diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2021-08-20 18:11:13 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-08-20 18:11:13 +0200 |
| commit | 8fdffbf3a17ebfc8e7043264cce516d23e9f5345 (patch) | |
| tree | a6ba2b4db0813272b8f54deb65e4fa15490245a6 /src/lib/protocols | |
| parent | 55eec29c08fa2cf66f5f3ef8868ce4e0de52111f (diff) | |
Compile everything with "-W -Wall -Wno-unused-parameter" flags (#1276)
Fix all the warnings.
Getting rid of "-Wno-unused-parameter" is quite complex because some
parameters usage depends on compilation variable (i.e.
`--enable-debug-messages`).
The "-Werror" flag has been added only in Travis builds to avoid
breaking the builds to users using uncommon/untested
OS/compiler/enviroment.
Tested on:
* x86_64; Ubuntu 20.04; gcc 7,8,9,10,11; clang 7,8,9,10,11,12
* x86_64; CentOS 7.7; gcc 4.8.5 (with "--disable-gcrypt" flag)
* Raspberry 4; Debian 10.10; gcc 8.3.0
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/btlib.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/directconnect.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/http.c | 5 | ||||
| -rw-r--r-- | src/lib/protocols/kerberos.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/mail_smtp.c | 3 | ||||
| -rw-r--r-- | src/lib/protocols/netflow.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/postgres.c | 6 | ||||
| -rw-r--r-- | src/lib/protocols/quic.c | 4 | ||||
| -rw-r--r-- | src/lib/protocols/rx.c | 52 | ||||
| -rw-r--r-- | src/lib/protocols/skype.c | 4 | ||||
| -rw-r--r-- | src/lib/protocols/smb.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/smpp.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/soulseek.c | 12 | ||||
| -rw-r--r-- | src/lib/protocols/spotify.c | 12 | ||||
| -rw-r--r-- | src/lib/protocols/tinc.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 20 | ||||
| -rw-r--r-- | src/lib/protocols/ubntac2.c | 3 |
17 files changed, 70 insertions, 65 deletions
diff --git a/src/lib/protocols/btlib.c b/src/lib/protocols/btlib.c index ac6682f28..853e01405 100644 --- a/src/lib/protocols/btlib.c +++ b/src/lib/protocols/btlib.c @@ -419,7 +419,7 @@ const u_int8_t *bt_decode(const u_int8_t *b, size_t *l, int *ret, bt_parse_data_ if(c != ':') goto bad_data; break; } - if(d > *l) goto bad_data; + if((size_t)d > *l) goto bad_data; cbd->t = 2; cbd->v.s.s = b; cbd->v.s.l = d; diff --git a/src/lib/protocols/directconnect.c b/src/lib/protocols/directconnect.c index 3d158c475..5de91ea11 100644 --- a/src/lib/protocols/directconnect.c +++ b/src/lib/protocols/directconnect.c @@ -51,7 +51,7 @@ static u_int32_t skip_unknown_headers(const u_int8_t * payload, u_int32_t payloa } static u_int16_t parse_binf_message(struct ndpi_detection_module_struct - *ndpi_struct, const u_int8_t * payload, int payload_len) + *ndpi_struct, const u_int8_t * payload, uint32_t payload_len) { u_int32_t i = 4; u_int16_t bytes_read = 0; diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index bcc9fdb7f..1a3e2e357 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -238,12 +238,13 @@ static ndpi_protocol_category_t ndpi_http_check_content(struct ndpi_detection_mo if(packet->content_disposition_line.len > attachment_len) { u_int8_t filename_len = packet->content_disposition_line.len - attachment_len; + int i; if(filename_len > ATTACHMENT_LEN) { attachment_len += filename_len-ATTACHMENT_LEN-1; if((attachment_len+ATTACHMENT_LEN) <= packet->content_disposition_line.len) { - for(int i = 