[tor-commits] [tor/master] Fix most of the --enable-gcc-warnings warnings in the sandbox code

13 Sep 2013

commit cc35d8be8472ae7ae1ebc3421ff798ec1d893c06
Author: Nick Mathewson nickm@torproject.org
Date:   Mon Sep 9 15:14:50 2013 -0400
Fix most of the --enable-gcc-warnings warnings in the sandbox code
---
 src/common/sandbox.c |   38 ++++++++++++++++++++++++++++----------
 src/common/sandbox.h |    2 +-
 2 files changed, 29 insertions(+), 11 deletions(-)

diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 6fdddd2..1fd2119 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -142,12 +142,14 @@ static int filter_nopar_gen[] = {
 static int
 sb_rt_sigaction(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 {
-  int i, rc;
+  unsigned i;
+  int rc;
   int param[] = { SIGINT, SIGTERM, SIGPIPE, SIGUSR1, SIGUSR2, SIGHUP, SIGCHLD,
 #ifdef SIGXFSZ
       SIGXFSZ
 #endif
       };
+  (void) filter;
for (i = 0; i < ARRAY_LENGTH(param); i++) {
     rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigaction), 1,
@@ -195,6 +197,7 @@ sb_execve(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 static int
 sb_time(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 {
+  (void) filter;
   return seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(time), 1,
        SCMP_CMP(0, SCMP_CMP_EQ, 0));
 }
@@ -207,6 +210,7 @@ static int
 sb_accept4(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 {
   int rc = 0;
+  (void)filter;
#ifdef __i386__
   rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socketcall), 1,
@@ -365,6 +369,7 @@ static int
 sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 {
   int rc = 0;
+  (void) filter;
#ifdef __i386__
   rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), 0);
@@ -411,6 +416,7 @@ static int
 sb_socketpair(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 {
   int rc = 0;
+  (void) filter;
#ifdef __i386__
   rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socketpair), 0);
@@ -435,6 +441,7 @@ static int
 sb_setsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 {
   int rc = 0;
+  (void) filter;
#ifdef __i386__
   rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(setsockopt), 0);
@@ -459,6 +466,7 @@ static int
 sb_getsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 {
   int rc = 0;
+  (void) filter;
#ifdef __i386__
   rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt), 0);
@@ -521,6 +529,7 @@ static int
 sb_epoll_ctl(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 {
   int rc = 0;
+  (void) filter;
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(epoll_ctl), 1,
       SCMP_CMP(1, SCMP_CMP_EQ, EPOLL_CTL_ADD));
@@ -551,6 +560,7 @@ static int
 sb_prctl(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 {
   int rc = 0;
+  (void) filter;
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(prctl), 1,
       SCMP_CMP(0, SCMP_CMP_EQ, PR_SET_DUMPABLE));
@@ -571,6 +581,7 @@ static int
 sb_mprotect(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 {
   int rc = 0;
+  (void) filter;
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mprotect), 1,
       SCMP_CMP(2, SCMP_CMP_EQ, PROT_READ));
@@ -598,6 +609,7 @@ static int
 sb_rt_sigprocmask(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 {
   int rc = 0;
+  (void) filter;
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigprocmask), 1,
       SCMP_CMP(0, SCMP_CMP_EQ, SIG_UNBLOCK));
@@ -622,6 +634,7 @@ static int
 sb_flock(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 {
   int rc = 0;
+  (void) filter;
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(flock), 1,
       SCMP_CMP(1, SCMP_CMP_EQ, LOCK_EX|LOCK_NB));
@@ -644,6 +657,7 @@ static int
 sb_futex(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 {
   int rc = 0;
+  (void) filter;
// can remove
   rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(futex), 1,
@@ -675,6 +689,7 @@ static int
