diff options
| author | Petr Štetiar | 2019-12-16 12:56:29 +0000 |
|---|---|---|
| committer | Petr Štetiar | 2019-12-16 13:12:25 +0000 |
| commit | e284ed941972e850951cc11f8065dc4126079daa (patch) | |
| tree | ca0c42d84de96655cfe672e8c06244c3e69c441f | |
| parent | 7e53906663479eb5cc737f98f0f77acda7d87375 (diff) | |
| download | ucert-e284ed941972e850951cc11f8065dc4126079daa.tar.gz | |
cmake: enable hardening compiler flags and fix the reported issues
Lets enable some useful flags in order to spot possible issues during
QA on CI (GCC version 6 and higher). Fix warnings uncovered by this new
flags as reported by clang-9 on x86/64:
ucert.c:158:33: error: comparison of integers of different signs: 'unsigned long' and 'int' [-Werror,-Wsign-compare]
ucert.c:176:14: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
ucert.c:314:18: error: comparison of integers of different signs: '__time_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
ucert.c:315:18: error: comparison of integers of different signs: '__time_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
ucert.c:557:17: error: comparison of integers of different signs: '__time_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
Ref: https://developers.redhat.com/blog/2018/03/21/compiler-and-linker-flags-gcc/
Signed-off-by: Petr Štetiar <ynezz@true.cz>
| -rw-r--r-- | CMakeLists.txt | 8 | ||||
| -rw-r--r-- | ucert.c | 18 |
2 files changed, 18 insertions, 8 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 14888ac..436abc6 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,7 +1,13 @@ cmake_minimum_required(VERSION 2.6) PROJECT(ucert C) -ADD_DEFINITIONS(-Os -ggdb -Wall --std=gnu99 -Wmissing-declarations) + +ADD_DEFINITIONS(-Wall -Werror) +IF(CMAKE_C_COMPILER_VERSION VERSION_GREATER 6) + ADD_DEFINITIONS(-Wextra -Werror=implicit-function-declaration) + ADD_DEFINITIONS(-Wformat -Werror=format-security -Werror=format-nonliteral) +ENDIF() +ADD_DEFINITIONS(-Os -std=gnu99 -ggdb -Wmissing-declarations -Wno-unused-parameter) SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "") @@ -48,9 +48,13 @@ static enum { static bool quiet; #ifndef UCERT_STRIP_MESSAGES -#define DPRINTF(format, ...) if (!quiet) fprintf(stderr, "%s(%d): " format, __func__, __LINE__, ## __VA_ARGS__) +#define DPRINTF(format, ...) \ + do { \ + if (!quiet) \ + fprintf(stderr, "%s(%d): " format, __func__, __LINE__, ## __VA_ARGS__); \ + } while (0) #else -#define DPRINTF(format, ...) +#define DPRINTF(format, ...) do { } while (0) #endif /* @@ -133,7 +137,7 @@ static int cert_load(const char *certfile, struct list_head *chain) { struct cert_object *cobj; char filebuf[CERT_BUF_LEN]; int ret = 0, pret = 0; - int len, pos = 0; + size_t len, pos = 0; f = fopen(certfile, "r"); if (!f) @@ -269,8 +273,8 @@ static int chain_verify(const char *msgfile, const char *pubkeyfile, list_for_each_entry(cobj, chain, list) { /* blob has payload, verify that using signature */ if (cobj->cert[CERT_ATTR_PAYLOAD]) { - uint64_t validfrom; - uint64_t expiresat; + time_t validfrom; + time_t expiresat; uint32_t certtype; ret = cert_verify_blob(cobj->cert, chainedpubkey[0]?chainedpubkey:pubkeyfile, pubkeydir); @@ -499,8 +503,8 @@ static int cert_process_revoker(const char *certfile, const char *pubkeydir) { struct blob_attr *payloadtb[CERT_PL_ATTR_MAX]; struct stat st; struct timeval tv; - uint64_t validfrom; - uint32_t certtype; + time_t validfrom; + enum certtype_id certtype; char *fingerprint; char rfname[512]; |