diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d33d21c61..b76d6dd3d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -137,3 +137,41 @@ jobs: run: sudo make install - name: run regression tests run: make test-regression + + cppcheck: + runs-on: [ubuntu-24.04] + container: + image: debian:sid + steps: + - name: Setup Dependencies + run: | + apt-get update -y -qq + apt-get install -y --no-install-recommends build-essential \ + autoconf \ + automake \ + libtool \ + pkg-config \ + cppcheck \ + apache2-dev \ + libpcre2-dev \ + libapr1-dev \ + libaprutil1-dev \ + libxml2-dev \ + liblua5.3-dev \ + libyajl-dev \ + libfuzzy-dev \ + ssdeep \ + curl \ + ca-certificates + - uses: actions/checkout@v4 + with: + submodules: false + fetch-depth: 0 + - name: configure + run: | + ./autogen.sh + ./configure --with-apxs=/usr/bin/apxs + - name: cppcheck + run: | + make check-static + diff --git a/Makefile.am b/Makefile.am old mode 100644 new mode 100755 index 3a0e59ba2..45589dd08 --- a/Makefile.am +++ b/Makefile.am @@ -40,7 +40,27 @@ test-regression-nginx: cppcheck: - cppcheck . --enable=all --force 2>&1 | sed 's/^/warning: /g' 1>&2; + @cppcheck \ + -j `getconf _NPROCESSORS_ONLN 2>/dev/null || sysctl -n hw.ncpu || echo 1` \ + --enable=all \ + --force \ + --verbose \ + --library=gnu \ + --library=posix \ + --std=c++17 \ + -I ./apache2 \ + -I /usr/include/libxml2 \ + -I @APXS_INCLUDEDIR@ \ + -I @APR_INCLUDEDIR@ \ + -I @APU_INCLUDEDIR@ \ + --suppressions-list=./tests/cppcheck_suppressions.txt \ + --inline-suppr \ + --inconclusive \ + --template="warning: {file},{line},{severity},{id},{message}" \ + --error-exitcode=1 \ + standalone/ + +check-static: cppcheck check-coding-style: for i in `(find . -iname "*.c" ; find . -iname "*.h")`; \ diff --git a/autogen.sh b/autogen.sh index 3d51987ae..79f8bb866 100755 --- a/autogen.sh +++ b/autogen.sh @@ -9,7 +9,7 @@ rm -rf autom4te.cache rm -f aclocal.m4 case `uname` in Darwin*) glibtoolize --force --copy ;; *) libtoolize --force --copy ;; esac -autoreconf --install +autoreconf --install --force autoheader automake --add-missing --foreign --copy --force-missing autoconf --force diff --git a/standalone/api.c b/standalone/api.c index 438e98df4..aaf6db411 100644 --- a/standalone/api.c +++ b/standalone/api.c @@ -180,7 +180,6 @@ apr_status_t ap_http_in_filter(ap_filter_t *f, apr_bucket_brigade *bb_out, int is_eos = 0; apr_bucket_brigade *bb_in; apr_bucket *after; - apr_status_t rv; bb_in = modsecGetBodyBrigade(f->r); @@ -191,7 +190,7 @@ apr_status_t ap_http_in_filter(ap_filter_t *f, apr_bucket_brigade *bb_out, APR_BRIGADE_INSERT_TAIL(bb_in, e); } - rv = apr_brigade_partition(bb_in, readbytes, &after); + apr_status_t rv = apr_brigade_partition(bb_in, readbytes, &after); if (rv != APR_SUCCESS && rv != APR_INCOMPLETE) { return rv; } @@ -278,15 +277,15 @@ const char *modsecProcessConfig(directory_config *config, const char *file, cons if(dir[li] != '/' && dir[li] != '\\') #ifdef WIN32 - file = apr_pstrcat(config->mp, dir, "\\", file, NULL); + file = apr_pstrcat(config->mp, dir, "\\", file, (char *)NULL); #else - file = apr_pstrcat(config->mp, dir, "/", file, NULL); + file = apr_pstrcat(config->mp, dir, "/", file, (char *)NULL); #endif else - file = apr_pstrcat(config->mp, dir, file, NULL); + file = apr_pstrcat(config->mp, dir, file, (char *)NULL); } else if (APR_EBADPATH == status) { - return apr_pstrcat(config->mp, "Config file has a bad path, ", file, NULL); + return apr_pstrcat(config->mp, "Config file has a bad path, ", file, (char *)NULL); } apr_pool_create(&ptemp, config->mp); @@ -403,7 +402,7 @@ request_rec *modsecNewRequest(conn_rec *connection, directory_config *config) static modsec_rec *retrieve_msr(request_rec *r) { modsec_rec *msr = NULL; - request_rec *rx = NULL; + const request_rec *rx = NULL; /* Look in the current request first. */ msr = (modsec_rec *)apr_table_get(r->notes, NOTE_MSR); diff --git a/standalone/api.h b/standalone/api.h index ea4e68817..fbed33a16 100644 --- a/standalone/api.h +++ b/standalone/api.h @@ -58,7 +58,7 @@ void modsecInitProcess(); conn_rec *modsecNewConnection(); void modsecProcessConnection(conn_rec *c); -int modsecFinishConnection(conn_rec *c); +int modsecFinishConnection(conn_rec *c); request_rec *modsecNewRequest(conn_rec *connection, directory_config *config); @@ -86,22 +86,40 @@ void modsecSetLogHook(void *obj, void (*hook)(void *obj, int level, char *str)); static inline void modsecSetBodyBrigade(request_rec *r, apr_bucket_brigade *b) { +#ifdef __cplusplus + apr_table_setn(r->notes, NOTE_MSR_BRIGADE_REQUEST, reinterpret_cast(b)); //NOSONAR +#else apr_table_setn(r->notes, NOTE_MSR_BRIGADE_REQUEST, (char *)b); +#endif }; -static inline apr_bucket_brigade * -modsecGetBodyBrigade(request_rec *r) { +static inline apr_bucket_brigade * modsecGetBodyBrigade(const request_rec *r) { +#ifdef __cplusplus + return reinterpret_cast( + const_cast(apr_table_get(r->notes, NOTE_MSR_BRIGADE_REQUEST)) + ); +#else return (apr_bucket_brigade *)apr_table_get(r->notes, NOTE_MSR_BRIGADE_REQUEST); +#endif }; static inline void modsecSetResponseBrigade(request_rec *r, apr_bucket_brigade *b) { +#ifdef __cplusplus + apr_table_setn(r->notes, NOTE_MSR_BRIGADE_RESPONSE, reinterpret_cast(b)); //NOSONAR +#else apr_table_setn(r->notes, NOTE_MSR_BRIGADE_RESPONSE, (char *)b); +#endif }; -static inline apr_bucket_brigade * -modsecGetResponseBrigade(request_rec *r) { +static inline apr_bucket_brigade * modsecGetResponseBrigade(const request_rec *r) { +#ifdef __cplusplus + return reinterpret_cast( + const_cast(apr_table_get(r->notes, NOTE_MSR_BRIGADE_RESPONSE)) + ); +#else return (apr_bucket_brigade *)apr_table_get(r->notes, NOTE_MSR_BRIGADE_RESPONSE); +#endif }; void modsecSetReadBody(apr_status_t (*func)(request_rec *r, char *buf, unsigned int length, unsigned int *readcnt, int *is_eos)); @@ -121,7 +139,7 @@ const char *modsecIsServerSignatureAvailale(void); #ifdef VERSION_IIS void modsecStatusEngineCall(void); -void modsecReportRemoteLoadedRules(void); +void modsecReportRemoteLoadedRules(void); #endif #ifdef __cplusplus diff --git a/standalone/buckets.c b/standalone/buckets.c index 755581d6d..270df56bd 100644 --- a/standalone/buckets.c +++ b/standalone/buckets.c @@ -57,7 +57,7 @@ AP_DECLARE(apr_status_t) ap_pass_brigade(ap_filter_t *next, apr_bucket_brigade *bb) { if (next) { - apr_bucket *e; + const apr_bucket *e; if ((e = APR_BRIGADE_LAST(bb)) && APR_BUCKET_IS_EOS(e) && next->r) { /* This is only safe because HTTP_HEADER filter is always in * the filter stack. This ensures that there is ALWAYS a @@ -89,7 +89,7 @@ AP_DECLARE(apr_status_t) ap_save_brigade(ap_filter_t *f, apr_bucket_brigade **b, apr_pool_t *p) { apr_bucket *e; - apr_status_t rv, srv = APR_SUCCESS; + apr_status_t srv = APR_SUCCESS; /* If have never stored any data in the filter, then we had better * create an empty bucket brigade so that we can concat. @@ -98,11 +98,12 @@ AP_DECLARE(apr_status_t) ap_save_brigade(ap_filter_t *f, *saveto = apr_brigade_create(p, f->c->bucket_alloc); } - for (e = APR_BRIGADE_FIRST(*b); - e != APR_BRIGADE_SENTINEL(*b); + const apr_bucket_brigade *bb = *b; + for (e = APR_BRIGADE_FIRST(bb); + e != APR_BRIGADE_SENTINEL(bb); e = APR_BUCKET_NEXT(e)) { - rv = apr_bucket_setaside(e, p); + apr_status_t rv = apr_bucket_setaside(e, p); /* If the bucket type does not implement setaside, then * (hopefully) morph it into a bucket type which does, and set diff --git a/standalone/config.c b/standalone/config.c index 6133e7d7e..313434b34 100644 --- a/standalone/config.c +++ b/standalone/config.c @@ -533,7 +533,7 @@ static const char *invoke_cmd(const command_rec *cmd, cmd_parms *parms, const char *errmsg = NULL; if ((parms->override & cmd->req_override) == 0) - return apr_pstrcat(parms->pool, cmd->name, " not allowed here", NULL); + return apr_pstrcat(parms->pool, cmd->name, " not allowed here", (char *)NULL); parms->info = cmd->cmd_data; parms->cmd = cmd; @@ -565,7 +565,7 @@ static const char *invoke_cmd(const command_rec *cmd, cmd_parms *parms, case NO_ARGS: if (*args != 0) return apr_pstrcat(parms->pool, cmd->name, " takes no arguments", - NULL); + (char *)NULL); return cmd->AP_NO_ARGS(parms, mconfig); @@ -574,7 +574,7 @@ static const char *invoke_cmd(const command_rec *cmd, cmd_parms *parms, if (*w == '\0' || *args != 0) return apr_pstrcat(parms->pool, cmd->name, " takes one argument", - cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL); + cmd->errmsg ? ", " : NULL, cmd->errmsg, (char *)NULL); return cmd->AP_TAKE1(parms, mconfig, w); @@ -584,7 +584,7 @@ static const char *invoke_cmd(const command_rec *cmd, cmd_parms *parms, if (*w == '\0' || *w2 == '\0' || *args != 0) return apr_pstrcat(parms->pool, cmd->name, " takes two arguments", - cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL); + cmd->errmsg ? ", " : NULL, cmd->errmsg, (char *)NULL); return cmd->AP_TAKE2(parms, mconfig, w, w2); @@ -594,7 +594,7 @@ static const char *invoke_cmd(const command_rec *cmd, cmd_parms *parms, if (*w == '\0' || *args != 0) return apr_pstrcat(parms->pool, cmd->name, " takes 1-2 arguments", - cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL); + cmd->errmsg ? ", " : NULL, cmd->errmsg, (char *)NULL); return cmd->AP_TAKE2(parms, mconfig, w, *w2 ? w2 : NULL); @@ -605,7 +605,7 @@ static const char *invoke_cmd(const command_rec *cmd, cmd_parms *parms, if (*w == '\0' || *w2 == '\0' || *w3 == '\0' || *args != 0) return apr_pstrcat(parms->pool, cmd->name, " takes three arguments", - cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL); + cmd->errmsg ? ", " : NULL, cmd->errmsg, (char *)NULL); return cmd->AP_TAKE3(parms, mconfig, w, w2, w3); @@ -617,7 +617,7 @@ static const char *invoke_cmd(const command_rec *cmd, cmd_parms *parms, if (*w == '\0' || *w2 == '\0' || *args != 0) return apr_pstrcat(parms->pool, cmd->name, " takes two or three arguments", - cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL); + cmd->errmsg ? ", " : NULL, cmd->errmsg, (char *)NULL); return cmd->AP_TAKE3(parms, mconfig, w, w2, w3); @@ -629,7 +629,7 @@ static const char *invoke_cmd(const command_rec *cmd, cmd_parms *parms, if (*w == '\0' || *args != 0) return apr_pstrcat(parms->pool, cmd->name, " takes one, two or three arguments", - cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL); + cmd->errmsg ? ", " : NULL, cmd->errmsg, (char *)NULL); return cmd->AP_TAKE3(parms, mconfig, w, w2, w3); @@ -641,7 +641,7 @@ static const char *invoke_cmd(const command_rec *cmd, cmd_parms *parms, if (*w == '\0' || (w2 && *w2 && !w3) || *args != 0) return apr_pstrcat(parms->pool, cmd->name, " takes one or three arguments", - cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL); + cmd->errmsg ? ", " : NULL, cmd->errmsg, (char *)NULL); return cmd->AP_TAKE3(parms, mconfig, w, w2, w3); @@ -662,7 +662,7 @@ static const char *invoke_cmd(const command_rec *cmd, cmd_parms *parms, if (*w == '\0' || *args == 0) return apr_pstrcat(parms->pool, cmd->name, " requires at least two arguments", - cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL); + cmd->errmsg ? ", " : NULL, cmd->errmsg, (char *)NULL); while (*(w2 = ap_getword_conf(parms->pool, &args)) != '\0') { @@ -679,14 +679,14 @@ static const char *invoke_cmd(const command_rec *cmd, cmd_parms *parms, if (*w == '\0' || (strcasecmp(w, "on") && strcasecmp(w, "off"))) return apr_pstrcat(parms->pool, cmd->name, " must be On or Off", - NULL); + (char *)NULL); return cmd->AP_FLAG(parms, mconfig, strcasecmp(w, "off") != 0); default: return apr_pstrcat(parms->pool, cmd->name, " is improperly configured internally (server bug)", - NULL); + (char *)NULL); } } @@ -797,13 +797,9 @@ static const char *process_resource_config_nofnmatch(const char *fname, unsigned depth, int optional) { - const char *error; - apr_status_t rv; - if (ap_is_directory(ptemp, fname)) { apr_dir_t *dirp; apr_finfo_t dirent; - int current; apr_array_header_t *candidates = NULL; fnames *fnew; char *path = apr_pstrdup(ptemp, fname); @@ -820,7 +816,7 @@ static const char *process_resource_config_nofnmatch(const char *fname, * entries here and store 'em away. Recall we need full pathnames * for this. */ - rv = apr_dir_open(&dirp, path, ptemp); + apr_status_t rv = apr_dir_open(&dirp, path, ptemp); if (rv != APR_SUCCESS) { char errmsg[120]; return apr_psprintf(p, "Could not open config directory %s: %s", @@ -846,9 +842,9 @@ static const char *process_resource_config_nofnmatch(const char *fname, * Now recurse these... we handle errors and subdirectories * via the recursion, which is nice */ - for (current = 0; current < candidates->nelts; ++current) { + for (int current = 0; current < candidates->nelts; ++current) { fnew = &((fnames *) candidates->elts)[current]; - error = process_resource_config_nofnmatch(fnew->fname, + const char *error = process_resource_config_nofnmatch(fnew->fname, ari, p, ptemp, depth, optional); if (error) { @@ -877,7 +873,6 @@ static const char *process_resource_config_fnmatch(const char *path, apr_finfo_t dirent; apr_array_header_t *candidates = NULL; fnames *fnew; - int current; /* find the first part of the filename */ rest = ap_strchr_c(fname, '/'); @@ -947,7 +942,7 @@ static const char *process_resource_config_fnmatch(const char *path, * Now recurse these... we handle errors and subdirectories * via the recursion, which is nice */ - for (current = 0; current < candidates->nelts; ++current) { + for (int current = 0; current < candidates->nelts; ++current) { fnew = &((fnames *) candidates->elts)[current]; if (!rest) { error = process_resource_config_nofnmatch(fnew->fname, @@ -993,10 +988,10 @@ AP_DECLARE(const char *) process_fnmatch_configs(apr_array_header_t *ari, /* we allow APR_SUCCESS and APR_EINCOMPLETE */ if (APR_ERELATIVE == status) { - return apr_pstrcat(p, "Include must have an absolute path, ", fname, NULL); + return apr_pstrcat(p, "Include must have an absolute path, ", fname, (char *)NULL); } else if (APR_EBADPATH == status) { - return apr_pstrcat(p, "Include has a bad path, ", fname, NULL); + return apr_pstrcat(p, "Include has a bad path, ", fname, (char *)NULL); } /* walk the filepath */ @@ -1056,7 +1051,7 @@ const char *process_command_config(server_rec *s, if(status != APR_SUCCESS) { apr_array_pop(arr); - errmsg = apr_pstrcat(p, "Cannot open