Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Address code analysis warnings

Browse Source 
Signed-off-by: Simon Rozman <simon@rozman.si>
This commit is contained in:
Simon Rozman
2019-08-22 20:44:38 +02:00
parent a459823beb
commit 6fb5cb88d2
60 changed files with 935 additions and 960 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/TTLS/include/Config.h
View File

@@ -69,7 +69,7 @@ namespace eap
///
/// \param[in] other Configuration to move from
///
config_method_ttls(_Inout_ config_method_ttls &&other);
config_method_ttls(_Inout_ config_method_ttls &&other) noexcept;
///
/// Copies configuration
@@ -87,7 +87,7 @@ namespace eap
///
/// \returns Reference to this object
///
config_method_ttls& operator=(_Inout_ config_method_ttls &&other);
config_method_ttls& operator=(_Inout_ config_method_ttls &&other) noexcept;
virtual config* clone() const;

6
lib/TTLS/include/Credentials.h
View File

@@ -62,7 +62,7 @@ namespace eap
///
/// \param[in] other Credentials to move from
///
credentials_ttls(_Inout_ credentials_ttls &&other);
credentials_ttls(_Inout_ credentials_ttls &&other) noexcept;
///
/// Copies credentials
@@ -80,7 +80,7 @@ namespace eap
///
/// \returns Reference to this object
///
credentials_ttls& operator=(_Inout_ credentials_ttls &&other);
credentials_ttls& operator=(_Inout_ credentials_ttls &&other) noexcept;
virtual config* clone() const;
virtual void clear();
@@ -127,7 +127,7 @@ namespace eap
///
virtual source_t combine(
_In_ DWORD dwFlags,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ HANDLE hTokenImpersonateUser,
_In_opt_ const credentials *cred_cached,
_In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName);

17
lib/TTLS/include/Method.h
View File

@@ -93,7 +93,7 @@ namespace eap
///
/// \param[in] other Method to move from
///
method_defrag(_Inout_ method_defrag &&other);
method_defrag(_Inout_ method_defrag &&other) noexcept;
///
/// Moves a method
@@ -102,7 +102,7 @@ namespace eap
///
/// \returns Reference to this object
///
method_defrag& operator=(_Inout_ method_defrag &&other);
method_defrag& operator=(_Inout_ method_defrag &&other) noexcept;
/// \name Session management
/// @{
@@ -129,7 +129,6 @@ namespace eap
/// @}
protected:
DWORD m_size_frag_max; ///< Maximum size of a fragment
sanitizing_blob m_data_req; ///< Data in request
sanitizing_blob m_data_res; ///< Data in response
bool m_send_res; ///< Are we sending a response?
@@ -156,7 +155,7 @@ namespace eap
///
/// \param[in] other Method to move from
///
method_eapmsg(_Inout_ method_eapmsg &&other);
method_eapmsg(_Inout_ method_eapmsg &&other) noexcept;
///
/// Moves a method
@@ -165,7 +164,7 @@ namespace eap
///
/// \returns Reference to this object
///
method_eapmsg& operator=(_Inout_ method_eapmsg &&other);
method_eapmsg& operator=(_Inout_ method_eapmsg &&other) noexcept;
/// \name Session management
/// @{
@@ -230,7 +229,7 @@ namespace eap
///
/// \param[in] other TTLS method to move from
///
method_ttls(_Inout_ method_ttls &&other);
method_ttls(_Inout_ method_ttls &&other) noexcept;
///
/// Moves a TTLS method
@@ -239,7 +238,7 @@ namespace eap
///
/// \returns Reference to this object
///
method_ttls& operator=(_Inout_ method_ttls &&other);
method_ttls& operator=(_Inout_ method_ttls &&other) noexcept;
/// \name Session management
/// @{
@@ -266,8 +265,8 @@ namespace eap
/// @}
virtual void get_result(
_In_ EapPeerMethodResultReason reason,
_Out_ EapPeerMethodResult *pResult);
_In_ EapPeerMethodResultReason reason,
_Inout_ EapPeerMethodResult *pResult);
protected:
#if EAP_TLS < EAP_TLS_SCHANNEL_FULL

