Merge pull request #746 in SNORT/snort3 from opensolaris_cppcheck to master

Squashed commit of the following:

commit c5ee2095e28b19c4fa99b4236041fc77a979e9dc
Author: Michael Altizer <mialtize@cisco.com>
Date:   Fri Dec 9 18:40:33 2016 -0500

    build: Address some cppcheck concerns

commit 9e89b0f57dd5e0a43d1c9600a54ac6fca8a155cf
Author: Michael Altizer <mialtize@cisco.com>
Date:   Thu Dec 8 19:10:33 2016 -0500

    build: Illumos build fixes

diff --git a/extra/src/codecs/cd_pflog/cd_pflog.cc b/extra/src/codecs/cd_pflog/cd_pflog.cc
index f2b9ae8324f7cd270de43595cc12f4feefd30fd8..9cdbc229183e84141af4fd4009ac19730d7ca283 100644 (file)
--- a/extra/src/codecs/cd_pflog/cd_pflog.cc
+++ b/extra/src/codecs/cd_pflog/cd_pflog.cc
@@ -210,11 +210,9 @@ bool PflogCodec::decode(const RawData& raw, CodecData& codec, DecodeData&)
         codec.next_prot_id = ProtocolId::ETHERTYPE_IPV4;
         break;
 
-#if defined(AF_INET6)
     case AF_INET6:      /* IPv6 */
         codec.next_prot_id = ProtocolId::ETHERTYPE_IPV6;
         break;
-#endif
 
     default:
         /* FIXIT-L add decoder drop event for unknown pflog network type

diff --git a/src/connectors/tcp_connector/test/tcp_connector_test.cc b/src/connectors/tcp_connector/test/tcp_connector_test.cc
index 0c60258c9de401d71fc852134d4942b7565dde05..cd4048aa7ae98b0507ce5de97f5c84ebde4d3b8d 100644 (file)
--- a/src/connectors/tcp_connector/test/tcp_connector_test.cc
+++ b/src/connectors/tcp_connector/test/tcp_connector_test.cc
@@ -113,7 +113,7 @@ int poll (struct pollfd* fds, nfds_t nfds, int)
 ssize_t recv (int, void *buf, size_t n, int)
 {
     if ( (s_rec_error_size == -1) ||
-        ( (s_rec_error_size != -1) && (s_rec_error_size == (int)n) ) )
+         (s_rec_error_size == (int)n) )
     {
         if ( s_rec_return_zero )
             return 0;

diff --git a/src/file_api/file_enforcer.cc b/src/file_api/file_enforcer.cc
index 43d7b72e2712b687d6061dfab9cf8de11c212e48..808f0f59c285c41b47c6478a14a395fcd16c509b 100644 (file)
--- a/src/file_api/file_enforcer.cc
+++ b/src/file_api/file_enforcer.cc
@@ -64,15 +64,13 @@ void FileEnforcer::update_file_node(FileNode* node, FileInfo* file)
 
 FileVerdict FileEnforcer::check_verdict(Flow* flow, FileNode* node, SFXHASH_NODE* hash_node)
 {
-    FileVerdict verdict = FILE_VERDICT_UNKNOWN;
-
     // Query the file policy in case verdict has been changed
     // Check file type first
     FilePolicy& inspect = FileService::get_inspect();
 
     assert(node->file);
 
-    verdict = inspect.type_lookup(flow, node->file);
+    FileVerdict verdict = inspect.type_lookup(flow, node->file);
 
     if ((verdict == FILE_VERDICT_UNKNOWN) ||
         (verdict == FILE_VERDICT_STOP_CAPTURE))

diff --git a/src/filters/sfrf.cc b/src/filters/sfrf.cc
index e1c580517fa1d36ec7804cac83269c482e2afda7..97173485c2c48878b927eaddc6e17868bc1987fd 100644 (file)
--- a/src/filters/sfrf.cc
+++ b/src/filters/sfrf.cc
@@ -785,7 +785,6 @@ static tSFRFTrackingNode* _getSFRFTrackingNode(
 {
     tSFRFTrackingNode* dynNode = NULL;
     tSFRFTrackingNodeKey key;
-    SFXHASH_NODE* hnode = NULL;
 
     /* Setup key */
     key.ip = *(ip);
@@ -796,7 +795,7 @@ static tSFRFTrackingNode* _getSFRFTrackingNode(
     /*
      * Check for any Permanent sid objects for this gid or add this one ...
      */
-    hnode = sfxhash_get_node(rf_hash, (void*)&key);
+    SFXHASH_NODE* hnode = sfxhash_get_node(rf_hash, (void*)&key);
     if ( hnode && hnode->data )
     {
         dynNode = (tSFRFTrackingNode*)hnode->data;

diff --git a/src/filters/sfthd.cc b/src/filters/sfthd.cc
index 949abca78378449fe7f6c13b8caac68ab66d83ad..3ed772d73ea0eec61b5bdc46d4b748b357d6d156 100644 (file)
--- a/src/filters/sfthd.cc
+++ b/src/filters/sfthd.cc
@@ -1237,7 +1237,6 @@ int sfthd_show_objects(ThresholdObjects* thd_objs)
     THD_NODE* sfthd_node;
     unsigned gen_id;
     SFGHASH_NODE* item_hash_node;
-    PolicyId policyId;
 
     for (gen_id=0; gen_id < THD_MAX_GENID; gen_id++ )
     {

diff --git a/src/flow/flow_control.cc b/src/flow/flow_control.cc
index bf0dc53b9c630050c92dd48e1aca2092ec10e623..4d11913dce633f291b150713a24fe28748ff3bf2 100644 (file)
--- a/src/flow/flow_control.cc
+++ b/src/flow/flow_control.cc
@@ -765,7 +765,7 @@ bool FlowControl::expected_flow(Flow* flow, Packet* p)
     {
         DebugFormat(DEBUG_STREAM_STATE,
             "Stream: Ignoring packet from %s. Marking flow marked as ignore.\n",
-            p->packet_flags & PKT_FROM_CLIENT ? "sender" : "responder");
+            (p->packet_flags & PKT_FROM_CLIENT) ? "sender" : "responder");
 
         flow->ssn_state.ignore_direction = ignore;
         DisableInspection();

diff --git a/src/hash/sfghash.cc b/src/hash/sfghash.cc
index 1a044ce12c91cc08f71f84700887139df278fbd2..850e434e1c23feaf1f442112090da0ec8a46bdb5 100644 (file)
--- a/src/hash/sfghash.cc
+++ b/src/hash/sfghash.cc
@@ -589,7 +589,7 @@ int main(int argc, char** argv)
 {
     int i;
     SFGHASH* t;
-    SFGHASH_NODE* n, * m;
+    SFGHASH_NODE* n;
     char str[256],* p;
     int num=100;
 

diff --git a/src/hash/sfxhash.cc b/src/hash/sfxhash.cc
index c692885ac3d1e782ae001fd2c8d744e5105e0b16..14095f3c9390e1be8741e00d4466015669a8b001 100644 (file)
--- a/src/hash/sfxhash.cc
+++ b/src/hash/sfxhash.cc
@@ -738,10 +738,9 @@ int sfxhash_add(SFXHASH* t, void* key, void* data)
 SFXHASH_NODE* sfxhash_get_node(SFXHASH* t, const void* key)
 {
     int index = 0;
-    SFXHASH_NODE* hnode = nullptr;
 