0; binary_file_ext[i] != NULL; i++) { + for(i = 0; binary_file_ext[i] != NULL; i++) { /* Use memcmp in case content-disposition contains binary data */ if(memcmp(&packet->content_disposition_line.ptr[attachment_len], binary_file_ext[i], ATTACHMENT_LEN) == 0) { @@ -715,7 +716,7 @@ static const char *http_fs = "CDGHOPR"; static u_int16_t http_request_url_offset(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - int i; + unsigned int i; NDPI_LOG_DBG2(ndpi_struct, "====>>>> HTTP: %c%c%c%c [len: %u]\n", packet->payload_packet_len > 0 ? non_ctrl(packet->payload[0]) : '.', diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c index 3644d840e..2f8c550ca 100644 --- a/src/lib/protocols/kerberos.c +++ b/src/lib/protocols/kerberos.c @@ -302,7 +302,7 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, #endif if(body_offset < packet->payload_packet_len) { - u_int name_offset, padding_offset = body_offset + 4; + u_int16_t name_offset, padding_offset = body_offset + 4; name_offset = padding_offset; for(i=0; i<14; i++) if(packet->payload[name_offset] != 0x1b) name_offset++; /* ASN.1 */ diff --git a/src/lib/protocols/mail_smtp.c b/src/lib/protocols/mail_smtp.c index 91f9a00a2..66e4cc0f0 100644 --- a/src/lib/protocols/mail_smtp.c +++ b/src/lib/protocols/mail_smtp.c @@ -88,7 +88,8 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_struct, if(flow->host_server_name[0] == '\0') { if(packet->line[a].len > 4) { - int i, len; + int i; + unsigned int len; if(packet->line[a].ptr[4] != '(') { for(i=5; (i<packet->line[a].len-1) && (packet->line[a].ptr[i] != ' '); i++) diff --git a/src/lib/protocols/netflow.c b/src/lib/protocols/netflow.c index 8f40144b9..d91993854 100644 --- a/src/lib/protocols/netflow.c +++ b/src/lib/protocols/netflow.c @@ -172,7 +172,7 @@ void ndpi_search_netflow(struct ndpi_detection_module_struct *ndpi_struct, struc now = now_tv.tv_sec; if(((version == 1) && (when == 0)) - || ((when >= 946684800 /* 1/1/2000 */) && (when <= now))) { + || ((when >= 946684800 /* 1/1/2000 */) && (when <= (u_int32_t)now))) { NDPI_LOG_INFO(ndpi_struct, "found netflow\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NETFLOW, NDPI_PROTOCOL_UNKNOWN); return; diff --git a/src/lib/protocols/postgres.c b/src/lib/protocols/postgres.c index 3e9d27c78..68e5d02f1 100644 --- a/src/lib/protocols/postgres.c +++ b/src/lib/protocols/postgres.c @@ -79,19 +79,19 @@ void ndpi_search_postgres_tcp(struct ndpi_detection_module_struct if (flow->l4.tcp.postgres_stage == 4 - packet->packet_direction) if (packet->payload_packet_len > 8 && ntohl(get_u_int32_t(packet->payload, 5)) < 10 && - ntohl(get_u_int32_t(packet->payload, 1)) == packet->payload_packet_len - 1 && packet->payload[0] == 0x52) { + ntohl(get_u_int32_t(packet->payload, 1)) == (uint32_t)packet->payload_packet_len - 1 && packet->payload[0] == 0x52) { NDPI_LOG_INFO(ndpi_struct, "PostgreSQL detected, no SSL\n"); ndpi_int_postgres_add_connection(ndpi_struct, flow); return; } if (flow->l4.tcp.postgres_stage == 6 - && ntohl(get_u_int32_t(packet->payload, 1)) == packet->payload_packet_len - 1 && packet->payload[0] == 'p') { + && ntohl(get_u_int32_t(packet->payload, 1)) == (uint32_t)packet->payload_packet_len - 1 && packet->payload[0] == 'p') { NDPI_LOG_INFO(ndpi_struct, "found postgres asymmetrically\n"); ndpi_int_postgres_add_connection(ndpi_struct, flow); return; } if (flow->l4.tcp.postgres_stage == 5 && packet->payload[0] == 'R') { - if (ntohl(get_u_int32_t(packet->payload, 