config file: ", fn, NULL); + errmsg = apr_pstrcat(p, "Cannot open config file: ", fn, (char *)NULL); goto Exit; } } @@ -1098,7 +1093,7 @@ const char *process_command_config(server_rec *s, if (*w == '\0' || *args != 0) { ap_cfg_closefile(parms->config_file); - errmsg = apr_pstrcat(parms->pool, "Include takes one argument", NULL); + errmsg = apr_pstrcat(parms->pool, "Include takes one argument", (char *)NULL); goto Exit; } @@ -1115,11 +1110,11 @@ const char *process_command_config(server_rec *s, while(li >= 0 && configfilepath[li] != '/' && configfilepath[li] != '\\') configfilepath[li--] = 0; - w = apr_pstrcat(p, configfilepath, w, NULL); + w = apr_pstrcat(p, configfilepath, w, (char *)NULL); } else if (APR_EBADPATH == status) { ap_cfg_closefile(parms->config_file); - errmsg = apr_pstrcat(p, "Include file has a bad path, ", w, NULL); + errmsg = apr_pstrcat(p, "Include file has a bad path, ", w, (char *)NULL); goto Exit; } @@ -1143,7 +1138,7 @@ const char *process_command_config(server_rec *s, // unknown command, should error // ap_cfg_closefile(parms->config_file); - errmsg = apr_pstrcat(p, "Unknown command in config: ", cmd_name, NULL); + errmsg = apr_pstrcat(p, "Unknown command in config: ", cmd_name, (char *)NULL); goto Exit; } diff --git a/standalone/filters.c b/standalone/filters.c index ef0825e8d..1fece2eb3 100644 --- a/standalone/filters.c +++ b/standalone/filters.c @@ -210,7 +210,7 @@ AP_DECLARE(ap_filter_t *) ap_add_output_filter(const char *name, void *ctx, r ? &r->proto_output_filters : NULL, &c->output_filters); } -static void remove_any_filter(ap_filter_t *f, ap_filter_t **r_filt, ap_filter_t **p_filt, +static void remove_any_filter(const ap_filter_t *f, ap_filter_t **r_filt, ap_filter_t **p_filt, ap_filter_t **c_filt) { ap_filter_t **curr = r_filt ? r_filt : c_filt; diff --git a/standalone/main.cpp b/standalone/main.cpp index 30c3e67e9..5afb11895 100644 --- a/standalone/main.cpp +++ b/standalone/main.cpp @@ -37,12 +37,12 @@ int event_file_blocks[256]; char urls[MAX_URLS][4096]; int url_cnt = 0; -void readeventfile(char *name) +void readeventfile(const char *name) { if(event_file == NULL) { - event_file = (char *)malloc(EVENT_FILE_MAX_SIZE); - event_file_lines = (char **)malloc(EVENT_FILE_MAX_SIZE); + event_file = static_cast(malloc(EVENT_FILE_MAX_SIZE)); + event_file_lines = static_cast(malloc(EVENT_FILE_MAX_SIZE)); } event_file_len = 0; @@ -119,13 +119,13 @@ void parseargs(int argc, char *argv[]) { if(argv[i][0] == '-') { - if(argv[i][1] == 'c' && i < argc - 1) + if(i < argc - 1 && argv[i][1] == 'c') { config_file = argv[i + 1]; i += 2; continue; } - if(argv[i][1] == 'u' && i < argc - 1) + if(i < argc - 1 && argv[i][1] == 'u') { url_file = argv[i + 1]; i += 2; @@ -144,7 +144,7 @@ void parseargs(int argc, char *argv[]) } } -void log(void *obj, int level, char *str) +void log(const void *obj, int level, const char *str) //NOSONAR { printf("%s\n", str); } @@ -265,25 +265,26 @@ void main(int argc, char *argv[]) if(url_file != NULL) { FILE *fr = fopen(url_file, "rb"); - int i = 0; + if(fr != nullptr){ + int i = 0; + while(fgets(urls[i],4096,fr) != NULL) + { + urls[i][4095] = 0; - while(fgets(urls[i],4096,fr) != NULL) - { - urls[i][4095] = 0; + int l = strlen(urls[i]) - 1; - int l = strlen(urls[i]) - 1; + if(l < 8) + continue; - if(l < 8) - continue; + while(urls[i][l] == 10 || urls[i][l] == 13) + l--; - while(urls[i][l] == 10 || urls[i][l] == 13) - l--; + urls[i++][l + 1] = 0; + } - urls[i++][l + 1] = 0; + url_cnt = i; + fclose(fr); } - - url_cnt = i; - fclose(fr); } for(int i = 0; i < event_file_cnt; i++) @@ -320,7 +321,9 @@ void main(int argc, char *argv[]) char *method = event_file_lines[j]; char *url = strchr(method, 32); - char *proto = strchr(url + 1, 32); + char *proto = nullptr; + if(*(url + 1) != '\0') + proto = strchr(url + 1, 32); if(url == NULL || proto == NULL) continue; @@ -380,8 +383,7 @@ void main(int argc, char *argv[]) if(query != NULL) { - rawurl = (char *)apr_palloc(r->pool, strlen(url) + 1); - strcpy(rawurl, url); + rawurl = static_cast(apr_palloc(r->pool, strlen(url) + 1)); strcpy(rawurl, url); *query++ = 0; r->args = query; } @@ -392,15 +394,14 @@ void main(int argc, char *argv[]) { r->content_languages = apr_array_make(r->pool, 1, sizeof(const char *)); - *(const char **)apr_array_push(r->content_languages) = lng; + *static_cast(apr_array_push(r->content_languages)) = lng; } r->request_time = apr_time_now(); r->parsed_uri.scheme = "http"; r->parsed_uri.path = r->path_info; - r->parsed_uri.hostname = (char *)r->hostname; - r->parsed_uri.is_initialized = 1; + r->parsed_uri.hostname = const_cast(r->hostname); r->parsed_uri.is_initialized = 1; r->parsed_uri.port = 80; r->parsed_uri.port_str = "80"; r->parsed_uri.query = r->args; @@ -413,8 +414,7 @@ void main(int argc, char *argv[]) r->unparsed_uri = rawurl; r->uri = r->unparsed_uri; - r->the_request = (char *)apr_palloc(r->pool, strlen(r->method) + 1 + strlen(r->uri) + 1 + strlen(r->protocol) + 1); - + r->the_request = static_cast(apr_palloc(r->pool, strlen(r->method) + 1 + strlen(r->uri) + 1 + strlen(r->protocol) + 1)); strcpy(r->the_request, r->method); strcat(r->the_request, " "); strcat(r->the_request, r->uri); diff --git a/standalone/regex.c b/standalone/regex.c index cdc79059f..fe9984898 100644 --- a/standalone/regex.c +++ b/standalone/regex.c @@ -70,8 +70,6 @@ AP_DECLARE(void) ap_regfree(ap_regex_t *preg) AP_DECLARE(int) ap_regcomp(ap_regex_t *preg, const char *pattern, int cflags) { -const char *errorptr; -int erroffset; int options = 0; int nsub = 0; @@ -94,6 +92,8 @@ preg->re_nsub = nsub; #else // otherwise use PCRE if ((cflags & AP_REG_ICASE) != 0) options |= PCRE_CASELESS; if ((cflags & AP_REG_NEWLINE) != 0) options |= PCRE_MULTILINE; +const char *errorptr; +int erroffset; preg->re_pcre = pcre_compile(pattern, options, &errorptr, &erroffset, NULL); preg->re_erroffset = erroffset; @@ -149,7 +149,7 @@ if (nmatch > 0) PCRE2_SPTR pcre2_s; int pcre2_ret; pcre2_match_data *match_data; - PCRE2_SIZE *pcre2_ovector = NULL; + const PCRE2_SIZE *pcre2_ovector = NULL; pcre2_s = (PCRE2_SPTR)string; match_data = pcre2_match_data_create_from_pattern(preg->re_pcre, NULL); @@ -192,14 +192,14 @@ if (rc >= 0) pmatch[i].rm_so = ovector[i*2]; pmatch[i].rm_eo = ovector[i*2+1]; } - if (allocated_ovector) free(ovector); + if (allocated_ovector) ovector = NULL; for (; i < nmatch; i++) pmatch[i].rm_so = pmatch[i].rm_eo = -1; return 0; } else { - if (allocated_ovector) free(ovector); + if (allocated_ovector) ovector = NULL; switch(rc) { #ifndef WITH_PCRE diff --git a/standalone/server.c b/standalone/server.c index 31b12a6db..c57ff9734 100644 --- a/standalone/server.c +++ b/standalone/server.c @@ -137,7 +137,7 @@ static const char * const status_lines[RESPONSE_CODES] = AP_DECLARE(int) ap_index_of_response(int status) { - static int shortcut[6] = {0, LEVEL_200, LEVEL_300, LEVEL_400, + static const int shortcut[6] = {0, LEVEL_200, LEVEL_300, LEVEL_400, LEVEL_500, RESPONSE_CODES}; int i, pos; @@ -230,7 +230,7 @@ AP_DECLARE(char *) ap_escape_html2(apr_pool_t *p, const char *s, int toasc) j += 5; } else if (toasc && !apr_isascii(s[i])) { - char *esc = apr_psprintf(p, "&#%3.3d;", (unsigned char)s[i]); + const char *esc = apr_psprintf(p, "&#%3.3d;", (unsigned char)s[i]); memcpy(&x[j], esc, 6); j += 5; } @@ -248,17 +248,17 @@ AP_DECLARE(char *) ap_escape_html(apr_pool_t *p, const char *s) } #endif -AP_DECLARE(const char *) ap_psignature(const char *prefix, request_rec *r) +AP_DECLARE(const char *) ap_psignature(const char *prefix, request_rec *r) // cppcheck-suppress constParameterPointer { return prefix; } -AP_DECLARE(const char *) ap_document_root(request_rec *r) /* Don't use this! */ +AP_DECLARE(const char *) ap_document_root(request_rec *r) /* Don't use this! */ // cppcheck-suppress constParameterPointer { return "\\"; } -AP_DECLARE(apr_port_t) ap_get_server_port(const request_rec *r) +AP_DECLARE(apr_port_t) ap_get_server_port(const request_rec *r) // cppcheck-suppress constParameterPointer { return 80; } @@ -378,7 +378,7 @@ AP_DECLARE(const char *) ap_get_server_name(request_rec *r) return r->server->server_hostname; } -AP_DECLARE(void) ap_add_version_component(apr_pool_t *pconf, const char *component) +AP_DECLARE(void) ap_add_version_component(apr_pool_t *pconf, const char *component) // cppcheck-suppress constParameterPointer { // appends string to server description string // @@ -408,7 +408,7 @@ AP_DECLARE(worker_score *) ap_get_scoreboard_worker_from_indexes(int x, int y) return &ap_scoreboard_image->servers[x][y]; } -AP_DECLARE(worker_score *) ap_get_scoreboard_worker(ap_sb_handle_t *sbh) +AP_DECLARE(worker_score *) ap_get_scoreboard_worker(ap_sb_handle_t *sbh) // cppcheck-suppress constParameterPointer { //if (!sbh) // return NULL; @@ -544,8 +544,7 @@ AP_DECLARE(const char *) ap_get_remote_host(conn_rec *conn, void *dir_config, in if (type != REMOTE_NOLOOKUP && conn->remote_host == NULL - && (type == REMOTE_DOUBLE_REV - || hostname_lookups != HOSTNAME_LOOKUP_OFF)) { + && type == REMOTE_DOUBLE_REV) { #if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER < 3 if (apr_getnameinfo(&conn->remote_host, conn->remote_addr, 0) == APR_SUCCESS) { @@ -615,39 +614,38 @@ AP_DECLARE(char *) ap_server_root_relative(apr_pool_t *p, const char *file) } } -AP_DECLARE(piped_log *) ap_open_piped_log(apr_pool_t *p, const char *program) +AP_DECLARE(piped_log *) ap_open_piped_log(apr_pool_t *p, const char *program) // cppcheck-suppress constParameterPointer { return NULL; } #if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 3 -AP_DECLARE(apr_file_t *) ap_piped_log_write_fd(piped_log *pl) +AP_DECLARE(apr_file_t *) ap_piped_log_write_fd(piped_log *pl) // cppcheck-suppress constParameterPointer { return NULL; } #endif -AP_DECLARE(char **) ap_create_environment(apr_pool_t *p, apr_table_t *t) +AP_DECLARE(char **) ap_create_environment(apr_pool_t *p, const apr_table_t *t) { const apr_array_header_t *env_arr = apr_table_elts(t); const apr_table_entry_t *elts = (const apr_table_entry_t *) env_arr->elts; char **env = (char **) apr_palloc(p, (env_arr->nelts + 2) * sizeof(char *)); int i, j; - char *tz; char *whack; j = 0; if (!apr_table_get(t, "TZ")) { - tz = getenv("TZ"); + char * tz = getenv("TZ"); if (tz != NULL) { - env[j++] = apr_pstrcat(p, "TZ=", tz, NULL); + env[j++] = apr_pstrcat(p, "TZ=", tz, (char *)NULL); } } for (i = 0; i < env_arr->nelts; ++i) { if (!elts[i].key) { continue; } - env[j] = apr_pstrcat(p, elts[i].key, "=", elts[i].val, NULL); + env[j] = apr_pstrcat(p, elts[i].key, "=", elts[i].val, (char *)NULL); whack = env[j]; if (apr_isdigit(*whack)) { *whack++ = '_'; @@ -696,7 +694,8 @@ AP_DECLARE(int) ap_find_path_info(const