     /* Enforce uniqueness: Check for the key in the table */
-    hnode = sfxhash_find_node_row(t, key, &index);
+    SFXHASH_NODE* hnode = sfxhash_find_node_row(t, key, &index);
     if ( hnode )
     {
         t->cnode = hnode;

diff --git a/src/hash/test/lru_cache_shared_test.cc b/src/hash/test/lru_cache_shared_test.cc
index 94906bf044cde0665abae3889087e688af8cc7ee..a3c08c208e132f8407367b8c059b99934d9037a5 100644 (file)
--- a/src/hash/test/lru_cache_shared_test.cc
+++ b/src/hash/test/lru_cache_shared_test.cc
@@ -86,7 +86,6 @@ TEST(lru_cache_shared, insert_test)
 //  the capacity of the LruCache.
 TEST(lru_cache_shared, lru_removal_test)
 {
-    std::string data;
     LruCacheShared<int, std::string, std::hash<int> > lru_cache(5);
 
     for (int i = 0; i < 10; i++)

diff --git a/src/host_tracker/host_cache.cc b/src/host_tracker/host_cache.cc
index c7ec75f27896335ab0a6baaced278a42ae6548eb..ff3c7178d2c23b591dcc4bc8563e1bdb7257045f 100644 (file)
--- a/src/host_tracker/host_cache.cc
+++ b/src/host_tracker/host_cache.cc
@@ -35,8 +35,7 @@ void host_cache_add_host_tracker(HostTracker* ht)
     host_cache.insert((const uint8_t*) ht->get_ip_addr().get_ip6_ptr(), sptr);
 }
 
-// FIXIT-L ipaddr should probably be a reference
-bool host_cache_add_service(SfIp ipaddr, Protocol ipproto, Port port, const char* /*service*/)
+bool host_cache_add_service(const SfIp& ipaddr, Protocol ipproto, Port port, const char* /*service*/)
 {
     HostIpKey ipkey((const uint8_t*) ipaddr.get_ip6_ptr());
     uint16_t proto = 0; // FIXIT-M not safe with multithreads snort_conf->proto_ref->add(service));

diff --git a/src/host_tracker/host_cache.h b/src/host_tracker/host_cache.h
index d23bae4e1cd3fe8e07fa539738301fa0ae2eaf57..b59d17298f110ca2f4fb1a0e6cd712b5b524b6e0 100644 (file)
--- a/src/host_tracker/host_cache.h
+++ b/src/host_tracker/host_cache.h
@@ -69,7 +69,7 @@ extern LruCacheShared<HostIpKey, std::shared_ptr<HostTracker>, HashHostIpKey> ho
 void host_cache_add_host_tracker(HostTracker*);
 
 //  Insert a new service into host cache if it doesn't already exist.
-SO_PUBLIC bool host_cache_add_service(SfIp, Protocol, Port, const char* service);
+SO_PUBLIC bool host_cache_add_service(const SfIp&, Protocol, Port, const char* service);
 
 #endif
 

diff --git a/src/ips_options/ips_pcre.cc b/src/ips_options/ips_pcre.cc
index 5ca3b2ac7f2aa6c5d6aee7fb5c6bf766c5baff04..24848867c7df3f5ba1e5d0b1e258f0f0b1d8053a 100644 (file)
--- a/src/ips_options/ips_pcre.cc
+++ b/src/ips_options/ips_pcre.cc
@@ -292,7 +292,6 @@ static void pcre_parse(const char* data, PcreData* pcre_data)
             }
         }
 
-#ifdef PCRE_EXTRA_MATCH_LIMIT_RECURSION
         if ((SnortConfig::get_pcre_match_limit_recursion() != -1) &&
             !(pcre_data->options & SNORT_OVERRIDE_MATCH_LIMIT))
         {
@@ -308,7 +307,6 @@ static void pcre_parse(const char* data, PcreData* pcre_data)
                     SnortConfig::get_pcre_match_limit_recursion();
             }
         }
-#endif
     }
     else
     {
@@ -325,14 +323,12 @@ static void pcre_parse(const char* data, PcreData* pcre_data)
                 pcre_data->pe->match_limit = SnortConfig::get_pcre_match_limit();
             }
 
-#ifdef PCRE_EXTRA_MATCH_LIMIT_RECURSION
             if (SnortConfig::get_pcre_match_limit_recursion() != -1)
             {
                 pcre_data->pe->flags |= PCRE_EXTRA_MATCH_LIMIT_RECURSION;
                 pcre_data->pe->match_limit_recursion =
                     SnortConfig::get_pcre_match_limit_recursion();
             }
-#endif
         }
     }
 

diff --git a/src/ips_options/ips_replace.cc b/src/ips_options/ips_replace.cc
index affce34dc0e6a9c3a7deda5e21d56f68d1fa30eb..edf8ef143358549dcab5d8bdd09abe20a483abbc 100644 (file)
--- a/src/ips_options/ips_replace.cc
+++ b/src/ips_options/ips_replace.cc
@@ -48,7 +48,6 @@ using namespace std;
 static void replace_parse(const char* args, string& s)
 {
     bool negated;
-    std::string buf;
 
     if ( !parse_byte_code(args, negated, s) )
         return;

diff --git a/src/lua/lua_util.h b/src/lua/lua_util.h
index d4fba396bc8f81a0f531212c64bc02590e030d5c..0bbfbc6bdc3a5a7ee34ab91a3bb6d490062dddd1 100644 (file)
--- a/src/lua/lua_util.h
+++ b/src/lua/lua_util.h
@@ -34,7 +34,7 @@ const char* fmt_expected_message(const char* type);
 const char* fmt_range_message(unsigned min, unsigned max);
 
 inline void set_script_dir(
-    lua_State* L, const std::string varname, const std::string path)
+    lua_State* L, const std::string& varname, const std::string& path)
 {
     std::string dir = path.substr(0, path.rfind(LUA_DIR_SEP));
     lua_pushlstring(L, dir.c_str(), dir.size());

diff --git a/src/main/snort.cc b/src/main/snort.cc
index cd4ba582d66f32c504a9b0f5d9cbdca69ac793dc..d7a081090d1c2ea2aa489e6f53d02c2dc9c5fb87 100644 (file)
--- a/src/main/snort.cc
+++ b/src/main/snort.cc
@@ -772,6 +772,7 @@ DAQ_Verdict Snort::process_packet(
 // process (wire-only) packet verdicts here
 static DAQ_Verdict update_verdict(DAQ_Verdict verdict, int& inject)
 {
+    // FIXIT-M X PKT_RESIZED is a superset of PKT_MODIFIED, so this conditional is broken
     if ( Active::packet_was_dropped() and Active::can_block() )
     {
         if ( verdict == DAQ_VERDICT_PASS )

diff --git a/src/managers/connector_manager.cc b/src/managers/connector_manager.cc
index e37981fa0e1c4ee86d4669baa2270ed3eeeab9d7..ffa1ece32f8b97fd93e3ae4409b1c891da5dc1e8 100644 (file)
--- a/src/managers/connector_manager.cc
+++ b/src/managers/connector_manager.cc
@@ -98,7 +98,7 @@ void ConnectorManager::release_plugins()
     s_connector_commons.clear();
 }
 
-Connector* ConnectorManager::get_connector(const std::string connector_name)
+Connector* ConnectorManager::get_connector(const std::string& connector_name)
 {
     DebugFormat(DEBUG_SIDE_CHANNEL, "ConnectorManager::get_connector(): name: %s\n",
         connector_name.c_str());

diff --git a/src/managers/connector_manager.h b/src/managers/connector_manager.h
index 248489f34bc1246c146ce8a5f1f7159a157609d8..12920eed36b337938d143e2afd8bc1e083bc09fc 100644 (file)
--- a/src/managers/connector_manager.h
+++ b/src/managers/connector_manager.h
@@ -44,7 +44,7 @@ public:
     static void thread_term();
 
     /* get_connector() returns the thread-specific object. */
-    static Connector* get_connector(const std::string name);
+    static Connector* get_connector(const std::string& name);
 };
 