20
lib/TTLS/include/Module.h
View File

@@ -115,16 +115,16 @@ namespace eap
_Out_ EapPeerMethodOutput *pEapOutput);
virtual void get_response_packet(
_In_ EAP_SESSION_HANDLE hSession,
_Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket,
_Inout_ DWORD *pdwSendPacketSize);
_In_ EAP_SESSION_HANDLE hSession,
_Out_bytecapcount_(*pdwSendPacketSize) EapPacket *pSendPacket,
_Inout_ DWORD *pdwSendPacketSize);
/// @}
virtual void get_result(
_In_ EAP_SESSION_HANDLE hSession,
_In_ EapPeerMethodResultReason reason,
_Out_ EapPeerMethodResult *pResult);
_In_ EAP_SESSION_HANDLE hSession,
_In_ EapPeerMethodResultReason reason,
_Inout_ EapPeerMethodResult *pResult);
/// \name User Interaction
/// @{
@@ -167,12 +167,12 @@ namespace eap
///
/// Checks all configured providers and tries to combine credentials.
///
const config_method_ttls* combine_credentials(
_Success_(return != 0) const config_method_ttls* combine_credentials(
_In_ DWORD dwFlags,
_In_ const config_connection &cfg,
_In_count_(dwUserDataSize) const BYTE *pUserData,
_In_ DWORD dwUserDataSize,
_Out_ credentials_connection& cred_out,
_Inout_ credentials_connection& cred_out,
_In_ HANDLE hTokenImpersonateUser);
protected:
@@ -223,7 +223,7 @@ namespace eap
///
/// \param[in] other Thread to move from
///
crl_checker(_Inout_ crl_checker &&other);
crl_checker(_Inout_ crl_checker &&other) noexcept;
///
/// Moves a thread
@@ -232,7 +232,7 @@ namespace eap
///
/// \returns Reference to this object
///
crl_checker& operator=(_Inout_ crl_checker &&other);
crl_checker& operator=(_Inout_ crl_checker &&other) noexcept;
///
/// Verifies server's certificate if it has been revoked

4
lib/TTLS/include/UIContext.h
View File

@@ -61,7 +61,7 @@ namespace eap
///
/// \param[in] other Credentials to move from
///
ui_context_ttls(_Inout_ ui_context_ttls &&other);
ui_context_ttls(_Inout_ ui_context_ttls &&other) noexcept;
///
/// Copies context
@@ -79,7 +79,7 @@ namespace eap
///
/// \returns Reference to this object
///
ui_context_ttls& operator=(_Inout_ ui_context_ttls &&other);
ui_context_ttls& operator=(_Inout_ ui_context_ttls &&other) noexcept;
/// \name BLOB management
/// @{

4
lib/TTLS/src/Config.cpp
View File

@@ -45,7 +45,7 @@ eap::config_method_ttls::config_method_ttls(const _In_ config_method_ttls &other
}
eap::config_method_ttls::config_method_ttls(_Inout_ config_method_ttls &&other) :
eap::config_method_ttls::config_method_ttls(_Inout_ config_method_ttls &&other) noexcept :
m_inner(std::move(other.m_inner)),
m_anonymous_identity(std::move(other.m_anonymous_identity)),
config_method_tls(std::move(other))
@@ -65,7 +65,7 @@ eap::config_method_ttls& eap::config_method_ttls::operator=(const _In_ config_me
}
eap::config_method_ttls& eap::config_method_ttls::operator=(_Inout_ config_method_ttls &&other)
eap::config_method_ttls& eap::config_method_ttls::operator=(_Inout_ config_method_ttls &&other) noexcept
{
if (this != &other) {
(config_method_tls&&)*this = std::move(other);

6
lib/TTLS/src/Credentials.cpp
View File

@@ -41,7 +41,7 @@ eap::credentials_ttls::credentials_ttls(_In_ const credentials_ttls &other) :
}
eap::credentials_ttls::credentials_ttls(_Inout_ credentials_ttls &&other) :
eap::credentials_ttls::credentials_ttls(_Inout_ credentials_ttls &&other) noexcept :
m_inner(std::move(other.m_inner)),
credentials_tls(std::move(other))
{
@@ -59,7 +59,7 @@ eap::credentials_ttls& eap::credentials_ttls::operator=(_In_ const credentials_t
}
eap::credentials_ttls& eap::credentials_ttls::operator=(_Inout_ credentials_ttls &&other)
eap::credentials_ttls& eap::credentials_ttls::operator=(_Inout_ credentials_ttls &&other) noexcept
{
if (this != &other) {
(credentials_tls&)*this = std::move(other);
@@ -180,7 +180,7 @@ wstring eap::credentials_ttls::get_identity() const
eap::credentials::source_t eap::credentials_ttls::combine(
_In_ DWORD dwFlags,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ HANDLE hTokenImpersonateUser,
_In_opt_ const credentials *cred_cached,
_In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName)