 sb_mremap(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 {
   int rc = 0;
+  (void) filter;
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mremap), 1,
       SCMP_CMP(3, SCMP_CMP_EQ, MREMAP_MAYMOVE));
@@ -692,6 +707,7 @@ static int
 sb_poll(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 {
   int rc = 0;
+  (void) filter;
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(poll), 2,
       SCMP_CMP(1, SCMP_CMP_EQ, 1),
@@ -825,13 +841,13 @@ prot_strings(sandbox_cfg_t* cfg)
     char *param_val = (char*)((smp_param_t *)el->param)->value;
     size_t param_size = strlen(param_val) + 1;
-    if (pr_mem_left - param_size >= 0) {
+    if (pr_mem_left >= param_size) {
       // copy to protected
       memcpy(pr_mem_next, param_val, param_size);
// re-point el parameter to protected
       {
-        void *old_val = ((smp_param_t*)el->param)->value;
+        void *old_val = (void *) ((smp_param_t*)el->param)->value;
         tor_free(old_val);
       }
       ((smp_param_t*)el->param)->value = (intptr_t) pr_mem_next;
@@ -900,7 +916,7 @@ sandbox_cfg_allow_stat_filename(sandbox_cfg_t **cfg, char *file, int fr)
 {
   sandbox_cfg_t *elem = NULL;
-  elem = new_element(SCMP_stat, 0, (intptr_t) tor_strdup(file));
+  elem = new_element(SCMP_stat, 0, (intptr_t)(void*) tor_strdup(file));
   if (!elem) {
     log_err(LD_BUG,"(Sandbox) failed to register parameter!");
     return -1;
@@ -942,7 +958,7 @@ sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file, int fr)
 {
   sandbox_cfg_t *elem = NULL;
-  elem = new_element(SCMP_SYS(open), 0, (intptr_t) tor_strdup(file));
+  elem = new_element(SCMP_SYS(open), 0, (intptr_t)(void *)tor_strdup(file));
   if (!elem) {
     log_err(LD_BUG,"(Sandbox) failed to register parameter!");
     return -1;
@@ -985,7 +1001,7 @@ sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file, int fr)
 {
   sandbox_cfg_t *elem = NULL;
-  elem = new_element(SCMP_SYS(openat), 1, (intptr_t) tor_strdup(file));
+  elem = new_element(SCMP_SYS(openat), 1, (intptr_t)(void *)tor_strdup(file));
   if (!elem) {
     log_err(LD_BUG,"(Sandbox) failed to register parameter!");
     return -1;
@@ -1024,11 +1040,11 @@ sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, ...)
 }
int
-sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, char *com)
+sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, const char *com)
 {
   sandbox_cfg_t *elem = NULL;
-  elem = new_element(SCMP_SYS(execve), 1, (intptr_t) tor_strdup(com));
+  elem = new_element(SCMP_SYS(execve), 1, (intptr_t)(void *)tor_strdup(com));
   if (!elem) {
     log_err(LD_BUG,"(Sandbox) failed to register parameter!");
     return -1;
@@ -1141,7 +1157,8 @@ sandbox_add_addrinfo(const char* name)
 static int
 add_param_filter(scmp_filter_ctx ctx, sandbox_cfg_t* cfg)
 {
-  int i, rc = 0;
+  unsigned i;
+  int rc = 0;
// function pointer
   for (i = 0; i < ARRAY_LENGTH(filter_func); i++) {
@@ -1162,7 +1179,8 @@ add_param_filter(scmp_filter_ctx ctx, sandbox_cfg_t* cfg)
 static int
 add_noparam_filter(scmp_filter_ctx ctx)
 {
-  int i, rc = 0;
+  unsigned i;
+  int rc = 0;
// add general filters
   for (i = 0; i < ARRAY_LENGTH(filter_nopar_gen); i++) {
diff --git a/src/common/sandbox.h b/src/common/sandbox.h
index e61e0b3..a1434ce 100644
--- a/src/common/sandbox.h
+++ b/src/common/sandbox.h
@@ -191,7 +191,7 @@ int sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, ...);
  * function that the char* needs to be free-ed, 0 means the pointer does not
  * need to be free-ed.
  */
-int sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, char *com);
+int sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, const char *com);
/** Function used to add a series of execve allowed filenames to a supplied
  * configuration.

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

[tor-commits] [tor/master] Fix most of the --enable-gcc-warnings warnings in the sandbox code