several fixes in the codebase, mostly in signed/unsigned checkings.

10 files changed, 49 insertions, 37 deletions

diff --git a/libextra/auth_srp.c b/libextra/auth_srp.c
index c211c0e788..0c5dc34d91 100644
--- a/libextra/auth_srp.c
+++ b/libextra/auth_srp.c
@@ -35,8 +35,8 @@
 int gen_srp_server_kx2(gnutls_session, opaque **);
 int gen_srp_client_kx0(gnutls_session, opaque **);
 
-int proc_srp_server_kx2(gnutls_session, opaque *, int);
-int proc_srp_client_kx0(gnutls_session, opaque *, int);
+int proc_srp_server_kx2(gnutls_session, opaque *, size_t);
+int proc_srp_client_kx0(gnutls_session, opaque *, size_t);
 
 const MOD_AUTH_STRUCT srp_auth_struct = {
 	"SRP",
@@ -72,15 +72,16 @@ const MOD_AUTH_STRUCT srp_auth_struct = {
 /* Send the first key exchange message ( g, n, s) and append the verifier algorithm number 
  * Data is allocated by the caller, and should have data_size size.
  */
-int gen_srp_server_hello(gnutls_session state, opaque * data, int data_size)
+int gen_srp_server_hello(gnutls_session state, opaque * data, size_t _data_size)
 {
 	size_t n_g, n_n, n_s;
-	size_t ret;
+	int ret;
 	uint8 *data_n, *data_s;
 	uint8 *data_g, *username;
 	GNUTLS_SRP_PWD_ENTRY *pwd_entry;
 	int err;
 	SRP_SERVER_AUTH_INFO info;
+	ssize_t data_size = _data_size;
 	
 	if ( (ret=_gnutls_auth_info_set( state, GNUTLS_CRD_SRP, sizeof( SRP_SERVER_AUTH_INFO_INT), 1)) < 0) {
 		gnutls_assert();
@@ -127,7 +128,7 @@ int gen_srp_server_hello(gnutls_session state, opaque * data, int data_size)
 	_gnutls_mpi_set(N, pwd_entry->n);
 	_gnutls_mpi_set(V, pwd_entry->v);
 
-	if (data_size < n_n + n_g + pwd_entry->salt_size + 5) {
+	if ((size_t)data_size < n_n + n_g + pwd_entry->salt_size + 5) {
 		gnutls_assert();
 		return GNUTLS_E_INVALID_REQUEST;
 	}
@@ -285,7 +286,7 @@ int gen_srp_client_kx0(gnutls_session state, opaque ** data)
 }
 
 /* receive the first key exchange message ( g, n, s) */
-int proc_srp_server_hello(gnutls_session state, const opaque * data, int data_size)
+int proc_srp_server_hello(gnutls_session state, const opaque * data, size_t _data_size)
 {
 	uint8 n_s;
 	uint16 n_g, n_n;
@@ -295,8 +296,9 @@ int proc_srp_server_hello(gnutls_session state, const opaque * data, int data_si
 	const uint8 *data_s;
 	int i, ret;
 	opaque hd[SRP_MAX_HASH_SIZE];
-	char *username;
-	char *password;
+	char *username, *password;
+	ssize_t data_size = _data_size;
+
 	const gnutls_srp_client_credentials cred =
 	    _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_SRP, NULL);
 
@@ -370,9 +372,10 @@ int proc_srp_server_hello(gnutls_session state, const opaque * data, int data_si
 }
 
 /* just read A and put it to state */
-int proc_srp_client_kx0(gnutls_session state, opaque * data, int data_size)
+int proc_srp_client_kx0(gnutls_session state, opaque * data, size_t _data_size)
 {
 	size_t _n_A;
+	ssize_t data_size = _data_size;
 
 	DECR_LEN( data_size, 2);
 	_n_A = _gnutls_read_uint16( &data[0]);
@@ -387,9 +390,10 @@ int proc_srp_client_kx0(gnutls_session state, opaque * data, int data_size)
 }
 