28
lib/TTLS/src/Method.cpp
View File

@@ -37,7 +37,7 @@ eap::method_defrag::method_defrag(_In_ module &mod, _In_ method *inner) :
}
eap::method_defrag::method_defrag(_Inout_ method_defrag &&other) :
eap::method_defrag::method_defrag(_Inout_ method_defrag &&other) noexcept :
m_data_req (std::move(other.m_data_req)),
m_data_res (std::move(other.m_data_res)),
m_send_res (std::move(other.m_send_res)),
@@ -46,7 +46,7 @@ eap::method_defrag::method_defrag(_Inout_ method_defrag &&other) :
}
eap::method_defrag& eap::method_defrag::operator=(_Inout_ method_defrag &&other)
eap::method_defrag& eap::method_defrag::operator=(_Inout_ method_defrag &&other) noexcept
{
if (this != std::addressof(other)) {
(method_tunnel&)*this = std::move(other );
@@ -181,7 +181,7 @@ eap::method_eapmsg::method_eapmsg(_In_ module &mod, _In_ const wchar_t *identity
}
eap::method_eapmsg::method_eapmsg(_Inout_ method_eapmsg &&other) :
eap::method_eapmsg::method_eapmsg(_Inout_ method_eapmsg &&other) noexcept :
m_identity (std::move(other.m_identity )),
m_phase (std::move(other.m_phase )),
m_packet_res (std::move(other.m_packet_res)),
@@ -190,7 +190,7 @@ eap::method_eapmsg::method_eapmsg(_Inout_ method_eapmsg &&other) :
}
eap::method_eapmsg& eap::method_eapmsg::operator=(_Inout_ method_eapmsg &&other)
eap::method_eapmsg& eap::method_eapmsg::operator=(_Inout_ method_eapmsg &&other) noexcept
{
if (this != std::addressof(other)) {
(method_tunnel&)*this = std::move(other );
@@ -215,7 +215,7 @@ void eap::method_eapmsg::begin_session(
// Inner method can generate packets of up to 16MB (less the Diameter AVP header).
// Initialize inner method with appropriately less packet size maximum.
if (dwMaxSendPacketSize < sizeof(diameter_avp_header))
throw invalid_argument(string_printf(__FUNCTION__ " Maximum packet size too small (minimum: %u, available: %u).", sizeof(diameter_avp_header) + 1, dwMaxSendPacketSize));
throw invalid_argument(string_printf(__FUNCTION__ " Maximum packet size too small (minimum: %zu, available: %u).", sizeof(diameter_avp_header) + 1, dwMaxSendPacketSize));
assert(m_inner);
m_inner->begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, std::min<DWORD>(dwMaxSendPacketSize, 0xffffff) - sizeof(diameter_avp_header));
@@ -325,7 +325,7 @@ void eap::method_eapmsg::get_response_packet(
packet.insert(packet.end(), (unsigned int)((4 - size_packet) % 4), 0);
} else {
if (m_packet_res.size() > size_max)
throw invalid_argument(string_printf(__FUNCTION__ " This method does not support packet fragmentation, but the data size is too big to fit in one packet (packet: %u, maximum: %u).", m_packet_res.size(), size_max));
throw invalid_argument(string_printf(__FUNCTION__ " This method does not support packet fragmentation, but the data size is too big to fit in one packet (packet: %zu, maximum: %u).", m_packet_res.size(), size_max));
packet.assign(m_packet_res.begin(), m_packet_res.end());
}
@@ -344,10 +344,12 @@ eap::method_ttls::method_ttls(_In_ module &mod, _In_ config_method_ttls &cfg, _I
m_packet_res_inner(false),
method_tunnel(mod, inner)
{
m_eap_attr_desc.dwNumberOfAttributes = 0;
m_eap_attr_desc.pAttribs = NULL;
}
eap::method_ttls::method_ttls(_Inout_ method_ttls &&other) :
eap::method_ttls::method_ttls(_Inout_ method_ttls &&other) noexcept :