 #endif

diff --git a/src/managers/event_manager.cc b/src/managers/event_manager.cc
index 30cad90634dab58d713dbaf46a01d4424aacbe7b..42d5221a07d948f5a927617dd15cfea174de2281 100644 (file)
--- a/src/managers/event_manager.cc
+++ b/src/managers/event_manager.cc
@@ -193,7 +193,6 @@ void EventManager::instantiate(
     // override prior outputs
     // (last cmdline option wins)
     s_loggers.outputs.clear();
-    string tmp = name;
 
     const char* pfx = (sc->output_flags & OUTPUT_FLAG__ALERTS) ? "alert_" : "log_";
     Output* p = get_out(name, pfx);

diff --git a/src/managers/ffi_wrap.sh b/src/managers/ffi_wrap.sh
index 52b328af71c35bcead1a03c3d08ba48490187387..5d3bc00a592d8da30a99d91df31a991eacd290f9 100755 (executable)
--- a/src/managers/ffi_wrap.sh
+++ b/src/managers/ffi_wrap.sh
@@ -3,6 +3,6 @@
 cat << EOF
 ffi = require("ffi")
 ffi.cdef[[
-$(grep -v -e '^ *//' -e '^ *#' -e '^ *extern "C"' $1)
+$(sed -e '/^ *\/\//d' -e '/^ *#/d' -e '/^ *extern "C"/d' $1)
 ]]
 EOF

diff --git a/src/managers/plugin_manager.cc b/src/managers/plugin_manager.cc
index 957561a2990dadd5e680f28d9ea4014e7ef58353..ac70ab946f7c111d02bdf4a4a09052f765d78010 100644 (file)
--- a/src/managers/plugin_manager.cc
+++ b/src/managers/plugin_manager.cc
@@ -501,7 +501,7 @@ const BaseApi* PluginManager::get_api(PlugType type, const char* name)
 }
 
 #ifdef PIGLET
-PlugType PluginManager::get_type_from_name(std::string name)
+PlugType PluginManager::get_type_from_name(const std::string& name)
 {
     for ( auto it = plug_map.begin(); it != plug_map.end(); ++it )
     {

diff --git a/src/managers/plugin_manager.h b/src/managers/plugin_manager.h
index 6cbb0b7dfab992f105d6e128b7a4663a2a156d28..9885913d4afe251bcbb51e2194f199ca73c7473a 100644 (file)
--- a/src/managers/plugin_manager.h
+++ b/src/managers/plugin_manager.h
@@ -55,7 +55,7 @@ public:
 
     static const BaseApi* get_api(PlugType, const char* name);
 #ifdef PIGLET
-    static PlugType get_type_from_name(std::string);
+    static PlugType get_type_from_name(const std::string&);
 #endif
     static const char* get_current_plugin();
 

diff --git a/src/network_inspectors/appid/appid_config.cc b/src/network_inspectors/appid/appid_config.cc
index 5fa28a22b428171bda1481c50fb1a9feca9f66d2..1feca59ba39c189705b51c84639db052a3cbeeb3 100644 (file)
--- a/src/network_inspectors/appid/appid_config.cc
+++ b/src/network_inspectors/appid/appid_config.cc
@@ -192,8 +192,8 @@ void AppIdConfig::read_port_detectors(const char* files)
                 key = line;
                 *value = '\0';
                 value++;
-                for (; *value && *value == ' '; value++)
-                    ;
+                while (*value == ' ')
+                    value++;
 
                 if (strcasecmp(key, "ports") == 0)
                 {
@@ -204,8 +204,8 @@ void AppIdConfig::read_port_detectors(const char* files)
                     for (ptr = strtok_r(value, ",", &context); ptr; ptr = strtok_r(nullptr, ",",
                             &context))
                     {
-                        for (; *ptr && *ptr == ' '; ptr++)
-                            ;
+                        while (*ptr == ' ')
+                            ptr++;
                         len = strlen(ptr);
                         for (; len && ptr[len - 1] == ' '; len--)
                             ptr[len - 1] = 0;

diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc
index d8ba53114733390fe36b9d3871d6f2331199e5af..f6baaa62553aba047e1ccc6e101880c87c27dc03 100644 (file)
--- a/src/network_inspectors/appid/appid_session.cc
+++ b/src/network_inspectors/appid/appid_session.cc
@@ -1584,7 +1584,6 @@ void AppIdSession::do_application_discovery(Packet* p)
 
     asd->common.flags = flow_flags;
     asd->common.policyId = appIdPolicyId;
-    asd->common.policyId = appIdPolicyId;
 
     if (asd->get_session_flags(APPID_SESSION_IGNORE_FLOW))
     {

diff --git a/src/network_inspectors/appid/client_plugins/client_app_base.cc b/src/network_inspectors/appid/client_plugins/client_app_base.cc
index 631f9ef6449fe5fdbac6e37022a4ba210756f7b6..1966dfa03f1b7551de373d9ae76c45db2da9c6e7 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_app_base.cc
+++ b/src/network_inspectors/appid/client_plugins/client_app_base.cc
@@ -749,14 +749,13 @@ static ClientAppMatch* BuildClientPatternList(const Packet* pkt, IpProtocol prot
 
 static const RNAClientAppModule* GetNextFromClientPatternList(ClientAppMatch** match_list)
 {
-    ClientAppMatch* curr = nullptr;
     ClientAppMatch* prev = nullptr;
     ClientAppMatch* max_curr = nullptr;
     ClientAppMatch* max_prev = nullptr;
     unsigned max_count;
     unsigned max_precedence;
 
-    curr = *match_list;
+    ClientAppMatch* curr = *match_list;
     max_count = 0;
     max_precedence = 0;
     while (curr)

diff --git a/src/network_inspectors/appid/detector_plugins/detector_http.cc b/src/network_inspectors/appid/detector_plugins/detector_http.cc
index 35bb199b61e0169f759c5a09b2dc69385970ebf0..ccb8f797599b2058b468bb1aec63a363fee34940 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_http.cc
+++ b/src/network_inspectors/appid/detector_plugins/detector_http.cc
@@ -1123,7 +1123,7 @@ static void extractCHP(char* buf, int bs, int start, int psize, char* adata,  ch
         tmp = strchr(begin, *(adata+i));
         if (tmp)
         {
-            if ((!end) || (end && tmp < end))
+            if (!end || tmp < end)
                 end = tmp;
         }
     }
@@ -1135,7 +1135,7 @@ static void extractCHP(char* buf, int bs, int start, int psize, char* adata,  ch
         }
         if ((tmp = strchr(begin, 0x0a)))
         {
-            if ((!end) || (end && tmp < end))
+            if (!end || tmp < end)
                 end = tmp;
         }
     }
@@ -1495,7 +1495,7 @@ void identify_user_agent(const uint8_t* start, int size, AppId* serviceAppId, Ap
                 {
                     buffPtr = (uint8_t*)strstr((char*)start, (char*)APPLE_EMAIL_PATTERNS[i]);
                     appleEmailDetect  = ((uint8_t*)buffPtr &&
-                                    (i != 0 || (i == 0 && buffPtr == ((uint8_t*)start))));
+                                    (i != 0 || buffPtr == ((uint8_t*)start)));
                 }
                 if (appleEmailDetect)
                 {
@@ -1968,7 +1968,6 @@ AppId get_appid_from_url(char* host, char* url, char** version, char* referer, A
 
         if ( referer_len > 0 )
         {
-            data = nullptr;
             patterns[0].pattern = (uint8_t*)referer_start;
             patterns[0].patternSize = referer_len;
             patterns[1].pattern = (uint8_t*)referer_path;