 
-int proc_srp_server_kx2(gnutls_session state, opaque * data, int data_size)
+int proc_srp_server_kx2(gnutls_session state, opaque * data, size_t _data_size)
 {
 	size_t _n_B;
+	ssize_t data_size = _data_size;
 	int ret;
 	
 	DECR_LEN( data_size, 2);
diff --git a/libextra/auth_srp.h b/libextra/auth_srp.h
index baa7dc3eb3..988e24f5ef 100644
--- a/libextra/auth_srp.h
+++ b/libextra/auth_srp.h
@@ -23,8 +23,8 @@ typedef struct SRP_SERVER_AUTH_INFO_INT {
 
 #ifdef ENABLE_SRP
 
-int proc_srp_server_hello(gnutls_session state, const opaque * data, int data_size);
-int gen_srp_server_hello(gnutls_session state, opaque * data, int data_size);
+int proc_srp_server_hello(gnutls_session state, const opaque * data, size_t data_size);
+int gen_srp_server_hello(gnutls_session state, opaque * data, size_t data_size);
 
 typedef struct  SRP_SERVER_AUTH_INFO_INT  SRP_SERVER_AUTH_INFO_INT;
 
diff --git a/libextra/auth_srp_passwd.c b/libextra/auth_srp_passwd.c
index a39bbd44ba..98915a1b94 100644
--- a/libextra/auth_srp_passwd.c
+++ b/libextra/auth_srp_passwd.c
@@ -38,7 +38,7 @@
 /* this function parses tpasswd.conf file. Format is:
  * string(username):base64(v):base64(salt):int(index)
  */
-static int pwd_put_values( GNUTLS_SRP_PWD_ENTRY *entry, char *str, int str_size) {
+static int pwd_put_values( GNUTLS_SRP_PWD_ENTRY *entry, char *str) {
 char * p;
 int len, ret;
 opaque *verifier;
@@ -124,7 +124,8 @@ int indx;
 /* this function parses tpasswd.conf file. Format is:
  * int(index):base64(n):int(g)
  */
-static int pwd_put_values2( GNUTLS_SRP_PWD_ENTRY *entry, char *str, int str_size) {
+static int pwd_put_values2( GNUTLS_SRP_PWD_ENTRY *entry, char *str) 
+{
 char * p;
 int len;
 opaque * tmp;
@@ -198,7 +199,7 @@ size_t tmp_size;
 static int pwd_read_conf( const char* pconf_file, GNUTLS_SRP_PWD_ENTRY* entry, int index) {
 	FILE * fd;
 	char line[2*1024];
-	int i;
+	uint i;
 	char indexstr[10];
 
 	sprintf( indexstr, "%d", index); /* Flawfinder: ignore */
@@ -216,7 +217,7 @@ static int pwd_read_conf( const char* pconf_file, GNUTLS_SRP_PWD_ENTRY* entry, i
 	            i++;
 	    }
 	    if (strncmp( indexstr, line, strlen(indexstr)) == 0) {
-			if ((index = pwd_put_values2( entry, line, strlen(line))) >= 0)
+			if ((index = pwd_put_values2( entry, line)) >= 0)
 				return 0;
 			else {
 				return GNUTLS_E_PWD_ERROR;
@@ -232,7 +233,7 @@ GNUTLS_SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( gnutls_session state, char* us
 	const gnutls_srp_server_credentials cred;
 	FILE * fd;
 	char line[2*1024];
-	int i, len;
+	uint i, len;
 	GNUTLS_SRP_PWD_ENTRY * entry = gnutls_malloc(sizeof(GNUTLS_SRP_PWD_ENTRY));
 	int index;
 	int pwd_index = 0;
@@ -286,7 +287,7 @@ GNUTLS_SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( gnutls_session state, char* us
 	    }
 	    len = strlen(username);
 	    if (strncmp( username, line, (i>len)?i:len) == 0) {
-			if ((index = pwd_put_values( entry, line, strlen(line))) >= 0)
+			if ((index = pwd_put_values( entry, line)) >= 0)
 				if (pwd_read_conf( cred->password_conf_file[pwd_index], entry, index)==0) {
 					return entry;
 				} else {
diff --git a/libextra/auth_srp_passwd.h b/libextra/auth_srp_passwd.h
index 1918b4356c..cb9ef01b28 100644
--- a/libextra/auth_srp_passwd.h
+++ b/libextra/auth_srp_passwd.h
@@ -15,7 +15,7 @@ typedef struct {
 GNUTLS_SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( gnutls_session state, char* username, int* err);
 void _gnutls_srp_clear_pwd_entry( GNUTLS_SRP_PWD_ENTRY * entry);
 GNUTLS_SRP_PWD_ENTRY* _gnutls_randomize_pwd_entry(void);
-int _gnutls_sbase64_encode(uint8 * data, int data_size, uint8 ** result);
-int _gnutls_sbase64_decode(uint8 * data, int data_size, uint8 ** result);
+int _gnutls_sbase64_encode(uint8 * data, size_t data_size, uint8 ** result);
+int _gnutls_sbase64_decode(uint8 * data, size_t data_size, uint8 ** result);
 