char *uri, const char *path_info) */ static char *original_uri(request_rec *r) { - char *first, *last; + const char *first; + const char *last; if (r->the_request == NULL) { return (char *) apr_pcalloc(r->pool, 1); @@ -780,10 +779,10 @@ AP_DECLARE(void) ap_add_cgi_vars(request_rec *r) AP_DECLARE(void) ap_add_common_vars(request_rec *r) { apr_table_t *e; - server_rec *s = r->server; + const server_rec *s = r->server; conn_rec *c = r->connection; //const char *rem_logname; - char *env_path; + const char *env_path; #if defined(WIN32) || defined(OS2) || defined(BEOS) char *env_temp; #endif @@ -914,7 +913,7 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r) apr_table_addn(e, "REMOTE_USER", r->user); } else if (r->prev) { - request_rec *back = r->prev; + const request_rec *back = r->prev; while (back) { if (back->user) { @@ -957,46 +956,55 @@ unixd_config_rec ap_unixd_config; #endif const char *ap_server_argv0 = "nginx"; + #ifdef HAVE_GETPWNAM AP_DECLARE(uid_t) ap_uname2id(const char *name) { - struct passwd *ent; + struct passwd pwd; + struct passwd *result; + char buf[4096]; + int s; if (name[0] == '#') return (atoi(&name[1])); - if (!(ent = getpwnam(name))) { + s = getpwnam_r(name, &pwd, buf, sizeof(buf), &result); + + if (s != 0 || result == NULL) { ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, "%s: bad user name %s", ap_server_argv0, name); exit(1); } - return (ent->pw_uid); + return (result->pw_uid); } #endif #ifdef HAVE_GETGRNAM AP_DECLARE(gid_t) ap_gname2id(const char *name) { - struct group *ent; + struct group grp; + struct group *result; + char buf[4096]; + int s; if (name[0] == '#') return (atoi(&name[1])); - if (!(ent = getgrnam(name))) { + s = getgrnam_r(name, &grp, buf, sizeof(buf), &result); + + if (s != 0 || result == NULL) { ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, "%s: bad group name %s", ap_server_argv0, name); exit(1); } - return (ent->gr_gid); + return (result->gr_gid); } #endif AP_DECLARE(void) unixd_pre_config(apr_pool_t *ptemp) { - apr_finfo_t wrapper; - #if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER < 3 unixd_config.user_name = DEFAULT_USER; unixd_config.user_id = ap_uname2id(DEFAULT_USER); @@ -1008,15 +1016,6 @@ AP_DECLARE(void) unixd_pre_config(apr_pool_t *ptemp) ap_unixd_config.group_id = ap_gname2id(DEFAULT_GROUP); ap_unixd_config.suexec_enabled = 0; #endif - -/* if ((apr_stat(&wrapper, SUEXEC_BIN, - APR_FINFO_NORM, ptemp)) != APR_SUCCESS) { - return; - } - - if ((wrapper.protection & APR_USETID) && wrapper.user == 0) { - unixd_config.suexec_enabled = 1; - }*/ } /* XXX move to APR and externalize (but implement differently :) ) */ @@ -1123,9 +1122,9 @@ AP_DECLARE(apr_status_t) ap_unixd_set_proc_mutex_perms(apr_proc_mutex_t *pmutex) apr_os_proc_mutex_t ospmutex; #if !APR_HAVE_UNION_SEMUN union semun { - long val; + //long val; struct semid_ds *buf; - unsigned short *array; + //unsigned short *array; }; #endif union semun ick; diff --git a/tests/cppcheck_suppressions.txt b/tests/cppcheck_suppressions.txt new file mode 100644 index 000000000..2e55301a0 --- /dev/null +++ b/tests/cppcheck_suppressions.txt @@ -0,0 +1,23 @@ +normalCheckLevelMaxBranches +checkersReport +staticFunction + +unusedFunction +missingIncludeSystem +useStlAlgorithm +preprocessorErrorDirective +funcArgNamesDifferent +missingInclude + +purgedConfiguration + +nullPointerRedundantCheck +knownConditionTrueFalse +cstyleCast +functionStatic +shadowFunction + +stlcstrConstructor +stlcstrStream +uselessCallsSubstr +unmatchedSuppression \ No newline at end of file