1)) == packet->payload_packet_len - 1) { + if (ntohl(get_u_int32_t(packet->payload, 1)) == (uint32_t)packet->payload_packet_len - 1) { NDPI_LOG_INFO(ndpi_struct, "found postgres asymmetrically\n"); ndpi_int_postgres_add_connection(ndpi_struct, flow); return; diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 999ea61e5..a508c30ef 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -1010,7 +1010,7 @@ static int __reassemble(struct ndpi_flow_struct *flow, const u_int8_t *frag, uint64_t frag_len, uint64_t frag_offset, const u_int8_t **buf, u_int64_t *buf_len) { - const int max_quic_reasm_buffer_len = 4096; /* Let's say a couple of full-MTU packets... */ + const uint64_t max_quic_reasm_buffer_len = 4096; /* Let's say a couple of full-MTU packets... */ /* TODO: at the moment, this function is only a little more than a stub. We should reassemble the fragments, but nDPI lacks any proper generic @@ -1580,7 +1580,7 @@ static void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, { u_int32_t version; u_int8_t *clear_payload; - uint32_t clear_payload_len; + uint32_t clear_payload_len = 0; const u_int8_t *crypto_data; uint64_t crypto_data_len; int is_quic; diff --git a/src/lib/protocols/rx.c b/src/lib/protocols/rx.c index 4e140a53a..ff081b89a 100644 --- a/src/lib/protocols/rx.c +++ b/src/lib/protocols/rx.c @@ -48,19 +48,19 @@ struct ndpi_rx_header { } PACK_OFF; /* Type values */ -#define DATA 1 -#define ACK 2 -#define BUSY 3 -#define ABORT 4 -#define ACKALL 5 -#define CHALLENGE 6 -#define RESPONSE 7 -#define DEBUG 8 -#define PARAM_1 9 -#define PARAM_2 10 -#define PARAM_3 11 -#define PARAMS_4 12 -#define VERS 13 +#define RX_DATA 1 +#define RX_ACK 2 +#define RX_BUSY 3 +#define RX_ABORT 4 +#define RX_ACKALL 5 +#define RX_CHALLENGE 6 +#define RX_RESPONSE 7 +#define RX_DEBUG 8 +#define RX_PARAM_1 9 +#define RX_PARAM_2 10 +#define RX_PARAM_3 11 +#define RX_PARAMS_4 12 +#define RX_VERS 13 /* Flags values */ #define EMPTY 0 @@ -108,7 +108,7 @@ void ndpi_check_rx(struct ndpi_detection_module_struct *ndpi_struct, **/ /* TYPE field */ - if((header->type < DATA) || (header->type > VERS)) { + if((header->type < RX_DATA) || (header->type > RX_VERS)) { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -123,43 +123,43 @@ void ndpi_check_rx(struct ndpi_detection_module_struct *ndpi_struct, /* TYPE and FLAGS combo */ switch(header->type) { - case DATA: + case RX_DATA: if(header->flags == LAST_PKT || header->flags == EMPTY || header->flags == PLUS_0 || header->flags == PLUS_1 || header->flags == PLUS_2 || header->flags == REQ_ACK || header->flags == MORE_1) goto security; /* Fall-through */ - case ACK: + case RX_ACK: if(header->flags == CLIENT_INIT_1 || header->flags == CLIENT_INIT_2 || header->flags == EMPTY) goto security; /* Fall-through */ - case CHALLENGE: + case RX_CHALLENGE: if(header->flags == EMPTY || header->call_number == 0) goto security; /* Fall-through */ - case RESPONSE: + case RX_RESPONSE: if(header->flags == EMPTY || header->call_number == 0) goto security; /* Fall-through */ - case ACKALL: + case RX_ACKALL: if(header->flags == EMPTY) goto security; /* Fall-through */ - case BUSY: + case RX_BUSY: goto security; - case ABORT: + case RX_ABORT: goto security; - case DEBUG: + case RX_DEBUG: goto security; - case PARAM_1: + case RX_PARAM_1: goto security; - case PARAM_2: + case RX_PARAM_2: goto security; - case PARAM_3: + case RX_PARAM_3: goto security; - case VERS: + case