 #endif /* ENABLE_SRP */
diff --git a/libextra/auth_srp_sb64.c b/libextra/auth_srp_sb64.c
index f3b90fb550..7941dc33ce 100644
--- a/libextra/auth_srp_sb64.c
+++ b/libextra/auth_srp_sb64.c
@@ -25,10 +25,10 @@
 /* this a modified base64 for srp !!! 
  * It seems that everybody makes it's own base64 convertion.
  */
-const static uint8 b64table[64] =
+static const uint8 b64table[64] =
     "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
 
-const static uint8 asciitable[128] = {
+static const uint8 asciitable[128] = {
 	0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 	0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 	0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
@@ -132,9 +132,10 @@ inline static int encode(uint8 * result, const uint8 * rdata, int left)
 /* encodes data and puts the result into result (localy alocated)
  * The result_size is the return value
  */
-int _gnutls_sbase64_encode(uint8 * data, int data_size, uint8 ** result)
+int _gnutls_sbase64_encode(uint8 * data, size_t data_size, uint8 ** result)
 {
-	int ret, tmp, j, i;
+	uint i,j;
+	int ret, tmp;
 	char tmpres[4];
 	int mod = data_size % 3;
 
@@ -217,9 +218,10 @@ inline static int decode(uint8 * result, const uint8 * data)
  * That function does not ignore newlines tabs etc. You should remove them
  * before calling it.
  */
-int _gnutls_sbase64_decode(uint8 * data, int idata_size, uint8 ** result)
+int _gnutls_sbase64_decode(uint8 * data, size_t idata_size, uint8 ** result)
 {
-	int i, ret, j, left;
+	uint i,j;
+	int ret, left;
 	int data_size, tmp;
 	uint8 datrev[4];
 	uint8 tmpres[3];
diff --git a/libextra/crypt.c b/libextra/crypt.c
index 4680e048f8..0d8ad19ad8 100644
--- a/libextra/crypt.c
+++ b/libextra/crypt.c
@@ -24,6 +24,7 @@
 
 #include "crypt_srpsha1.h"
 #include "gnutls_random.h"
+#include <crypt.h>
 
 char * _gnutls_srp_crypt(const char* username, const char *passwd, int salt, GNUTLS_MPI g, GNUTLS_MPI n) {
 	
diff --git a/libextra/crypt_srpsha1.c b/libextra/crypt_srpsha1.c
index f09dff5a14..25cf2399fa 100644
--- a/libextra/crypt_srpsha1.c
+++ b/libextra/crypt_srpsha1.c
@@ -1,5 +1,5 @@
 /*
- *      Copyright (C) 2001 Nikos Mavroyanopoulos
+ *      Copyright (C) 2001,2002 Nikos Mavroyanopoulos
  *
  * This file is part of GNUTLS.
  *
@@ -27,6 +27,7 @@
 #include "auth_srp_passwd.h"
 #include "gnutls_srp.h"
 #include <gnutls_errors.h>
+#include <crypt_srpsha1.h>
 
