[Git][NTPsec/ntpsec][filt-fix] 4 commits: waf: Prepend, anot append, computed CFLAGS.
Ian Bruene
gitlab at mg.gitlab.com
Thu Apr 13 18:23:43 UTC 2017
Ian Bruene pushed to branch filt-fix at NTPsec / ntpsec
Commits:
f8efefbb by Gary E. Miller at 2017-04-13T10:23:04-07:00
waf: Prepend, anot append, computed CFLAGS.
This allows user provided CFLAGS to override the computed
CFLAGS. As before the user can still use bad CFLAGs.
- - - - -
280cf6db by Gary E. Miller at 2017-04-13T11:10:53-07:00
decodenetnum(): return more error codes.
Adjust tests to match.
- - - - -
c3e3769f by Gary E. Miller at 2017-04-13T11:20:07-07:00
tests/leapsec: stop mising bools and ints
- - - - -
7593fdbe by Ian Bruene at 2017-04-13T18:23:16+00:00
Belated filtcooker/stringfiltcooker swap
- - - - -
5 changed files:
- libntp/decodenetnum.c
- ntpclients/ntpmon
- tests/libntp/decodenetnum.c
- tests/ntpd/leapsec.c
- wafhelpers/configure.py
Changes:
=====================================
libntp/decodenetnum.c
=====================================
--- a/libntp/decodenetnum.c
+++ b/libntp/decodenetnum.c
@@ -40,19 +40,20 @@ decodenetnum(
const char *ip_start, *ip_end, *port_start, *temp;
size_t numlen;
bool have_brackets;
+ int retcode = 0;
char ip[INET6_ADDRSTRLEN];
ZERO(*netnum); /* don't return random data on fail */
/* check num not NULL before using it */
if ( NULL == num) {
- return -1;
+ return -4001;
}
numlen = strlen(num);
/* Quickly reject empty or impossibly long inputs. */
if(numlen == 0 ||
numlen > ((sizeof(ip) - 1) + (NI_MAXSERV - 1) + (3 /* "[]:" */))) {
- return -2;
+ return -4002;
}
/* Is this a bracketed IPv6 address? */
@@ -73,7 +74,7 @@ decodenetnum(
}
else {
/* Anything else must be invalid. */
- return -3;
+ return -4003;
}
}
/* No brackets. Searching backward, see if there's at least one
@@ -107,7 +108,7 @@ decodenetnum(
whether the IP is short enough to possibly be valid and
if so copy it into ip. */
if ((ip_end - ip_start + 1) > (int)sizeof(ip)) {
- return -4;
+ return -4004;
} else {
memcpy(ip, ip_start, (size_t)(ip_end - ip_start));
ip[ip_end - ip_start] = '\0';
@@ -125,9 +126,10 @@ decodenetnum(
either the IP address or the port is well-formed, but at
least they're unambiguously delimited from each other.
Let getaddrinfo() perform all further validation. */
- if(getaddrinfo(ip, port_start == NULL ? "ntp" : port_start,
- &hints, &ai) != 0) {
- return -5;
+ retcode = getaddrinfo(ip, port_start == NULL ? "ntp" : port_start,
+ &hints, &ai);
+ if(retcode) {
+ return retcode;
}
NTP_INSIST(ai->ai_addrlen <= sizeof(*netnum));
=====================================
ntpclients/ntpmon
=====================================
--- a/ntpclients/ntpmon
+++ b/ntpclients/ntpmon
@@ -118,9 +118,9 @@ def peer_detail(variables, showunits=False):
ntp.util.UNIT_S,
strip=True,
width=None)
- vcopy['filtdelay'] = ntp.util.filtcooker(vcopyraw['filtdelay'])
- vcopy['filtoffset'] = ntp.util.filtcooker(vcopyraw['filtoffset'])
- vcopy['filtdisp'] = ntp.util.filtcooker(vcopyraw['filtdisp'])
+ vcopy['filtdelay'] = ntp.util.stringfiltcooker(vcopyraw['filtdelay'])
+ vcopy['filtoffset'] = ntp.util.stringfiltcooker(vcopyraw['filtoffset'])
+ vcopy['filtdisp'] = ntp.util.stringfiltcooker(vcopyraw['filtdisp'])