diff --git a/src/network_inspectors/appid/detector_plugins/detector_smtp.cc b/src/network_inspectors/appid/detector_plugins/detector_smtp.cc
index 10add1c008fc7242e0c19b16e5f452e8c040c319..c01d8525f3714a5978afc20decc3a28f6148dba3 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_smtp.cc
+++ b/src/network_inspectors/appid/detector_plugins/detector_smtp.cc
@@ -622,7 +622,7 @@ static CLIENT_APP_RETCODE smtp_ca_validate(const uint8_t* data, uint16_t size, c
 #ifdef UNIT_TESTING
     if (app_id_debug_session_flag && currState != fd->state)
     {
-        DEBUG_WRAP(DebugMessage(DEBUG_APPID, "AppIdDbg %s SMTP client state %s\n", app_id_debug_session, stateName[fd->state]););
+        DEBUG_WRAP(DebugFormat(DEBUG_APPID, "AppIdDbg %s SMTP client state %s\n", app_id_debug_session, stateName[fd->state]););
         currState = fd->state;
     }
 #endif

diff --git a/src/network_inspectors/appid/lua_detector_api.cc b/src/network_inspectors/appid/lua_detector_api.cc
index 826222f2d76fb8f23c8799f0839bb458fa464e6a..9ce654007d845506af72b4d3d86afd869f96b66f 100644 (file)
--- a/src/network_inspectors/appid/lua_detector_api.cc
+++ b/src/network_inspectors/appid/lua_detector_api.cc
@@ -1526,10 +1526,10 @@ static inline int get_chp_pattern_type(lua_State* L, int index, PatternType* pat
 static inline int get_chp_pattern_data_and_size(lua_State* L, int index, char** pattern_data,
     size_t* pattern_size)
 {
-    const char* tmpString = nullptr; // Lua owns this pointer
+    const char* tmpString; // Lua owns this pointer
     *pattern_size = 0;
     *pattern_data = nullptr;
-    tmpString = lua_tolstring(L, index, &*pattern_size);
+    tmpString = lua_tolstring(L, index, pattern_size);
     // non-empty pattern required
     if (!tmpString || !*pattern_size)
     {
@@ -1556,7 +1556,7 @@ static inline int get_chp_action_type(lua_State* L, int index, ActionType* actio
 static inline int get_chp_action_data(lua_State* L, int index, char** action_data)
 {
     // An empty string is translated into a nullptr pointer because the action data is optional
-    const char* tmpString = nullptr; // Lua owns this pointer
+    const char* tmpString; // Lua owns this pointer
     size_t action_data_size = 0;
     tmpString = lua_tolstring(L, index, &action_data_size);
     if (action_data_size)
@@ -2082,7 +2082,7 @@ static int detector_add_rtmp_url(lua_State* L)
         ErrorMessage("Invalid host pattern string.");
         return 0;
     }
-    u_int8_t* hostPattern = (u_int8_t*)snort_strdup(tmpString);
+    uint8_t* hostPattern = (uint8_t*)snort_strdup(tmpString);
 
     /* Verify that path pattern is a valid string */
     size_t pathPatternSize = 0;
@@ -2093,7 +2093,7 @@ static int detector_add_rtmp_url(lua_State* L)
         snort_free(hostPattern);
         return 0;
     }
-    u_int8_t* pathPattern = (u_int8_t*)snort_strdup(tmpString);
+    uint8_t* pathPattern = (uint8_t*)snort_strdup(tmpString);
 
     /* Verify that scheme pattern is a valid string */
     size_t schemePatternSize;
@@ -2105,7 +2105,7 @@ static int detector_add_rtmp_url(lua_State* L)
         snort_free(hostPattern);
         return 0;
     }
-    u_int8_t* schemePattern = (u_int8_t*)snort_strdup(tmpString);
+    uint8_t* schemePattern = (uint8_t*)snort_strdup(tmpString);
 
     /* Verify that query pattern is a valid string */
     size_t queryPatternSize;
@@ -2114,7 +2114,7 @@ static int detector_add_rtmp_url(lua_State* L)
     if (tmpString  && queryPatternSize)
         queryPattern = (uint8_t*)snort_strdup(tmpString);
 
-    u_int32_t appId = lua_tointeger(L, index++);
+    uint32_t appId = lua_tointeger(L, index++);
 
     /* Allocate memory for data structures */
     DetectorAppUrlPattern* pattern =

diff --git a/src/network_inspectors/appid/lua_detector_module.cc b/src/network_inspectors/appid/lua_detector_module.cc
index ac14026be55ecacdb7b2354433d2c3b99b9d04ce..d3e7fb6ebf784b5fde811ad34e583e23e676c5bc 100644 (file)
--- a/src/network_inspectors/appid/lua_detector_module.cc
+++ b/src/network_inspectors/appid/lua_detector_module.cc
@@ -436,9 +436,8 @@ void LuaDetectorManager::load_detector(char* detector_filename, bool isCustom)
 
     if ( detector->packageInfo.server.initFunctionName.empty() )
     {
-        RNAClientAppModule* cam = nullptr;
         detector->client.appFpId = APP_ID_UNKNOWN;
-        cam = &detector->client.appModule;
+        RNAClientAppModule* cam = &detector->client.appModule;
         cam->name = detector->packageInfo.name.c_str();
         cam->proto = detector->packageInfo.proto;
         cam->validate = validate_client_application;
@@ -607,7 +606,7 @@ void LuaDetectorManager::list_lua_detectors()
         LogMessage("\tDetector %s: Lua Memory usage %zu kb\n", detector->name.c_str(), mem);
     }
 
-    LogMessage("Lua Stats total detectors: %lu\n", allocated_detectors.size());
+    LogMessage("Lua Stats total detectors: %zu\n", allocated_detectors.size());
     LogMessage("Lua Stats total memory usage %zu kb\n", totalMem);
 }
 

diff --git a/src/network_inspectors/appid/service_plugins/service_rshell.cc b/src/network_inspectors/appid/service_plugins/service_rshell.cc
index f4db2b6cd4d82453a2f1c8aa90bfd7a3186f8388..faf280b46f72aa4f265c4cbfe85394e60168d9d2 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_rshell.cc
+++ b/src/network_inspectors/appid/service_plugins/service_rshell.cc
@@ -133,7 +133,6 @@ static void rshell_free_state(void* data)
 
 static int rshell_validate(ServiceValidationArgs* args)
 {
-    ServiceRSHELLData* rd = nullptr;
     ServiceRSHELLData* tmp_rd = nullptr;
     int i = 0;
     uint32_t port = 0;
@@ -144,7 +143,7 @@ static int rshell_validate(ServiceValidationArgs* args)
     const int dir = args->dir;
     uint16_t size = args->size;
 
-    rd = (ServiceRSHELLData*)rshell_service_mod.api->data_get(asd,
+    ServiceRSHELLData* rd = (ServiceRSHELLData*)rshell_service_mod.api->data_get(asd,
         rshell_service_mod.flow_data_index);
     if (!rd)
     {

diff --git a/src/network_inspectors/reputation/reputation_inspect.cc b/src/network_inspectors/reputation/reputation_inspect.cc
index a40c227ece3a0c1afdf30a83a69241a46ed10a99..e0c41b12d23cac78473583ec69c110d47dd5d37c 100644 (file)
--- a/src/network_inspectors/reputation/reputation_inspect.cc
+++ b/src/network_inspectors/reputation/reputation_inspect.cc
@@ -227,7 +227,8 @@ static inline IPdecision GetReputation(ReputationConfig* config, IPrepInfo* repI
     return decision;
 }
 
