ssl: Clean up type handling in parse_early_negotiation_tlvs()

buf_read_u16 does not return uint16_t.

Change-Id: Ie7ad637223c332f7611c09b20a8d7a3a92d97ec7
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1302
Message-Id: <20251116215433.29257-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34487.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 48418372ad51b660bb851fec9cf2493237f0429c..85016937b4dedf1fa8361d36d76d7806e7367ced 100644 (file)
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -2194,11 +2194,6 @@ export_user_keying_material(struct tls_session *session)
     }
 }
 
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wconversion"
-#endif
-
 /**
  * Handle reading key data, peer-info, username/password, OCC
  * from the TLS control channel (cleartext).
@@ -2522,9 +2517,9 @@ parse_early_negotiation_tlvs(struct buffer *buf, struct key_state *ks)
             goto error;
         }
         /* read type */
-        uint16_t type = buf_read_u16(buf);
-        uint16_t len = buf_read_u16(buf);
-        if (buf_len(buf) < len)
+        int type = buf_read_u16(buf);
+        int len = buf_read_u16(buf);
+        if (type < 0 || len < 0 || buf_len(buf) < len)
         {
             goto error;
         }
@@ -2536,7 +2531,7 @@ parse_early_negotiation_tlvs(struct buffer *buf, struct key_state *ks)
                 {
                     goto error;
                 }
-                uint16_t flags = buf_read_u16(buf);
+                int flags = buf_read_u16(buf);
 
                 if (flags & EARLY_NEG_FLAG_RESEND_WKC)
                 {
@@ -3963,10 +3958,6 @@ tls_pre_encrypt(struct tls_multi *multi, struct buffer *buf, struct crypto_optio
     }
 }
 
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic pop
-#endif
-
 void
 tls_prepend_opcode_v1(const struct tls_multi *multi, struct buffer *buf)
 {