RX_VERS: goto security; default: NDPI_EXCLUDE_PROTO(ndpi_struct, flow); diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index 9e17f32a1..de2d1f092 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -30,7 +30,7 @@ static int is_port(u_int16_t a, u_int16_t b, u_int16_t c) { static int ndpi_check_skype_udp_again(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; u_int32_t payload_len = packet->payload_packet_len; - + int i; const uint8_t id_flags_iv_crc_len = 11; const uint8_t crc_len = sizeof(flow->l4.udp.skype_crc); const uint8_t crc_offset = id_flags_iv_crc_len - crc_len; @@ -48,7 +48,7 @@ static int ndpi_check_skype_udp_again(struct ndpi_detection_module_struct *ndpi_ u_int8_t detected = 1; /* Check if both packets have the same CRC */ - for (int i = 0; i < crc_len && detected; i++) { + for (i = 0; i < crc_len && detected; i++) { if (packet->payload[crc_offset + i] != flow->l4.udp.skype_crc[i]) detected = 0; } diff --git a/src/lib/protocols/smb.c b/src/lib/protocols/smb.c index 27d13df44..23a61164c 100644 --- a/src/lib/protocols/smb.c +++ b/src/lib/protocols/smb.c @@ -37,7 +37,7 @@ void ndpi_search_smb_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc if(((packet->tcp->dest == fourfourfive) || (packet->tcp->source == fourfourfive)) && packet->payload_packet_len > (32 + 4 + 4) - && (packet->payload_packet_len - 4) == ntohl(get_u_int32_t(packet->payload, 0)) + && ((uint32_t)packet->payload_packet_len - 4) == ntohl(get_u_int32_t(packet->payload, 0)) ) { u_int8_t smbv1[] = { 0xff, 0x53, 0x4d, 0x42 }; diff --git a/src/lib/protocols/smpp.c b/src/lib/protocols/smpp.c index 318ff3cea..6d9031756 100644 --- a/src/lib/protocols/smpp.c +++ b/src/lib/protocols/smpp.c @@ -68,7 +68,7 @@ void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct, u_int32_t tmp_pdu_l = 0; u_int16_t pdu_c = 1; // loop PDUs (check if lengths are valid) - while(total_pdu_l < (packet->payload_packet_len-4)) { + while(total_pdu_l < ((uint32_t)packet->payload_packet_len-4)) { // get next PDU length tmp_pdu_l = ntohl(get_u_int32_t(packet->payload, total_pdu_l)); // if zero or overflowing , return, will try the next TCP segment diff --git a/src/lib/protocols/soulseek.c b/src/lib/protocols/soulseek.c index 1cd016271..acf06e119 100644 --- a/src/lib/protocols/soulseek.c +++ b/src/lib/protocols/soulseek.c @@ -112,7 +112,7 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, if(packet->payload_packet_len >= 12 && packet->payload_packet_len < 300 && get_l32(packet->payload, 4) == 1) { while (index + 4 < packet->payload_packet_len && !get_u_int16_t(packet->payload, index + 2) - && (index + get_l32(packet->payload, index)) < packet->payload_packet_len - 4) { + && (index + get_l32(packet->payload, index)) < (u_int32_t)packet->payload_packet_len - 4) { if(get_l32(packet->payload, index) < 8) /*Minimum soulseek login msg is 8B */ break; @@ -125,7 +125,7 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, } /* while */ if((packet->payload_packet_len >= (index+4)) - && (index + get_l32(packet->payload, index)) == (packet->payload_packet_len - 4) + && (index + get_l32(packet->payload, index)) == (u_int32_t)packet->payload_packet_len -4 && (get_u_int16_t(packet->payload, 10) != 0)) { /* This structure seems to be soulseek proto */ index = get_l32(packet->payload, 8) + 12; // end of "user name" @@ -150,7 +150,7 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, } if (packet->payload_packet_len > 8 && (packet->payload_packet_len < 200) - && get_l32(packet->payload, 0) == (packet->payload_packet_len - 4)) { + && get_l32(packet->payload, 0) == (u_int32_t)packet->payload_packet_len -4) { //Server Messages: const u_int32_t msgcode = get_l32(packet->payload, 4); @@ -177,7 +177,7 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, } } //Peer Messages : Peer Init Message Detection - if(get_l32(packet->payload, 0) == packet->payload_packet_len - 4) { + if(get_l32(packet->payload, 0) == (u_int32_t)packet->payload_packet_len - 4) { const u_int32_t typelen = get_l32(packet->payload, packet->payload_packet_len - 9); const u_int8_t type = packet->payload[packet->payload_packet_len - 5]; const u_int32_t namelen = get_l32(packet->payload, 5); @@ -204,7 +204,7 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, && !get_u_int16_t(packet->payload, 2)) { const u_int32_t usrlen = get_l32(packet->payload, 5); - if(usrlen <= packet->payload_packet_len - (4 + 1 + 4 + 4 + 1 + 4)) { + if(usrlen <= (u_int32_t)packet->payload_packet_len - (4 + 1 + 4 + 4 + 1 + 4)) { const u_int32_t typelen = get_l32(packet->payload, 4 + 1 + 4 + usrlen); const u_int8_t type = packet->payload[4 + 1 + 4 + usrlen + 4]; if(typelen == 1 && (type == 'F' || type == 'P' || type == 'D')) { @@ -223,7 +223,7 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, SOULSEEK_DETECT; return; } - if(get_l32(packet->payload, 0) == packet->payload_packet_len - 4) { + if(get_l32(packet->payload, 0) == (u_int32_t)packet->payload_packet_len - 4) { const u_int32_t msgcode = get_l32(packet->payload, 4); if(msgcode == 0x03 && packet->payload_packet_len >= 12) //Server Message : Get Peer Address { diff --git a/src/lib/protocols/spotify.c b/src/lib/protocols/spotify.c index d66109016..4934953b9 100644 --- a/src/lib/protocols/spotify.c +++ b/src/lib/protocols/spotify.c @@ -89,12 +89,12 @@ static void ndpi_check_spotify(struct ndpi_detection_module_struct *ndpi_struct, //printf("%08X - %08X\n", ntohl(packet->iph->saddr), ntohl(packet->iph->daddr)); - long src_addr = ntohl(packet->iph->saddr); - long dst_addr = ntohl(packet->iph->daddr); - long src_addr_masked_22 = src_addr & 0xFFFFFC00; // */22 - long dst_addr_masked_22 = dst_addr & 0xFFFFFC00; // */22 - long src_addr_masked_24 = src_addr & 0xFFFFFF00; // */24 - long dst_addr_masked_24 = dst_addr & 0xFFFFFF00; // */24 + unsigned long src_addr = ntohl(packet->iph->saddr); + unsigned long dst_addr = ntohl(packet->iph->daddr); + unsigned long src_addr_masked_22 = src_addr & 0xFFFFFC00; // */22 + unsigned long dst_addr_masked_22 = dst_addr & 0xFFFFFC00; // */22 + unsigned long src_addr_masked_24 = src_addr & 0xFFFFFF00; // */24 + unsigned long dst_addr_masked_24 = dst_addr & 0xFFFFFF00; // */24 if( src_addr_masked_22 == 0x4E1F0800 /* 78.31.8.0 */ || dst_addr_masked_22 == 0x4E1F0800 /* 78.31.8.0 */ diff --git a/src/lib/protocols/tinc.c b/src/lib/protocols/tinc.c index 38659641e..ac209bd41 100644 --- a/src/lib/protocols/tinc.c +++ b/src/lib/protocols/tinc.c @@ -75,7 +75,7 @@ static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, st case 0: case 1: if(payload_len > 6 && memcmp(packet_payload, "0 ", 2) == 0 && packet_payload[2] != ' ') { - u_int16_t i = 3; + u_int32_t i = 3; while(i < payload_len && packet_payload[i++] != ' '); if(i+3 == payload_len && memcmp((packet_payload+i), "17\n", 3) == 0) { flow->tinc_state++; diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 67909fc87..9191272c2 