-static bool ReputationDecisionPerLayer(ReputationConfig* config, Packet* p, ip::IpApi ip_api, IPdecision* decision_final)
+static bool ReputationDecisionPerLayer(ReputationConfig* config, Packet* p,
+        const ip::IpApi& ip_api, IPdecision* decision_final)
 {
     const SfIp* ip;
     IPdecision decision;

diff --git a/src/packet_io/trough.cc b/src/packet_io/trough.cc
index 2dfec97bc5f9fa0c0e143494eb0feb96a9272acd..ba5fbef6f1e72f93c1e5d7fb5f466d4f452eff2b 100644 (file)
--- a/src/packet_io/trough.cc
+++ b/src/packet_io/trough.cc
@@ -243,7 +243,7 @@ const char* Trough::get_next()
         return NULL;
 
     pcap = pcap_queue_iter->c_str();
-    pcap_queue_iter++;
+    ++pcap_queue_iter;
     /* If we've reached the end, reset the iterator if we have more
         loops to cover. */
     if (pcap_queue_iter == pcap_queue.cend() && pcap_loop_count > 1)

diff --git a/src/parser/mstring.cc b/src/parser/mstring.cc
index 5b7ca103a16ff4b1ba439e56cff51904e2f1c1c3..967b385c45ac05269d591950df72bd4e78c66020 100644 (file)
--- a/src/parser/mstring.cc
+++ b/src/parser/mstring.cc
@@ -37,32 +37,6 @@
 
 static char* mSplitAddTok(const char*, const int, const char*, const char);
 
-#ifdef TEST_MSTRING
-
-int main()
-{
-    char test[] = "\0\0\0\0\0\0\0\0\0CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0";
-    char find[] = "CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0";
-
-/*   char test[] = "\x90\x90\x90\x90\x90\x90\xe8\xc0\xff\xff\xff/bin/sh\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90";
-     char find[] = "\xe8\xc0\xff\xff\xff/bin/sh";  */
-    int i;
-    int toks;
-    int* shift;
-    int* skip;
-
-/*   shift=make_shift(find,sizeof(find)-1);
-     skip=make_skip(find,sizeof(find)-1); */
-
-    DebugFormat(DEBUG_PATTERN_MATCH,"%d\n",
-        mSearch(test, sizeof(test) - 1, find,
-        sizeof(find) - 1, shift, skip));
-
-    return 0;
-}
-
-#endif
-
 /****************************************************************
  *
  * Function: mSplit()

diff --git a/src/parser/parse_rule.cc b/src/parser/parse_rule.cc
index 6eed5d2723456b092cf9088672dde139f33a75c1..d2fbf91926b5854ef214c6a1242c58b06e1c88db 100644 (file)
--- a/src/parser/parse_rule.cc
+++ b/src/parser/parse_rule.cc
@@ -878,12 +878,12 @@ static void SetupRTNFuncList(RuleTreeNode* rtn)
          * been set so the PortToFunc call can determine which port testing
          * function to attach to the list
          */
-        PortToFunc(rtn, (rtn->flags & ANY_DST_PORT ? 1 : 0),
-            (rtn->flags & EXCEPT_DST_PORT ? 1 : 0), DST);
+        PortToFunc(rtn, (rtn->flags & ANY_DST_PORT) ? 1 : 0,
+            (rtn->flags & EXCEPT_DST_PORT) ? 1 : 0, DST);
 
         /* as above */
-        PortToFunc(rtn, (rtn->flags & ANY_SRC_PORT ? 1 : 0),
-            (rtn->flags & EXCEPT_SRC_PORT ? 1 : 0), SRC);
+        PortToFunc(rtn, (rtn->flags & ANY_SRC_PORT) ? 1 : 0,
+            (rtn->flags & EXCEPT_SRC_PORT) ? 1 : 0, SRC);
 
         /* link in the proper IP address detection function */
         AddrToFunc(rtn, SRC);

diff --git a/src/piglet/piglet_api.h b/src/piglet/piglet_api.h
index e33094eb62586f1276a89e3350c6d477f5b4eb9b..efe9e5d33327082507b286249408779343a5456f 100644 (file)
--- a/src/piglet/piglet_api.h
+++ b/src/piglet/piglet_api.h
@@ -47,7 +47,7 @@ struct Api;
 class SO_PUBLIC BasePlugin
 {
 public:
-    BasePlugin(Lua::State& lua, std::string t,
+    BasePlugin(Lua::State& lua, const std::string& t,
         Module* m = nullptr, SnortConfig* sc = nullptr) :
         L { lua.get_ptr() }, target { t },
         module { m }, snort_conf { sc } { }

diff --git a/src/piglet/piglet_utils.h b/src/piglet/piglet_utils.h
index 46a6b3eabb19f269ac2b33906a1fbda25ee5fa02..d03fa2f8d2774836bc257f675449bc0c55456c3f 100644 (file)
--- a/src/piglet/piglet_utils.h
+++ b/src/piglet/piglet_utils.h
@@ -63,7 +63,7 @@ struct Chunk
     std::string target;
     std::string buffer;
 
-    Chunk(std::string f, std::string t, std::string b) :
+    Chunk(const std::string& f, const std::string& t, const std::string& b) :
         filename { f }, target { t }, buffer { b } { }
 };
 

diff --git a/src/piglet_plugins/pp_so_rule.cc b/src/piglet_plugins/pp_so_rule.cc
index b8bee2307052f69f31be8cdb3699355c9d102021..9279d1f099ade7a22450dfc723ff965260d2561f 100644 (file)
--- a/src/piglet_plugins/pp_so_rule.cc
+++ b/src/piglet_plugins/pp_so_rule.cc
@@ -34,13 +34,13 @@
 class SoRulePiglet : public Piglet::BasePlugin
 {
 public:
-    SoRulePiglet(Lua::State&, std::string, Module*, SnortConfig*);
+    SoRulePiglet(Lua::State&, const std::string&, Module*, SnortConfig*);
     virtual ~SoRulePiglet() override;
     virtual bool setup() override;
 };
 
 SoRulePiglet::SoRulePiglet(
-    Lua::State& state, std::string target, Module* m, SnortConfig* sc) :
+    Lua::State& state, const std::string& target, Module* m, SnortConfig* sc) :
     BasePlugin(state, target, m, sc) { }
 
 SoRulePiglet::~SoRulePiglet() { }

diff --git a/src/piglet_plugins/pp_test.cc b/src/piglet_plugins/pp_test.cc
index fb4318fa7e4b3c01d0a72fba96fd05c3ea09d144..8b795cda99a59868fade3d887fe4b6c69e4bf652 100644 (file)
--- a/src/piglet_plugins/pp_test.cc
+++ b/src/piglet_plugins/pp_test.cc
@@ -43,7 +43,7 @@
 class TestPiglet : public Piglet::BasePlugin
 {
 public:
-    TestPiglet(Lua::State& state, std::string target) :
+    TestPiglet(Lua::State& state, const std::string& target) :
         BasePlugin(state, target) { }
 
     virtual bool setup() override;

diff --git a/src/ports/port_object.cc b/src/ports/port_object.cc
index 341688859e97bcbff3d3c2240040839247a056dc..43876734eef66739e5f7751c9b12a128206a571b 100644 (file)
--- a/src/ports/port_object.cc
+++ b/src/ports/port_object.cc
@@ -224,14 +224,13 @@ int PortObjectAddPortAny(PortObject* po)
  */
 PortObject* PortObjectDup(PortObject* po)
 {
-    PortObject* ponew = NULL;
     PortObjectItem* poi = NULL;
     PortObjectItem* poinew = NULL;
     SF_LNODE* lpos = NULL;
     int* prid = NULL;
     int* prule = NULL;
 
-    ponew = PortObjectNew();
+    PortObject* ponew = PortObjectNew();
     if ( !ponew )
         return nullptr;
 
@@ -280,12 +279,11 @@ PortObject* PortObjectDup(PortObject* po)
  */
 PortObject* PortObjectDupPorts(PortObject* po)
 {
-    PortObject* ponew = NULL;
     PortObjectItem* poi = NULL;
     PortObjectItem* poinew = NULL;
     SF_LNODE* lpos = NULL;
 
