diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-07-09 10:06:47 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-07-10 07:18:30 +0200 |
commit | e64327a7f78ee183c0766631be171c2d8cd4f042 (patch) | |
tree | 4a5ebc4ea3d84248f1eca5a1bed18418d93bee0b | |
parent | 4171be91af3e5f06cdf6d26143ceaadc5699c985 (diff) | |
download | gnutls-tmp-mark-infinite-loops.tar.gz |
lib: mark infinite loops explicitlytmp-mark-infinite-loops
There were few infinite loop constructions which were checking
for an always true condition. Make sure that this construction
is marked explicitly as while(1) to assist static analysers, or
reviewers.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/x509/name_constraints.c | 38 | ||||
-rw-r--r-- | lib/x509/x509_ext.c | 21 |
2 files changed, 24 insertions, 35 deletions
diff --git a/lib/x509/name_constraints.c b/lib/x509/name_constraints.c index d5ce52ee70..dba2fd4b9f 100644 --- a/lib/x509/name_constraints.c +++ b/lib/x509/name_constraints.c @@ -116,7 +116,7 @@ int _gnutls_extract_name_constraints(ASN1_TYPE c2, const char *vstr, { int ret; char tmpstr[128]; - unsigned indx = 0; + unsigned indx; gnutls_datum_t tmp = { NULL, 0 }; unsigned int type; struct name_constraints_node_st *nc, *prev; @@ -127,8 +127,7 @@ int _gnutls_extract_name_constraints(ASN1_TYPE c2, const char *vstr, prev = prev->next; } - do { - indx++; + for (indx=1;;indx++) { snprintf(tmpstr, sizeof(tmpstr), "%s.?%u.base", vstr, indx); ret = @@ -164,7 +163,7 @@ int _gnutls_extract_name_constraints(ASN1_TYPE c2, const char *vstr, } tmp.data = NULL; - } while (ret >= 0); + } if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { gnutls_assert(); @@ -1071,13 +1070,12 @@ static unsigned check_unsupported_constraint2(gnutls_x509_crt_t cert, unsigned san_type; int ret; - idx = 0; found_one = 0; - do { + for (idx=0;;idx++) { name_size = sizeof(name); ret = gnutls_x509_crt_get_subject_alt_name2(cert, - idx++, name, &name_size, &san_type, NULL); + idx, name, &name_size, &san_type, NULL); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; else if (ret < 0) @@ -1088,7 +1086,7 @@ static unsigned check_unsupported_constraint2(gnutls_x509_crt_t cert, found_one = 1; break; - } while(ret >= 0); + } if (found_one != 0) return check_unsupported_constraint(nc, type); @@ -1129,11 +1127,11 @@ unsigned found_one; return 1; /* shortcut; no constraints to check */ if (type == GNUTLS_SAN_RFC822NAME) { - idx = found_one = 0; - do { + found_one = 0; + for (idx=0;;idx++) { name_size = sizeof(name); ret = gnutls_x509_crt_get_subject_alt_name2(cert, - idx++, name, &name_size, &san_type, NULL); + idx, name, &name_size, &san_type, NULL); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; else if (ret < 0) @@ -1149,7 +1147,7 @@ unsigned found_one; &n); if (t == 0) return gnutls_assert_val(t); - } while(ret >= 0); + } /* there is at least a single e-mail. That means that the EMAIL field will * not be used for verifying the identity of the holder. */ @@ -1190,11 +1188,11 @@ unsigned found_one; return gnutls_assert_val(1); } } else if (type == GNUTLS_SAN_DNSNAME) { - idx = found_one = 0; - do { + found_one = 0; + for (idx=0;;idx++) { name_size = sizeof(name); ret = gnutls_x509_crt_get_subject_alt_name2(cert, - idx++, name, &name_size, &san_type, NULL); + idx, name, &name_size, &san_type, NULL); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; else if (ret < 0) @@ -1210,7 +1208,7 @@ unsigned found_one; &n); if (t == 0) return gnutls_assert_val(t); - } while(ret >= 0); + } /* there is at least a single DNS name. That means that the CN will * not be used for verifying the identity of the holder. */ @@ -1256,11 +1254,11 @@ unsigned found_one; return gnutls_assert_val(1); } } else if (type == GNUTLS_SAN_IPADDRESS) { - idx = found_one = 0; - do { + found_one = 0; + for (idx=0;;idx++) { name_size = sizeof(name); ret = gnutls_x509_crt_get_subject_alt_name2(cert, - idx++, name, &name_size, &san_type, NULL); + idx, name, &name_size, &san_type, NULL); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; else if (ret < 0) @@ -1275,7 +1273,7 @@ unsigned found_one; t = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, &n); if (t == 0) return gnutls_assert_val(t); - } while(ret >= 0); + } /* there is at least a single IP address. */ diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c index aa09ef85f1..6aeb159dba 100644 --- a/lib/x509/x509_ext.c +++ b/lib/x509/x509_ext.c @@ -236,8 +236,7 @@ int gnutls_x509_ext_import_subject_alt_names(const gnutls_datum_t * ext, goto cleanup; } - i = 0; - do { + for (i=0;;i++) { san.data = NULL; san.size = 0; othername_oid.data = NULL; @@ -264,9 +263,7 @@ int gnutls_x509_ext_import_subject_alt_names(const gnutls_datum_t * ext, (char *)othername_oid.data, 1); if (ret < 0) break; - - i++; - } while (ret >= 0); + } sans->size = i; if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { @@ -916,8 +913,7 @@ int gnutls_x509_ext_import_authority_key_id(const gnutls_datum_t * ext, } /* Read authorityCertIssuer */ - i = 0; - do { + for (i=0;;i++) { san.data = NULL; san.size = 0; othername_oid.data = NULL; @@ -944,9 +940,7 @@ int gnutls_x509_ext_import_authority_key_id(const gnutls_datum_t * ext, (char *)othername_oid.data, 1); if (ret < 0) break; - - i++; - } while (ret >= 0); + } aki->cert_issuer.size = i; if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE @@ -2444,8 +2438,7 @@ int gnutls_x509_ext_import_crl_dist_points(const gnutls_datum_t * ext, snprintf(name, sizeof(name), "?%u.distributionPoint.fullName", (unsigned)i + 1); - j = 0; - do { + for (j=0;;j++) { san.data = NULL; san.size = 0; @@ -2464,9 +2457,7 @@ int gnutls_x509_ext_import_crl_dist_points(const gnutls_datum_t * ext, if (ret < 0) break; san.data = NULL; /* it is now in cdp */ - - j++; - } while (ret >= 0); + } i++; } while (ret >= 0); |