m_cfg ( other.m_cfg ),
m_cred ( other.m_cred ),
m_user_ctx (std::move(other.m_user_ctx )),
@@ -362,10 +364,12 @@ eap::method_ttls::method_ttls(_Inout_ method_ttls &&other) :
m_eap_attr (std::move(other.m_eap_attr )),
method_tunnel (std::move(other ))
{
m_eap_attr_desc.dwNumberOfAttributes = (DWORD)m_eap_attr.size();
m_eap_attr_desc.pAttribs = m_eap_attr.data();
}
eap::method_ttls& eap::method_ttls::operator=(_Inout_ method_ttls &&other)
eap::method_ttls& eap::method_ttls::operator=(_Inout_ method_ttls &&other) noexcept
{
if (this != std::addressof(other)) {
assert(std::addressof(m_cfg ) == std::addressof(other.m_cfg )); // Move method within same configuration only!
@@ -770,11 +774,11 @@ void eap::method_ttls::get_response_packet(
if (FAILED(status))
throw sec_runtime_error(status, __FUNCTION__ " Error getting Schannel required encryption sizes.");
if (m_packet_res.size() + sizes.cbHeader + sizes.cbTrailer > size_max)
throw invalid_argument(string_printf(__FUNCTION__ " This method does not support packet fragmentation, but the data size is too big to fit in one packet (packet: %u, maximum: %u).", m_packet_res.size(), size_max));
throw invalid_argument(string_printf(__FUNCTION__ " This method does not support packet fragmentation, but the data size is too big to fit in one packet (packet: %zu, maximum: %u).", m_packet_res.size(), size_max));
sizes.cbMaximumMessage = std::min<unsigned long>(sizes.cbMaximumMessage, size_max - (unsigned long)(m_packet_res.size() + sizes.cbHeader + sizes.cbTrailer));
// Get inner response packet.
packet.reserve(sizes.cbHeader + sizes.cbMaximumMessage + sizes.cbTrailer);
packet.reserve((size_t)sizes.cbHeader + sizes.cbMaximumMessage + sizes.cbTrailer);
method_tunnel::get_response_packet(packet, sizes.cbMaximumMessage);
if (!packet.empty()) {
DWORD size_data = (DWORD)packet.size();
@@ -799,7 +803,7 @@ void eap::method_ttls::get_response_packet(
m_packet_res.insert(m_packet_res.end(), reinterpret_cast<const unsigned char*>(buf[0].pvBuffer), reinterpret_cast<const unsigned char*>(buf[0].pvBuffer) + buf[0].cbBuffer + buf[1].cbBuffer + buf[2].cbBuffer);
}
} else if (m_packet_res.size() > size_max)
throw invalid_argument(string_printf(__FUNCTION__ " This method does not support packet fragmentation, but the data size is too big to fit in one packet (packet: %u, maximum: %u).", m_packet_res.size(), size_max));
throw invalid_argument(string_printf(__FUNCTION__ " This method does not support packet fragmentation, but the data size is too big to fit in one packet (packet: %zu, maximum: %u).", m_packet_res.size(), size_max));
packet.assign(m_packet_res.begin(), m_packet_res.end());
}
@@ -819,7 +823,7 @@ void eap::method_ttls::get_result(
// Prepare EAP result attributes.
if (pResult->pAttribArray) {
m_eap_attr.reserve(pResult->pAttribArray->dwNumberOfAttributes + 3);
m_eap_attr.reserve((size_t)pResult->pAttribArray->dwNumberOfAttributes + 3);
m_eap_attr.clear();
// Copy all EAP attributes from inner method up to blank terminator. Exclude any MPPE-Recv-Key or MPPE-Send-Key if found.
for (auto attr = pResult->pAttribArray->pAttribs, attr_end = pResult->pAttribArray->pAttribs + pResult->pAttribArray->dwNumberOfAttributes; attr != attr_end && attr->eaType; ++attr) {

