[Git][NTPsec/ntpsec][master] 4 commits: Drop unused arg from set_hostname in ntpd/nts_client.c

Thu Mar 17 03:20:42 UTC 2022


Hal Murray pushed to branch master at NTPsec / ntpsec


Commits:
535672f4 by Hal Murray at 2022-03-03T11:45:51-08:00
Drop unused arg from set_hostname in ntpd/nts_client.c

- - - - -
4daa74e5 by Hal Murray at 2022-03-03T11:45:51-08:00
Update wildcards in certificates comment

- - - - -
fee0d828 by Hal Murray at 2022-03-16T20:17:57-07:00
Add test for --enable-attic to tests/option-tester.sh

- - - - -
7abe7fba by Hal Murray at 2022-03-16T20:19:51-07:00
Fix for Coverty CID 349664

- - - - -


3 changed files:

- ntpd/nts_client.c
- tests/ntpd/nts_client.c
- tests/option-tester.sh


Changes:

=====================================
ntpd/nts_client.c
=====================================
@@ -39,7 +39,7 @@ int open_TCP_socket(struct peer *peer, const char *hostname);
 struct addrinfo * find_best_addr(struct addrinfo *answer);
 bool connect_TCP_socket(int sockfd, struct addrinfo *addr);
 bool nts_set_cert_search(SSL_CTX *ctx, const char *filename);
-void set_hostname(SSL *ssl, struct peer *peer, const char *hostname);
+void set_hostname(SSL *ssl, const char *hostname);
 bool check_certificate(SSL *ssl, struct peer *peer);
 bool check_alpn(SSL *ssl, struct peer *peer, const char *hostname);
 bool nts_client_send_request(SSL *ssl, struct peer *peer);
@@ -123,7 +123,7 @@ bool nts_probe(struct peer * peer) {
 		ssl = SSL_new(ctx);
 		SSL_CTX_free(ctx);
 	}
-	set_hostname(ssl, peer, hostname);
+	set_hostname(ssl, hostname);
 	SSL_set_fd(ssl, server);
 
 	if (1 != SSL_connect(ssl)) {
@@ -386,7 +386,7 @@ bool connect_TCP_socket(int sockfd, struct addrinfo *addr) {
 }
 
 
-void set_hostname(SSL *ssl, struct peer *peer, const char *hostname) {
+void set_hostname(SSL *ssl, const char *hostname) {
 	char host[256], *tmp;
 
 	/* chop off trailing :port */
@@ -400,8 +400,10 @@ void set_hostname(SSL *ssl, struct peer *peer, const char *hostname) {
 		*tmp = 0;
 	}
 
-// https://wiki.openssl.org/index.php/Hostname_validation
-	UNUSED_ARG(peer);
+/* https://wiki.openssl.org/index.php/Hostname_validation
+ * Wildcards are deprecated by RFC 6125
+ * https://datatracker.ietf.org/doc/html/rfc6125#section-7.2
+ */
 	SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_WILDCARDS);
 	SSL_set1_host(ssl, host);
 	msyslog(LOG_DEBUG, "NTSc: set cert host: %s", host);


=====================================
tests/ntpd/nts_client.c
=====================================
@@ -108,6 +108,12 @@ TEST(nts_client, nts_client_process_response_core) {
 	peer.nts_state.cookielen = 0;
 	peer.nts_state.writeIdx = 0;
 	peer.nts_state.count = 0;
+	/* Coverity barfed on uninitialized peer.srcadr, 2022-Mar-16
+	 * ** CID 349664:  Uninitialized variables  (UNINIT)
+	 * So initialize it with something. */
+	peer.srcadr.sa4.sin_family = AF_INET;
+	peer.srcadr.sa4.sin_port = htons(9999);
+	peer.srcadr.sa4.sin_addr.s_addr= htonl(0x04030201);
 	/* ===== Test: all correct ===== */
 	/* data */
 	uint8_t buf0[] = {


=====================================
tests/option-tester.sh
=====================================
@@ -94,7 +94,7 @@ doit minimal "--disable-droproot --disable-mdns-registration --disable-doc --dis
 # This also tests refclocks without DEBUG
 doit classic "--enable-classic-mode --refclock=all --disable-doc --disable-manpage --enable-pylib=ffi"
 
-doit all     "--enable-warnings --enable-debug --enable-debug-gdb --enable-debug-timing --refclock=all --enable-leap-smear --enable-mssntp --enable-early-droproot --disable-fuzz $LINUX --disable-doc --disable-manpage --enable-pylib=ext"
+doit all     "--enable-warnings --enable-attic --enable-debug --enable-debug-gdb --enable-debug-timing --refclock=all --enable-leap-smear --enable-mssntp --enable-early-droproot --disable-fuzz $LINUX --disable-doc --disable-manpage --enable-pylib=ext"
 
 if [ "`which asciidoc 2>/dev/null`" != "" -a \
      "`which xsltproc 2>/dev/null`" != "" ]



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/5e8ab22272bf6fb580b5cfd6d00df225d4959e5d...7abe7fba6574c776b869802124c72a3bb214d070

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/5e8ab22272bf6fb580b5cfd6d00df225d4959e5d...7abe7fba6574c776b869802124c72a3bb214d070
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20220317/7ec3a24b/attachment-0001.htm>