-    ponew = PortObjectNew();
+    PortObject* ponew = PortObjectNew();
     if ( !ponew )
         return nullptr;
 

diff --git a/src/ports/port_table.cc b/src/ports/port_table.cc
index 170e619fe0277cefa69e3bbcc4422d1df28729f4..ef9b3c7e55a37632ec9520919171133d0a723ca7 100644 (file)
--- a/src/ports/port_table.cc
+++ b/src/ports/port_table.cc
@@ -1156,7 +1156,7 @@ void RuleListSortUniq(SF_LIST* rl)
     int* currNode = NULL;
     unsigned uniqElements = 0;
     int* node = 0;
-    int* rlist = NULL;
+    int* rlist;
 
     rlist = RuleListToSortedArray(rl);
     if (!rlist )

diff --git a/src/profiler/memory_defs.h b/src/profiler/memory_defs.h
index 4cb75750e4cf031e400c81b1addd82a97079592b..ebfbb2e387ae6b870461a83d1914242ca953ec2c 100644 (file)
--- a/src/profiler/memory_defs.h
+++ b/src/profiler/memory_defs.h
@@ -159,7 +159,7 @@ struct MemoryTracker
     { stats.update_deallocs(n); }
 
     constexpr MemoryTracker() : stats() { }
-    constexpr MemoryTracker(CombinedMemoryStats stats) : stats(stats) { }
+    constexpr MemoryTracker(const CombinedMemoryStats &stats) : stats(stats) { }
 };
 
 #endif

diff --git a/src/profiler/profiler_defs.h b/src/profiler/profiler_defs.h
index 96fcf5ebb261b1ec20399c8998c31f1cf3b3a2fd..4a22e88add85104050a8377ff16229cd4511f86b 100644 (file)
--- a/src/profiler/profiler_defs.h
+++ b/src/profiler/profiler_defs.h
@@ -54,7 +54,7 @@ struct SO_PUBLIC ProfileStats
     ProfileStats& operator+=(const ProfileStats&);
 
     constexpr ProfileStats() : time(), memory() { }
-    constexpr ProfileStats(TimeProfilerStats time, MemoryTracker memory) :
+    constexpr ProfileStats(const TimeProfilerStats& time, const MemoryTracker& memory) :
         time(time), memory(memory) { }
 };
 

diff --git a/src/profiler/profiler_printer.h b/src/profiler/profiler_printer.h
index dc797b26d2d4fecc414d030c1f15d2d8a991062e..e2388496a7936421bbf69206ef4f80dc0a57dc1b 100644 (file)
--- a/src/profiler/profiler_printer.h
+++ b/src/profiler/profiler_printer.h
@@ -65,7 +65,7 @@ public:
     ProfilerPrinter(const StatsTable::Field* fields, const PrintFn print, const Sorter& sort) :
         fields(fields), print(print), sort(sort) { }
 
-    void print_table(std::string title, Entry& root, unsigned count, int max_depth = -1)
+    void print_table(const std::string& title, Entry& root, unsigned count, int max_depth = -1)
     {
         std::ostringstream ss;
 

diff --git a/src/protocols/ssl.h b/src/protocols/ssl.h
index bc355dc9f5bdbd238b69c61ba5e7c74e1ae337ed..2f040263ee049db7cb74e4f49ab0e78c91292b84 100644 (file)
--- a/src/protocols/ssl.h
+++ b/src/protocols/ssl.h
@@ -217,9 +217,9 @@ struct SSLv2_shello_t
     SSL_BAD_VER_FLAG | SSL_BAD_TYPE_FLAG | \
     SSL_TRAILING_GARB_FLAG | SSL_UNKNOWN_FLAG))
 
-#define SSL_HEARTBLEED_REQUEST 0x01
+#define SSL_HEARTBLEED_REQUEST  0x01
 #define SSL_HEARTBLEED_RESPONSE 0x02
-#define SSL_HEARTBLEED_UNKNOWN 0x03
+#define SSL_HEARTBLEED_UNKNOWN  0x04
 
 SO_PUBLIC uint32_t SSL_decode(
     const uint8_t* pkt, int size, uint32_t pktflags, uint32_t prevflags,

diff --git a/src/search_engines/acsmx2.cc b/src/search_engines/acsmx2.cc
index ba300003bbfa6da53f5e63bc036549e4fe7f50e4..577329011a822cca2ae0fd6c0cae06747bd70f69 100644 (file)
--- a/src/search_engines/acsmx2.cc
+++ b/src/search_engines/acsmx2.cc
@@ -425,9 +425,8 @@ static int List_PutNextState(ACSM_STRUCT2* acsm, int state, int input, int next_
 
     tnew->key        = input;
     tnew->next_state = next_state;
-    tnew->next       = 0;
-
     tnew->next = acsm->acsmTransTable[state];
+
     acsm->acsmTransTable[state] = tnew;
 
     acsm->acsmNumTrans++;
@@ -800,7 +799,7 @@ static int Conv_List_To_Full(ACSM_STRUCT2* acsm)
 static int Conv_Full_DFA_To_Sparse(ACSM_STRUCT2* acsm)
 {
     int cnt, m, k, i;
-    acstate_t* p, state, maxstates=0;
+    acstate_t* p, state;
     acstate_t** NextState = acsm->acsmNextState;
     acstate_t full[MAX_ALPHABET_SIZE];
 
@@ -817,9 +816,6 @@ static int Conv_Full_DFA_To_Sparse(ACSM_STRUCT2* acsm)
                 cnt++;
         }
 
-        if ( cnt > 0 )
-            maxstates++;
-
         if ( k== 0 || cnt > acsm->acsmSparseMaxRowNodes )
         {
             p = (acstate_t*)AC_MALLOC_DFA(sizeof(acstate_t)*(acsm->acsmAlphabetSize+2),

diff --git a/src/search_engines/bnfa_search.cc b/src/search_engines/bnfa_search.cc
index 0cdac331c8e5f1944fd1a5d74ec7e327cd58cd33..0ea284925adca28ed5a8efbaa16340462625445b 100644 (file)
--- a/src/search_engines/bnfa_search.cc
+++ b/src/search_engines/bnfa_search.cc
@@ -678,7 +678,9 @@ static int KcontainsJ(bnfa_trans_node_t* tk, bnfa_trans_node_t* tj)
  */
 static int _bnfa_opt_nfa(bnfa_struct_t* bnfa)
 {
+#if 0
     int cnt=0;
+#endif
     int k, fs, fr;
     bnfa_state_t* FailState = bnfa->bnfaFailState;
 
@@ -691,7 +693,9 @@ static int _bnfa_opt_nfa(bnfa_struct_t* bnfa)
         }
         if ( fr != fs )
         {
+#if 0
             cnt++;
+#endif
             FailState[ k ] = fs;
         }
     }

diff --git a/src/service_inspectors/dce_rpc/dce_smb_module.h b/src/service_inspectors/dce_rpc/dce_smb_module.h
index f9be762ac3597bc4c361e2cd4772daadca172f50..aa5caa2172837388759e8be3d7e550c6389b77e1 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_smb_module.h
+++ b/src/service_inspectors/dce_rpc/dce_smb_module.h
@@ -131,16 +131,16 @@ inline bool DCE2_GcSmbFingerprintClient(const dce2SmbProtoConf* sc)
 {
     if (sc == nullptr)
         return false;
-    return sc->smb_fingerprint_policy
-           & DCE2_SMB_FINGERPRINT_POLICY_CLIENT ? true : false;
+    return (sc->smb_fingerprint_policy
+           & DCE2_SMB_FINGERPRINT_POLICY_CLIENT) ? true : false;
 }
 
 inline bool DCE2_GcSmbFingerprintServer(const dce2SmbProtoConf* sc)
 {
     if (sc == nullptr)
         return false;
-    return sc->smb_fingerprint_policy
-           & DCE2_SMB_FINGERPRINT_POLICY_SERVER ? true : false;
+    return (sc->smb_fingerprint_policy
+           & DCE2_SMB_FINGERPRINT_POLICY_SERVER) ? true : false;
 }
 
 inline bool DCE2_GcIsLegacyMode(const dce2SmbProtoConf* sc)

diff --git a/src/service_inspectors/dce_rpc/dce_tcp.cc b/src/service_inspectors/dce_rpc/dce_tcp.cc
index 428d9f9b30070f92257aec1bcf77efffafe6fe9d..6c68db0986521e8d29b98cffb6644e08880ca6a6 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_tcp.cc
+++ b/src/service_inspectors/dce_rpc/dce_tcp.cc
@@ -74,13 +74,12 @@ static DCE2_TcpSsnData* set_new_dce2_tcp_session(Packet* p)
 
 static DCE2_TcpSsnData* dce2_create_new_tcp_session(Packet* p, dce2TcpProtoConf* config)
 {
-    DCE2_TcpSsnData* dce2_tcp_sess = nullptr;
     Profile profile(dce2_tcp_pstat_new_session);
 
