From: Willem Toorop <willem@NLnetLabs.nl>
Date: Tue, 11 Sep 2012 08:39:50 +0000 (+0000)
Subject: Make splint happy
X-Git-Tag: release-1.6.14rc1~33
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=59191e965b3f159939abea5ccaa966183fa249ef;p=thirdparty%2Fldns.git

Make splint happy
---

diff --git a/Makefile.in b/Makefile.in
index 7a0d2e1a..693d71fe 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -370,7 +370,8 @@ distclean: realclean
 
 ## No need for changes here
 
-lint: @LINT_DRILL@ @LINT_EXAMPLES@
+lint: lint-lib @LINT_DRILL@ @LINT_EXAMPLES@
+lint-lib:
 	for i in $(srcdir)/*.c; do \
 		$(LINT) $(LINTFLAGS) -I. -I$(srcdir) $(srcdir)/$$i ; \
 		if test $$? -ne 0 ; then exit 1 ; fi ; \
diff --git a/dane.c b/dane.c
index a44be8a7..54561e01 100644
--- a/dane.c
+++ b/dane.c
@@ -27,8 +27,8 @@
 #endif
 
 ldns_status
-ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner,
-		const ldns_rdf* name, int port, ldns_dane_transport transport)
+ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, const ldns_rdf* name,
+		uint16_t port, ldns_dane_transport transport)
 {
 	char buf[LDNS_MAX_DOMAINLEN];
 	size_t s;
@@ -37,20 +37,20 @@ ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner,
 	assert(name != NULL);
 	assert(ldns_rdf_get_type(name) == LDNS_RDF_TYPE_DNAME);
 
-	s = snprintf(buf, LDNS_MAX_DOMAINLEN, "X_%d", port);
-	buf[0] = s - 1;
+	s = (size_t)snprintf(buf, LDNS_MAX_DOMAINLEN, "X_%d", (int)port);
+	buf[0] = (char)(s - 1);
 
 	switch(transport) {
 	case LDNS_DANE_TRANSPORT_TCP:
-		s += snprintf(&buf[s], LDNS_MAX_DOMAINLEN, "\004_tcp");
+		s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_tcp");
 		break;
 	
 	case LDNS_DANE_TRANSPORT_UDP:
-		s += snprintf(&buf[s], LDNS_MAX_DOMAINLEN, "\004_udp");
+		s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_udp");
 		break;
 
 	case LDNS_DANE_TRANSPORT_SCTP:
-		s += snprintf(&buf[s], LDNS_MAX_DOMAINLEN, "\005_sctp");
+		s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\005_sctp");
 		break;
 	
 	default:
@@ -75,12 +75,12 @@ ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
 		ldns_tlsa_matching_type matching_type)
 {
 	unsigned char* buf = NULL;
-	int len;
+	size_t len;
 
 	X509_PUBKEY* xpubkey;
 	EVP_PKEY* epubkey;
 
-	uint8_t* digest;
+	unsigned char* digest;
 
 	assert(rdf != NULL);
 	assert(cert != NULL);
@@ -88,12 +88,14 @@ ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
 	switch(selector) {
 	case LDNS_TLSA_SELECTOR_FULL_CERTIFICATE:
 
-		len = i2d_X509(cert, &buf);
+		len = (size_t)i2d_X509(cert, &buf);
 		break;
 
 	case LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO:
 
+#ifndef S_SPLINT_S
 		xpubkey = X509_get_X509_PUBKEY(cert);
+#endif
 		if (! xpubkey) {
 			return LDNS_STATUS_SSL_ERR;
 		}
@@ -101,7 +103,7 @@ ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
 		if (! epubkey) {
 			return LDNS_STATUS_SSL_ERR;
 		}
-		len = i2d_PUBKEY(epubkey, &buf);
+		len = (size_t)i2d_PUBKEY(epubkey, &buf);
 		break;
 	
 	default:
@@ -118,12 +120,12 @@ ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
 	
 	case LDNS_TLSA_MATCHING_TYPE_SHA256:
 
-		digest = LDNS_XMALLOC(uint8_t, SHA256_DIGEST_LENGTH);
+		digest = LDNS_XMALLOC(unsigned char, SHA256_DIGEST_LENGTH);
 		if (digest == NULL) {
 			LDNS_FREE(buf);
 			return LDNS_STATUS_MEM_ERR;
 		}
-		(void) ldns_sha256(buf, len, digest);
+		(void) ldns_sha256(buf, (unsigned int)len, digest);
 		*rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, SHA256_DIGEST_LENGTH,
 				digest);
 		LDNS_FREE(buf);
@@ -133,12 +135,12 @@ ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
 
 	case LDNS_TLSA_MATCHING_TYPE_SHA512:
 
