const char* p = strstr((char *) &buffer[offset], inStr);
if (p == NULL)
return -1;
- long d = (unsigned long) p - (unsigned long) buffer;
- if (d < 0 || d > bufferSize)
+ xsecsize_t d = p - (char*) buffer;
+ if (d > bufferSize)
return -1;
return d;
Modified: santuario/xml-security-cpp/trunk/xsec/utils/XSECSafeBuffer.hpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/utils/XSECSafeBuffer.hpp?rev=1807981&r1=1807980&r2=1807981&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/utils/XSECSafeBuffer.hpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/utils/XSECSafeBuffer.hpp Mon Sep 11 00:35:08 2017
@@ -105,13 +105,12 @@ public:
int sbStrncmp(const char * inStr, xsecsize_t n) const;
int sbOffsetStrcmp(const char * inStr, xsecsize_t offset) const;
int sbOffsetStrncmp(const char * inStr, xsecsize_t offset, xsecsize_t n) const;
- int sbStrcmp(const char * inStr) const;
- int sbStrcmp(const safeBuffer & inStr) const;
+ int sbStrcmp(const char * inStr) const;
+ int sbStrcmp(const safeBuffer & inStr) const;
- long sbStrstr(const char * inStr) const;
- long sbOffsetStrstr(const char * inStr, xsecsize_t offset) const;
- // XMLCh versions
- long sbStrstr(const XMLCh * inStr) const;
+ xsecsize_t sbStrstr(const char * inStr) const;
+ xsecsize_t sbOffsetStrstr(const char * inStr, xsecsize_t offset) const;
+
void sbStrinsIn(const XMLCh * inStr, xsecsize_t offset);
// XMLCh and char common functions