     DebugMessage(DEBUG_DCE_TCP, "DCE over TCP packet detected\n");
     DebugMessage(DEBUG_DCE_TCP, "Creating new session\n");
 
-    dce2_tcp_sess = set_new_dce2_tcp_session(p);
+    DCE2_TcpSsnData* dce2_tcp_sess = set_new_dce2_tcp_session(p);
 
     if ( dce2_tcp_sess )
     {

diff --git a/src/service_inspectors/dce_rpc/dce_udp.cc b/src/service_inspectors/dce_rpc/dce_udp.cc
index 234e2c827cad4fecf6fb03c13e01892492e294c5..4097e0f0e8bdc3915c2d45a98a6610bc69ae655a 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_udp.cc
+++ b/src/service_inspectors/dce_rpc/dce_udp.cc
@@ -83,13 +83,12 @@ static DCE2_UdpSsnData* set_new_dce2_udp_session(Packet* p)
 
 static DCE2_UdpSsnData* dce2_create_new_udp_session(Packet* p, dce2UdpProtoConf* config)
 {
-    DCE2_UdpSsnData* dce2_udp_sess = nullptr;
     Profile profile(dce2_udp_pstat_new_session);
 
     DebugMessage(DEBUG_DCE_UDP, "DCE over UDP packet detected\n");
     DebugMessage(DEBUG_DCE_UDP, "Creating new session\n");
 
-    dce2_udp_sess = set_new_dce2_udp_session(p);
+    DCE2_UdpSsnData* dce2_udp_sess = set_new_dce2_udp_session(p);
 
     DCE2_ResetRopts(&dce2_udp_sess->sd.ropts);
 

diff --git a/src/service_inspectors/dce_rpc/ips_dce_iface.cc b/src/service_inspectors/dce_rpc/ips_dce_iface.cc
index 1477e5bd078b97fad1e2a27304fe6dd3627721bd..a6a0cef926586478df81689333c82f967a017b7e 100644 (file)
--- a/src/service_inspectors/dce_rpc/ips_dce_iface.cc
+++ b/src/service_inspectors/dce_rpc/ips_dce_iface.cc
@@ -199,7 +199,7 @@ static bool DCE2_ParseIface(char* token, Uuid* uuid)
 class Dce2IfaceOption : public IpsOption
 {
 public:
-    Dce2IfaceOption(RangeCheck iface_version, bool iface_any_frag, Uuid iface_uuid) :
+    Dce2IfaceOption(const RangeCheck& iface_version, bool iface_any_frag, const Uuid& iface_uuid) :
         IpsOption(s_name), version(iface_version), any_frag(iface_any_frag), uuid(iface_uuid)
     {
         memset(&pmd, 0, sizeof(pmd));

diff --git a/src/service_inspectors/dce_rpc/smb_message.cc b/src/service_inspectors/dce_rpc/smb_message.cc
index 04a2f7d1c10367ae24171a85a3e36540ba6345da..9e2fcac68520fe06cc19c0b74c66c6976c78aa71 100644 (file)
--- a/src/service_inspectors/dce_rpc/smb_message.cc
+++ b/src/service_inspectors/dce_rpc/smb_message.cc
@@ -1326,13 +1326,12 @@ static DCE2_SmbSsnData* set_new_dce2_smb_session(Packet* p)
 
 static DCE2_SmbSsnData* dce2_create_new_smb_session(Packet* p, dce2SmbProtoConf* config)
 {
-    DCE2_SmbSsnData* dce2_smb_sess = nullptr;
     Profile profile(dce2_smb_pstat_new_session);
 
        DebugMessage(DEBUG_DCE_SMB, "DCE over SMB packet detected\n");
        DebugMessage(DEBUG_DCE_SMB, "Creating new session\n");
 
-       dce2_smb_sess = set_new_dce2_smb_session(p);
+    DCE2_SmbSsnData* dce2_smb_sess = set_new_dce2_smb_session(p);
        if ( dce2_smb_sess )
        {
                dce2_smb_sess->dialect_index = DCE2_SENTINEL;

diff --git a/src/service_inspectors/dce_rpc/smb_message.h b/src/service_inspectors/dce_rpc/smb_message.h
index f68ebf9c0424a476263d7a3a7109d430358e8d36..f2728276b5a6621a3114ba07ae75e355a5b914d0 100644 (file)
--- a/src/service_inspectors/dce_rpc/smb_message.h
+++ b/src/service_inspectors/dce_rpc/smb_message.h
@@ -994,12 +994,12 @@ inline uint16_t SmbTransactionReqFid(const SmbTransactionReq* req)
 
 inline bool SmbTransactionReqDisconnectTid(const SmbTransactionReq* req)
 {
-    return alignedNtohs(&req->smb_flags) & 0x0001 ? true : false;
+    return (alignedNtohs(&req->smb_flags) & 0x0001) ? true : false;
 }
 
 inline bool SmbTransactionReqOneWay(const SmbTransactionReq* req)
 {
-    return alignedNtohs(&req->smb_flags) & 0x0002 ? true : false;
+    return (alignedNtohs(&req->smb_flags) & 0x0002) ? true : false;
 }
 
 inline uint8_t SmbTransactionReqSetupCnt(const SmbTransactionReq* req)

diff --git a/src/service_inspectors/dnp3/dnp3.cc b/src/service_inspectors/dnp3/dnp3.cc
index e8a5150760d52e87b4f063536efdda2d6d1225b1..ad46cefed17b9b02f6e6f40625dbbcf70bde42cc 100644 (file)
--- a/src/service_inspectors/dnp3/dnp3.cc
+++ b/src/service_inspectors/dnp3/dnp3.cc
@@ -119,7 +119,7 @@ static bool dnp3_process_udp(dnp3ProtoConf& config, dnp3_session_data_t* dnp3_se
 