29
lib/TTLS/src/Module.cpp
View File

@@ -92,6 +92,8 @@ void eap::peer_ttls::get_identity(
_Out_ BOOL *pfInvokeUI,
_Out_ WCHAR **ppwszIdentity)
{
assert(ppUserDataOut);
assert(pdwUserDataOutSize);
assert(pfInvokeUI);
assert(ppwszIdentity);
@@ -111,7 +113,10 @@ void eap::peer_ttls::get_identity(
if ((dwFlags & EAP_FLAG_MACHINE_AUTH) == 0) {
// Per-user authentication, request UI.
log_event(&EAPMETHOD_TRACE_EVT_CRED_INVOKE_UI2, event_data::blank);
*ppUserDataOut = NULL;
*pdwUserDataOutSize = 0;
*pfInvokeUI = TRUE;
*ppwszIdentity = NULL;
return;
} else {
// Per-machine authentication, cannot use UI.
@@ -308,9 +313,9 @@ void eap::peer_ttls::process_request_packet(
void eap::peer_ttls::get_response_packet(
_In_ EAP_SESSION_HANDLE hSession,
_Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket,
_Inout_ DWORD *pdwSendPacketSize)
_In_ EAP_SESSION_HANDLE hSession,
_Out_bytecapcount_(*pdwSendPacketSize) EapPacket *pSendPacket,
_Inout_ DWORD *pdwSendPacketSize)
{
assert(pdwSendPacketSize);
assert(pSendPacket || !*pdwSendPacketSize);
@@ -393,8 +398,8 @@ void eap::peer_ttls::set_ui_context(
void eap::peer_ttls::get_response_attributes(
_In_ EAP_SESSION_HANDLE hSession,
_Inout_ EapAttributes *pAttribs)
_In_ EAP_SESSION_HANDLE hSession,
_Out_ EapAttributes *pAttribs)
{
static_cast<session*>(hSession)->m_method->get_response_attributes(pAttribs);
}
@@ -422,12 +427,12 @@ void eap::peer_ttls::spawn_crl_check(_Inout_ winstd::cert_context &&cert)
}
const eap::config_method_ttls* eap::peer_ttls::combine_credentials(
_Success_(return != 0) const eap::config_method_ttls* eap::peer_ttls::combine_credentials(
_In_ DWORD dwFlags,
_In_ const config_connection &cfg,
_In_count_(dwUserDataSize) const BYTE *pUserData,
_In_ DWORD dwUserDataSize,
_Out_ credentials_connection& cred_out,
_Inout_ credentials_connection& cred_out,
_In_ HANDLE hTokenImpersonateUser)
{
#if EAP_USE_NATIVE_CREDENTIAL_CACHE
@@ -560,7 +565,7 @@ eap::peer_ttls::crl_checker::crl_checker(_In_ module &mod, _Inout_ winstd::cert_
}
eap::peer_ttls::crl_checker::crl_checker(_Inout_ crl_checker &&other) :
eap::peer_ttls::crl_checker::crl_checker(_Inout_ crl_checker &&other) noexcept :
m_module( other.m_module ),
m_thread(std::move(other.m_thread)),
m_abort (std::move(other.m_abort )),
@@ -569,7 +574,7 @@ eap::peer_ttls::crl_checker::crl_checker(_Inout_ crl_checker &&other) :
}
eap::peer_ttls::crl_checker& eap::peer_ttls::crl_checker::operator=(_Inout_ crl_checker &&other)
eap::peer_ttls::crl_checker& eap::peer_ttls::crl_checker::operator=(_Inout_ crl_checker &&other) noexcept
{
if (this != std::addressof(other)) {
assert(std::addressof(m_module) == std::addressof(other.m_module)); // Move threads within same module only!
@@ -627,7 +632,7 @@ DWORD WINAPI eap::peer_ttls::crl_checker::verify(_In_ crl_checker *obj)
switch (status_rev.dwError) {
case CRYPT_E_NO_REVOCATION_CHECK:
// Revocation check could not be performed.
c += status_rev.dwIndex + 1;
c += (size_t)status_rev.dwIndex + 1;
if (c == c_end) {
// This "error" is expected for the root CA certificate.
} else {
@@ -663,7 +668,7 @@ DWORD WINAPI eap::peer_ttls::crl_checker::verify(_In_ crl_checker *obj)
}}
// Resume checking the rest of the chain.
c += status_rev.dwIndex + 1;
c += (size_t)status_rev.dwIndex + 1;
break;
case ERROR_SUCCESS:
@@ -674,7 +679,7 @@ DWORD WINAPI eap::peer_ttls::crl_checker::verify(_In_ crl_checker *obj)
default:
// Checking one of the certificates in the chain for revocation failed. Resume checking the rest.
obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKE_FAILED, event_data((unsigned int)eap_type_ttls), event_data(subj), event_data(status_rev.dwError), event_data::blank);
c += status_rev.dwIndex + 1;
c += (size_t)status_rev.dwIndex + 1;
}
} else {
// Revocation check finished.

4
lib/TTLS/src/UIContext.cpp
View File

@@ -41,7 +41,7 @@ eap::ui_context_ttls::ui_context_ttls(_In_ const ui_context_ttls &other) :
}
eap::ui_context_ttls::ui_context_ttls(_Inout_ ui_context_ttls &&other) :
eap::ui_context_ttls::ui_context_ttls(_Inout_ ui_context_ttls &&other) noexcept :
m_data (std::move(other.m_data)),
ui_context(std::move(other ))
{
@@ -59,7 +59,7 @@ eap::ui_context_ttls& eap::ui_context_ttls::operator=(_In_ const ui_context_ttls
}
eap::ui_context_ttls& eap::ui_context_ttls::operator=(_Inout_ ui_context_ttls &&other)
eap::ui_context_ttls& eap::ui_context_ttls::operator=(_Inout_ ui_context_ttls &&other) noexcept
{
if (this != &other) {
(ui_context&)*this = std::move(other );