 /*
  * x = SHA(<salt> | SHA(<username> | ":" | <raw password>)) 
@@ -40,16 +41,16 @@ char *_gnutls_crypt_srpsha1(const char *username, const char *passwd,
 		    const char *salt, GNUTLS_MPI g, GNUTLS_MPI n)
 {
 	unsigned char *sp, *spe, r1[MAX_HASH_SIZE];
-	int salt_size = strlen(salt);
+	uint salt_size, passwd_len;
 	unsigned char *local_salt, *v;
-	int passwd_len;
 	GNUTLS_HASH_HANDLE h1;
 	int vsize, hash_len = _gnutls_hash_get_algo_len(GNUTLS_MAC_SHA);
 	opaque *tmp;
 	uint8 *rtext, *csalt;
-	int rsalt_size, tmpsize;
+	int tmpsize, rsalt_size;
 	size_t len;
 
+	salt_size = strlen(salt);
 	passwd_len = strlen(passwd);	/* we do not want the null */
 
 	h1 = _gnutls_hash_init(GNUTLS_MAC_SHA);
diff --git a/libextra/ext_srp.c b/libextra/ext_srp.c
index 96cd773f21..03637693d6 100644
--- a/libextra/ext_srp.c
+++ b/libextra/ext_srp.c
@@ -19,6 +19,7 @@
  */
 
 #include "gnutls_int.h"
+#include <ext_srp.h>
 
 #ifdef ENABLE_SRP
 
@@ -27,8 +28,9 @@
 #include "gnutls_errors.h"
 #include "gnutls_algorithms.h"
 
-int _gnutls_srp_recv_params( gnutls_session state, const opaque* data, int data_size) {
+int _gnutls_srp_recv_params( gnutls_session state, const opaque* data, size_t _data_size) {
 	uint8 len;
+	ssize_t data_size = _data_size;
 
 	if (_gnutls_kx_priority( state, GNUTLS_KX_SRP) < 0) {
 		/* algorithm was not allowed in this state
@@ -62,8 +64,8 @@ int _gnutls_srp_recv_params( gnutls_session state, const opaque* data, int data_
 /* returns data_size or a negative number on failure
  * data is allocated localy
  */
-int _gnutls_srp_send_params( gnutls_session state, opaque* data, int data_size) {
-	uint8 len;
+int _gnutls_srp_send_params( gnutls_session state, opaque* data, size_t data_size) {
+	uint len;
 
 	if (_gnutls_kx_priority( state, GNUTLS_KX_SRP) < 0) {
 		/* algorithm was not allowed in this state
@@ -78,7 +80,7 @@ int _gnutls_srp_send_params( gnutls_session state, opaque* data, int data_size)
 		if (cred==NULL) return 0;
 
 		if (cred->username!=NULL) { /* send username */
-			len = strlen(cred->username);
+			len = strlen(cred->username) % 256;
 			if (data_size < len+1) {
 				gnutls_assert();
 				return GNUTLS_E_INVALID_REQUEST;
diff --git a/libextra/ext_srp.h b/libextra/ext_srp.h
index 2b555937ca..63c85eac9a 100644
--- a/libextra/ext_srp.h
+++ b/libextra/ext_srp.h
@@ -1,6 +1,6 @@
 #ifdef ENABLE_SRP
 
-int _gnutls_srp_recv_params( gnutls_session state, const opaque* data, int data_size);
-int _gnutls_srp_send_params( gnutls_session state, opaque* data, int);
+int _gnutls_srp_recv_params( gnutls_session state, const opaque* data, size_t data_size);
+int _gnutls_srp_send_params( gnutls_session state, opaque* data, size_t);
 
 #endif
diff --git a/libextra/gnutls_openpgp.c b/libextra/gnutls_openpgp.c
index fecfefc6cc..b4004c8dec 100644
--- a/libextra/gnutls_openpgp.c
+++ b/libextra/gnutls_openpgp.c
@@ -1392,7 +1392,8 @@ gnutls_openpgp_recv_key(const char *host, short port, uint32 keyid,
     char buffer[4096];
     int fd = -1;
     int rc = 0, state = 0;
-    ssize_t nbytes = 0, n = 0;
+    size_t nbytes = 0;
+    ssize_t n = 0;
   
     if ( !host || !key )
         return GNUTLS_E_INVALID_PARAMETERS;