         /* Calculate the actual length of data to inspect */
         user_data = link->len - DNP3_HEADER_REMAINDER_LEN;
-        num_crcs = 1 + (user_data/DNP3_CHUNK_SIZE) + (user_data % DNP3_CHUNK_SIZE ? 1 : 0);
+        num_crcs = 1 + (user_data/DNP3_CHUNK_SIZE) + ((user_data % DNP3_CHUNK_SIZE) ? 1 : 0);
         pdu_length = DNP3_MIN_LEN + link->len + (DNP3_CRC_SIZE*num_crcs);
 
         if (bytes_processed + pdu_length > p->dsize)

diff --git a/src/service_inspectors/dnp3/dnp3_paf.cc b/src/service_inspectors/dnp3/dnp3_paf.cc
index 4d0ef265f1c998896aa8642e60695f4763e72774..a224a667bce58ca240fdddc5775739ac9152685d 100644 (file)
--- a/src/service_inspectors/dnp3/dnp3_paf.cc
+++ b/src/service_inspectors/dnp3/dnp3_paf.cc
@@ -77,7 +77,7 @@ static StreamSplitter::Status dnp3_paf(dnp3_paf_data* pafdata, const uint8_t* da
             }
 
             user_data = pafdata->dnp3_length - DNP3_HEADER_REMAINDER_LEN;
-            num_crcs = 1 + (user_data/DNP3_CHUNK_SIZE) + (user_data % DNP3_CHUNK_SIZE ? 1 : 0);
+            num_crcs = 1 + (user_data/DNP3_CHUNK_SIZE) + ((user_data % DNP3_CHUNK_SIZE) ? 1 : 0);
             pafdata->real_length = pafdata->dnp3_length + (DNP3_CRC_SIZE*num_crcs);
 
             pafdata->paf_state = (dnp3_paf_state)(((int)pafdata->paf_state) + 1);

diff --git a/src/service_inspectors/dnp3/ips_dnp3_obj.cc b/src/service_inspectors/dnp3/ips_dnp3_obj.cc
index 6143148e9531ccaa0c56ddaa71999c165e033467..3ed919c02a0388fb6990096ccb7dee597bc3eebe 100644 (file)
--- a/src/service_inspectors/dnp3/ips_dnp3_obj.cc
+++ b/src/service_inspectors/dnp3/ips_dnp3_obj.cc
@@ -53,7 +53,6 @@ static int dnp3_decode_object(
     /* Decode group */
     group = *buf;
     buf++;
-    buflen--;
 
     /* Decode var */
     var = *buf;

diff --git a/src/service_inspectors/imap/imap.cc b/src/service_inspectors/imap/imap.cc
index 47dbe1732570b6b1c3bfb8ecc5334f7a2c37508e..a9957f8b746b8ff71bbbd41fe93ec578221ddb3b 100644 (file)
--- a/src/service_inspectors/imap/imap.cc
+++ b/src/service_inspectors/imap/imap.cc
@@ -587,11 +587,8 @@ static void IMAP_ProcessServerPacket(Packet* p, IMAPData* imap_ssn)
  */
 static void snort_imap(IMAP_PROTO_CONF* config, Packet* p)
 {
-    IMAPData* imap_ssn = NULL;
-    int pkt_dir;
-
     /* Attempt to get a previously allocated IMAP block. */
-    imap_ssn = get_session_data(p->flow);
+    IMAPData* imap_ssn = get_session_data(p->flow);
 
     if (imap_ssn == NULL)
     {
@@ -607,7 +604,7 @@ static void snort_imap(IMAP_PROTO_CONF* config, Packet* p)
         }
     }
 
-    pkt_dir = IMAP_Setup(p, imap_ssn);
+    int pkt_dir = IMAP_Setup(p, imap_ssn);
 
     if (pkt_dir == IMAP_PKT_FROM_CLIENT)
     {

diff --git a/src/service_inspectors/pop/pop.cc b/src/service_inspectors/pop/pop.cc
index 081f570e4f4ae4bb0ee612e709adc5c9156f79bb..231a88485b032b3949c02b41df024a7eb36f6ed0 100644 (file)
--- a/src/service_inspectors/pop/pop.cc
+++ b/src/service_inspectors/pop/pop.cc
@@ -524,11 +524,8 @@ static void POP_ProcessServerPacket(Packet* p, POPData* pop_ssn)
  */
 static void snort_pop(POP_PROTO_CONF* config, Packet* p)
 {
-    POPData* pop_ssn = NULL;
-    int pkt_dir;
-
     /* Attempt to get a previously allocated POP block. */
-    pop_ssn = get_session_data(p->flow);
+    POPData* pop_ssn = get_session_data(p->flow);
 
     if (pop_ssn == NULL)
     {
@@ -544,7 +541,7 @@ static void snort_pop(POP_PROTO_CONF* config, Packet* p)
         }
     }
 
-    pkt_dir = POP_Setup(p, pop_ssn);
+    int pkt_dir = POP_Setup(p, pop_ssn);
 
     if (pkt_dir == POP_PKT_FROM_CLIENT)
     {

diff --git a/src/service_inspectors/sip/sip_utils.cc b/src/service_inspectors/sip/sip_utils.cc
index f2d0454ece0f2669f6dcb8cd8c6df35ccdbebfd6..a96d469ad5b62e8f23ece382548578242e5731b6 100644 (file)
--- a/src/service_inspectors/sip/sip_utils.cc
+++ b/src/service_inspectors/sip/sip_utils.cc
@@ -120,9 +120,7 @@ int SIP_TrimSP(const char* start, const char* end, char** new_start, char** new_
 
 SIPMethodNode* SIP_FindMethod(SIPMethodlist methods, char* methodName, unsigned int length)
 {
-    SIPMethodNode* method = NULL;
-
-    method = methods;
+    SIPMethodNode* method = methods;
     while (NULL != method)
     {
         if ((length == strlen(method->methodName))&&

diff --git a/src/side_channel/test/side_channel_test.cc b/src/side_channel/test/side_channel_test.cc
index b7302b9ff6f7cfa0b81554388dda2fedeca25e5c..381f3edf9abaa4370496f71fe38d62ad34c2529d 100644 (file)
--- a/src/side_channel/test/side_channel_test.cc
+++ b/src/side_channel/test/side_channel_test.cc
@@ -123,7 +123,7 @@ void ConnectorManager::thread_term()
     delete duplex_connector;
 }
 
-Connector* ConnectorManager::get_connector(const std::string connector_name)
+Connector* ConnectorManager::get_connector(const std::string& connector_name)
 {
     if ( connector_name == "R" )
         return receive_connector;

diff --git a/src/utils/boyer_moore.cc b/src/utils/boyer_moore.cc
index 2fabe010f9ba33f713ce2e435e495b2b48cb514b..ea44850815e58a98165efecb847300f45844287b 100644 (file)
--- a/src/utils/boyer_moore.cc
+++ b/src/utils/boyer_moore.cc
@@ -56,31 +56,6 @@
 #include "main/snort_debug.h"
 #include "utils/util.h"
 
-#ifdef TEST_MSTRING
-int main()
-{
-    char test[] = "\0\0\0\0\0\0\0\0\0CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0";
-    char find[] = "CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0";
-
-/*   char test[] = "\x90\x90\x90\x90\x90\x90\xe8\xc0\xff\xff\xff/bin/sh\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90";
-     char find[] = "\xe8\xc0\xff\xff\xff/bin/sh";  */
-    int i;
-    int toks;
-    int* shift;
-    int* skip;
-
-/*   shift=make_shift(find,sizeof(find)-1);
-     skip=make_skip(find,sizeof(find)-1); */
-
-    DebugFormat(DEBUG_PATTERN_MATCH,"%d\n",
-        mSearch(test, sizeof(test) - 1, find,
-        sizeof(find) - 1, shift, skip));
-
-    return 0;
-}
-
-#endif
-
 /****************************************************************
  *
  *  Function: make_skip(char *, int)

diff --git a/src/utils/sfmemcap.cc b/src/utils/sfmemcap.cc
index edbb03017e0f909eabc6f722c3af6b86f7fe048b..c5cfd7618e0b105eb3e544a09c7947b33ba3b1da 100644 (file)
--- a/src/utils/sfmemcap.cc
+++ b/src/utils/sfmemcap.cc
@@ -128,11 +128,8 @@ void sfmemcap_showmem(MEMCAP* mc)
 */
 char* sfmemcap_SnortStrdup(MEMCAP* mc, const char* str)
 {
-    char* data = NULL;
-    int data_size;
-
-    data_size = strlen(str) + 1;
-    data = (char*)sfmemcap_alloc(mc, data_size);
+    int data_size = strlen(str) + 1;
+    char* data = (char*)sfmemcap_alloc(mc, data_size);
 
     if (data == NULL)
     {