else:
vcopy['filtdelay'] = vcopy['filtdelay'].replace(' ', '\t')
vcopy['filtoffset'] = vcopy['filtoffset'].replace(' ', '\t')
=====================================
tests/libntp/decodenetnum.c
=====================================
--- a/tests/libntp/decodenetnum.c
+++ b/tests/libntp/decodenetnum.c
@@ -93,7 +93,7 @@ TEST(decodenetnum, IllegalAddress) {
int ret;
ret = decodenetnum(str, &actual);
- TEST_ASSERT_EQUAL_INT(-5, ret);
+ TEST_ASSERT_NOT_EQUAL(0, ret);
}
TEST(decodenetnum, IllegalCharInPort) {
@@ -110,7 +110,7 @@ TEST(decodenetnum, IllegalCharInPort) {
SET_PORT(&expected, NTP_PORT);
ret = decodenetnum(str, &actual);
- TEST_ASSERT_EQUAL_INT(-5, ret);
+ TEST_ASSERT_NOT_EQUAL(0, ret);
TEST_ASSERT_TRUE(IsDiffS(&expected, &actual));
}
=====================================
tests/ntpd/leapsec.c
=====================================
--- a/tests/ntpd/leapsec.c
+++ b/tests/ntpd/leapsec.c
@@ -711,7 +711,7 @@ TEST(leapsec, ls2009seqInsDumb) {
rc = setup_load_table(leap1);
TEST_ASSERT_TRUE(rc);
- TEST_ASSERT_EQUAL(0, leapsec_electric(-1));
+ TEST_ASSERT_FALSE(leapsec_electric(-1));
rc = leapsec_query(&qr, lsec2009 - 60*SECSPERDAY);
TEST_ASSERT_FALSE(rc);
@@ -802,7 +802,7 @@ TEST(leapsec, ls2009seqDelDumb) {
rc = setup_load_table(leap3);
TEST_ASSERT_TRUE(rc);
- TEST_ASSERT_EQUAL(0, leapsec_electric(-1));
+ TEST_ASSERT_FALSE(leapsec_electric(-1));
rc = leapsec_query(&qr, lsec2009 - 60*SECSPERDAY);
TEST_ASSERT_FALSE(rc);
@@ -887,7 +887,7 @@ TEST(leapsec, ls2012seqInsDumb) {
rc = setup_load_table(leap1);
TEST_ASSERT_TRUE(rc);
- TEST_ASSERT_EQUAL(0, leapsec_electric(-1));
+ TEST_ASSERT_FALSE(leapsec_electric(-1));
rc = leapsec_query(&qr, lsec2012 - 60*SECSPERDAY);
TEST_ASSERT_FALSE(rc);
@@ -937,7 +937,7 @@ TEST(leapsec, lsEmptyTableDumb) {
const uint32_t t0 = lsec2012 - 10;
const uint32_t tE = lsec2012 + 10;
- TEST_ASSERT_EQUAL(0, leapsec_electric(-1));
+ TEST_ASSERT_FALSE(leapsec_electric(-1));
for (t = t0; t != tE; ++t) {
rc = leapsec_query(&qr, t);
@@ -955,7 +955,7 @@ TEST(leapsec, lsEmptyTableElectric) {
time_t t;
leapsec_electric(electric_on);
- TEST_ASSERT_EQUAL(electric_on, leapsec_electric(electric_query));
+ TEST_ASSERT(electric_on == leapsec_electric(electric_query));
const time_t t0 = lsec2012 - 10;
const time_t tE = lsec2012 + 10;
=====================================
wafhelpers/configure.py
=====================================
--- a/wafhelpers/configure.py
+++ b/wafhelpers/configure.py
@@ -265,8 +265,10 @@ def cmd_configure(ctx, config):
("z_now", "-Wl,-z,now"), # no deferred symbol resolution
]
+ # we prepend our options to CFLAGS, this allows user provided
+ # CFLAGS to override our computed CFLAGS
if ctx.options.enable_debug_gdb:
- ctx.env.CFLAGS += ["-g"]
+ ctx.env.CFLAGS = ["-g"] + ctx.env.CFLAGS
else:
# not gdb debugging
cc_test_flags += [
@@ -280,7 +282,7 @@ def cmd_configure(ctx, config):
ctx.define("DEBUG", 1, comment="Enable debug mode")
ctx.env.BISONFLAGS += ["--debug"]
# turn on some annoying warnings
- ctx.env.CFLAGS += [
+ ctx.env.CFLAGS = [
# "-Wall", # for masochists
#"-Wsuggest-attribute=const", # fails build
#"-Waggregate-return", # breaks ldiv(), ntpcal_daysplit(), etc.