-		digest = LDNS_XMALLOC(uint8_t, SHA512_DIGEST_LENGTH);
+		digest = LDNS_XMALLOC(unsigned char, SHA512_DIGEST_LENGTH);
 		if (digest == NULL) {
 			LDNS_FREE(buf);
 			return LDNS_STATUS_MEM_ERR;
 		}
-		(void) ldns_sha512(buf, len, digest);
+		(void) ldns_sha512(buf, (unsigned int)len, digest);
 		*rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, SHA512_DIGEST_LENGTH,
 				digest);
 		LDNS_FREE(buf);
@@ -468,7 +470,7 @@ ldns_dane_create_tlsa_rr(ldns_rr** tlsa,
 
 	s = ldns_dane_cert2rdf(&rdf, cert, selector, matching_type);
 	if (s == LDNS_STATUS_OK) {
-		ldns_rr_set_rdf(*tlsa, rdf, 3);
+		(void) ldns_rr_set_rdf(*tlsa, rdf, 3);
 		return LDNS_STATUS_OK;
 	}
 	ldns_rr_free(*tlsa);
@@ -537,7 +539,7 @@ ldns_dane_match_any_cert_with_data(STACK_OF(X509)* chain,
 	size_t n, i;
 	X509* cert;
 
-	n = sk_X509_num(chain);
+	n = (size_t)sk_X509_num(chain);
 	for (i = 0; i < n; i++) {
 		cert = sk_X509_pop(chain);
 		if (! cert) {
diff --git a/dnssec_verify.c b/dnssec_verify.c
index 1af7f182..66af22e7 100644
--- a/dnssec_verify.c
+++ b/dnssec_verify.c
@@ -286,10 +286,10 @@ ldns_dnssec_build_data_chain(ldns_resolver *res,
 
 	bool other_rrset = false;
 
-	assert(pkt != NULL);
-	
 	ldns_dnssec_data_chain *new_chain = ldns_dnssec_data_chain_new();
 
+	assert(pkt != NULL);
+
 	if (!ldns_dnssec_pkt_has_rrsigs(pkt)) {
 		/* hmm. no dnssec data in the packet. go up to try and deny
 		 * DS? */
diff --git a/examples/ldns-dane.c b/examples/ldns-dane.c
index 622c2020..334df861 100644
--- a/examples/ldns-dane.c
+++ b/examples/ldns-dane.c
@@ -204,7 +204,7 @@ get_ssl_cert_chain(X509** cert, STACK_OF(X509)** extra_certs, SSL* ssl,
 		s = LDNS_STATUS_NETWORK_ERR;
 		goto error;
 	}
-	if (connect(sock, (struct sockaddr*)a, a_len) == -1) {
+	if (connect(sock, (struct sockaddr*)a, (socklen_t)a_len) == -1) {
 		s = LDNS_STATUS_NETWORK_ERR;
 		goto error;
 	}
@@ -215,7 +215,7 @@ get_ssl_cert_chain(X509** cert, STACK_OF(X509)** extra_certs, SSL* ssl,
 		goto error;
 	}
 	SSL_set_connect_state(ssl);
-	SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+	(void) SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
 	if (! SSL_set_fd(ssl, sock)) {
 		close(sock);
 		s = LDNS_STATUS_SSL_ERR;
@@ -685,7 +685,7 @@ main(int argc, char **argv)
 
 	char*         name_str;
 	ldns_rdf*     name;
-	int           port;
+	uint16_t      port;
 
 	ldns_resolver* res            = NULL;
 	ldns_rdf*      tlsa_owner     = NULL;
@@ -838,7 +838,7 @@ main(int argc, char **argv)
 	s = ldns_str2rdf_dname(&name, name_str);
 	LDNS_ERR(s, "could not ldns_str2rdf_dname");
 
-	port = usage_within_range(argv[1], 65535, "port");
+	port = (uint16_t) usage_within_range(argv[1], 65535, "port");
 
 	s = ldns_dane_create_tlsa_owner(&tlsa_owner, name, port, transport);
 	LDNS_ERR(s, "could not create TLSA owner name");
@@ -959,7 +959,9 @@ main(int argc, char **argv)
 		if (! cert) {
 			ssl_err("could not SSL_get_certificate");
 		}
+#ifndef S_SPLINT_S
 		extra_certs = ctx->extra_certs;
+#endif
 
 		switch (mode) {
 		case CREATE: dane_create(tlsas, tlsa_owner, certificate_usage,
diff --git a/host2str.c b/host2str.c
index 45e647b7..b31cd05a 100644
--- a/host2str.c
+++ b/host2str.c
@@ -1666,6 +1666,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
 	uint16_t i;
 #  endif
 	/* not used when ssl is not defined */
+	/*@unused@*/
 	ldns_rdf *b64_bignum = NULL;
 
 	RSA *rsa;
diff --git a/ldns/dane.h b/ldns/dane.h
index 13c8951d..de191a83 100644
--- a/ldns/dane.h
+++ b/ldns/dane.h
@@ -92,7 +92,8 @@ typedef enum ldns_enum_dane_transport ldns_dane_transport;
  * \return LDNS_STATUS_OK on success or an error code otherwise.
  */
 ldns_status ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner,
-		const ldns_rdf* name, int port, ldns_dane_transport transport);
+		const ldns_rdf* name, uint16_t port,
+		ldns_dane_transport transport);
 
 
 #if LDNS_BUILD_CONFIG_HAVE_SSL