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -222,7 +222,7 @@ void ndpi_search_tls_tcp_memory(struct ndpi_detection_module_struct *ndpi_struct /* **************************************** */ -static void cleanupServerName(char *buffer, int buffer_len) { +static void cleanupServerName(char *buffer, u_int buffer_len) { u_int i; /* Now all lowecase */ @@ -318,7 +318,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi struct ndpi_flow_struct *flow, u_int16_t p_offset, u_int16_t certificate_len) { struct ndpi_packet_struct *packet = &flow->packet; - u_int num_found = 0, i; + u_int16_t num_found = 0, i; char buffer[64] = { '\0' }, rdnSeqBuf[2048] = { '\0' }; u_int rdn_len = 0; @@ -690,7 +690,7 @@ int processCertificate(struct ndpi_detection_module_struct *ndpi_struct, #ifdef DEBUG_CERTIFICATE_HASH { - int i; + u_int32_t i; for(i=0;i<certificate_len;i++) printf("%02X ", packet->payload[certificates_offset+i]); @@ -711,7 +711,8 @@ int processCertificate(struct ndpi_detection_module_struct *ndpi_struct, const size_t sha1_siz = sizeof(flow->protos.tls_quic_stun.tls_quic.sha1_certificate_fingerprint); char sha1_str[20 /* sha1_siz */ * 2 + 1]; static const char hexalnum[] = "0123456789ABCDEF"; - for (size_t i = 0; i < sha1_siz; ++i) { + size_t i; + for (i = 0; i < sha1_siz; ++i) { u_int8_t lower = (sha1[i] & 0x0F); u_int8_t upper = (sha1[i] & 0xF0) >> 4; sha1_str[i*2] = hexalnum[upper]; @@ -1097,7 +1098,7 @@ static void tlsCheckUncommonALPN(struct ndpi_detection_module_struct *ndpi_struc if(!is_a_common_alpn(ndpi_struct, alpn_start, alpn_len)) { #ifdef DEBUG_TLS - printf("TLS uncommon ALPN found: %.*s\n", alpn_len, alpn); + printf("TLS uncommon ALPN found: %.*s\n", (int)alpn_len, alpn); #endif ndpi_set_risk(ndpi_struct, flow, NDPI_TLS_UNCOMMON_ALPN); break; @@ -1348,7 +1349,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, printf("Server TLS [ALPN: %u]\n", alpn_len); #endif - if((alpn_str_len+alpn_len+1) < (sizeof(alpn_str)-1)) { + if(((uint32_t)alpn_str_len+alpn_len+1) < (sizeof(alpn_str)-1)) { if(alpn_str_len > 0) { alpn_str[alpn_str_len] = ','; alpn_str_len++; @@ -1823,7 +1824,8 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, continue; } else { /* Check for other duplications */ - u_int j, all_ok = 1; + u_int all_ok = 1; + int j; for(j=0; j<tot_signature_algorithms_len; j+=2) { if(j != i) { @@ -1934,7 +1936,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, printf("Client TLS [ALPN: %u]\n", alpn_len); #endif - if((alpn_str_len+alpn_len+1) < (sizeof(alpn_str)-1)) { + if(((uint32_t)alpn_str_len+alpn_len+1) < (sizeof(alpn_str)-1)) { if(alpn_str_len > 0) { alpn_str[alpn_str_len] = ','; alpn_str_len++; @@ -1968,7 +1970,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t s_offset = offset+extension_offset; u_int8_t version_len = packet->payload[s_offset]; char version_str[256]; - u_int8_t version_str_len = 0; + size_t version_str_len = 0; version_str[0] = 0; #ifdef DEBUG_TLS printf("Client TLS [TLS version len: %u]\n", version_len); diff --git a/src/lib/protocols/ubntac2.c b/src/lib/protocols/ubntac2.c index 49a63ed0a..b2d3f5ab4 100644 --- a/src/lib/protocols/ubntac2.c +++ b/src/lib/protocols/ubntac2.c @@ -55,7 +55,8 @@ void ndpi_search_ubntac2(struct ndpi_detection_module_struct *ndpi_struct, struc if(found < packet->payload_packet_len) { char version[256]; - int i, j, len; + int len; + u_int i, j; for(i=found, j=0; (i < packet->payload_packet_len) && (i < (sizeof(version)-1)) |