@@ -307,15 +309,19 @@ def cmd_configure(ctx, config):
"-Wshadow",
"-Wswitch-default",
"-Wwrite-strings",
- ]
+ ] + ctx.env.CFLAGS
cc_test_flags += [
- ('w_format_signedness', '-Wformat-signedness'), # fails on OpenBSD 6
- ('w_sign_conversion', "-Wsign-conversion"), # fails on Solaris and OpenBSD 6
- ('w_suggest_attribute_noreturn', "-Wsuggest-attribute=noreturn"), # fails on clang
- ('w_suggest_attribute_pure', "-Wsuggest-attribute=pure"), # fails on clang
+ # fails on OpenBSD 6
+ ('w_format_signedness', '-Wformat-signedness'),
+ # fails on Solaris and OpenBSD 6
+ ('w_sign_conversion', "-Wsign-conversion"),
+ # fails on clang
+ ('w_suggest_attribute_noreturn', "-Wsuggest-attribute=noreturn"),
+ # fails on clang
+ ('w_suggest_attribute_pure', "-Wsuggest-attribute=pure"),
]
- ctx.env.CFLAGS += [
+ ctx.env.CFLAGS = [
# -O1 will turn on -D_FORTIFY_SOURCE=2 for us
"-O1",
"-Wall",
@@ -325,7 +331,7 @@ def cmd_configure(ctx, config):
"-Wstrict-prototypes",
"-Wundef",
"-Wunused",
- ]
+ ] + ctx.env.CFLAGS
FRAGMENT = '''
int main(int argc, char **argv) {
@@ -351,51 +357,34 @@ int main(int argc, char **argv) {
# Thus -std=gnu99 rather than -std=c99 here, if the compiler supports
# it.
if ctx.env.HAS_gnu99:
- ctx.env.CFLAGS += [
- "-std=gnu99",
- ]
+ ctx.env.CFLAGS = ["-std=gnu99"] + ctx.env.CFLAGS
else:
- ctx.env.CFLAGS += [
- "-std=c99",
- ]
+ ctx.env.CFLAGS = ["-std=c99"] + ctx.env.CFLAGS
if ctx.env.HAS_PIC:
- ctx.env.CFLAGS += [
- "-fPIC",
- ]
+ ctx.env.CFLAGS = ["-fPIC"] + ctx.env.CFLAGS
if ctx.env.HAS_PIE:
ctx.env.LINKFLAGS_NTPD += [
"-pie",
]
- ctx.env.CFLAGS_bin += [
- "-fPIE",
- "-pie",
- ]
+ ctx.env.CFLAGS_bin = ["-fPIE", "-pie"] + ctx.env.CFLAGS
ld_hardening_flags += [
('relro', "-Wl,-z,relro"), # hardening, marks some read only,
]
if ctx.env.HAS_unused:
- ctx.env.CFLAGS += [
- '-Qunused-arguments',
- ]
+ ctx.env.CFLAGS = ['-Qunused-arguments'] + ctx.env.CFLAGS
# XXX: -flto currently breaks link of ntpd
if ctx.env.HAS_LTO and False:
- ctx.env.CFLAGS += [
- "-flto",
- ]
+ ctx.env.CFLAGS = ["-flto"] + ctx.env.CFLAGS
# debug warnings that are not available with all compilers
if ctx.env.HAS_w_format_signedness:
- ctx.env.CFLAGS += [
- '-Wformat-signedness',
- ]
+ ctx.env.CFLAGS = ['-Wformat-signedness'] + ctx.env.CFLAGS
if ctx.env.HAS_w_sign_conversion:
- ctx.env.CFLAGS += [
- '-Wsign-conversion',
- ]
+ ctx.env.CFLAGS = ['-Wsign-conversion'] + ctx.env.CFLAGS
# old gcc takes -z,relro, but then barfs if -fPIE available and used.
# ("relro", "-Wl,-z,relro"), # marks some sections read only
@@ -419,25 +408,23 @@ int main(int argc, char **argv) {
elif ctx.env.CC_NAME == "clang":
# used on macOS, FreeBSD,
# FORTIFY needs LTO to work well
- ctx.env.CFLAGS += [
+ ctx.env.CFLAGS = [
"-fstack-protector-all", # hardening
- "-D_FORTIFY_SOURCE=2", # hardening
- ]
+ ] + ctx.env.CFLAGS
if ctx.env.DEST_OS not in ["darwin", "freebsd"]:
# -flto breaks tests on macOS
- ctx.env.CFLAGS += [
- "-flto", # hardening, needed for sanitize
+ ctx.env.CFLAGS = [
"-fsanitize=cfi", # hardening
"-fsanitize=safe-stack", # hardening
- ]
+ ] + ctx.env.CFLAGS
ctx.env.LDFLAGS += [
"-Wl,-z,relro", # hardening, marks some section read only,
]
else:
# gcc, probably
- ctx.env.CFLAGS += [
+ ctx.env.CFLAGS = [
"-fstack-protector-all", # hardening
- ]
+ ] + ctx.env.CFLAGS
# XXX: hack
if ctx.env.DEST_OS in ["freebsd", "openbsd"]:
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/7492ed26aec913504c2e1fabe9480450a3ebc4f5...7593fdbe2d07a0972e98c5bebd2786bdb1c83d7d
---
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/7492ed26aec913504c2e1fabe9480450a3ebc4f5...7593fdbe2d07a0972e98c5bebd2786bdb1c83d7d
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20170413/168378ca/attachment.html>
More information about the vc
mailing list