This is not valid in ISO C. --- ssh-sk.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssh-sk.c b/ssh-sk.c index 2b25c42f..3d6ac3d0 100644 --- a/ssh-sk.c +++ b/ssh-sk.c @@ -153,7 +153,7 @@ sshsk_free_enroll_response(struct sk_enroll_response *r) freezero(r->signature, r->signature_len); freezero(r->attestation_cert, r->attestation_cert_len); freezero(r, sizeof(*r)); -}; +} static void sshsk_free_sign_response(struct sk_sign_response *r) @@ -163,7 +163,7 @@ sshsk_free_sign_response(struct sk_sign_response *r) freezero(r->sig_r, r->sig_r_len); freezero(r->sig_s, r->sig_s_len); freezero(r, sizeof(*r)); -}; +} #ifdef WITH_OPENSSL /* Assemble key from response */ -- 2.24.0
applied, thanks. Surprised the fairly aggressive set of -W flags we use by default didn't catch this... On Tue, 26 Nov 2019, Michael Forney wrote:> This is not valid in ISO C. > --- > ssh-sk.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/ssh-sk.c b/ssh-sk.c > index 2b25c42f..3d6ac3d0 100644 > --- a/ssh-sk.c > +++ b/ssh-sk.c > @@ -153,7 +153,7 @@ sshsk_free_enroll_response(struct sk_enroll_response *r) > freezero(r->signature, r->signature_len); > freezero(r->attestation_cert, r->attestation_cert_len); > freezero(r, sizeof(*r)); > -}; > +} > > static void > sshsk_free_sign_response(struct sk_sign_response *r) > @@ -163,7 +163,7 @@ sshsk_free_sign_response(struct sk_sign_response *r) > freezero(r->sig_r, r->sig_r_len); > freezero(r->sig_s, r->sig_s_len); > freezero(r, sizeof(*r)); > -}; > +} > > #ifdef WITH_OPENSSL > /* Assemble key from response */ > -- > 2.24.0 > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >
On 2019-11-27, Damien Miller <djm at mindrot.org> wrote:> applied, thanks. Surprised the fairly aggressive set of -W flags we use > by default didn't catch this...This can be caught with -Wpedantic, which seems to catch a few more instances of this, as well as passing non-void pointers to printf for the `%p` format specifier. Patches attached for these. However, it also catches conversion from dlsym result (void *) to function pointer, which is not allowed in ISO C, but POSIX requires it to work: "Note that conversion from a void * pointer to a function pointer is not defined by the ISO C standard. This standard requires this conversion to work correctly on conforming implementations." The only way I've found to get around this warning is to cast the address of the function pointer lvalue to void **, then dereference, as in *(void **)&fn = dlsym(handle, "foo"); There are three instances of this in ssh-sk.c and one in ssh-pkcs11.c. I'm not aware of a way to turn on the rest of -Wpedantic except for object-function pointer conversions, but I do think it is a good idea to turn it on, so perhaps it is worth addressing... -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-printf-p-specifier-requires-void-argument.patch Type: text/x-patch Size: 4390 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20191127/d3d24d15/attachment.bin> -------------- next part -------------- A non-text attachment was scrubbed... Name: 0002-Fix-sha2-MAKE_CLONE-no-op-definition.patch Type: text/x-patch Size: 970 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20191127/d3d24d15/attachment-0001.bin> -------------- next part -------------- A non-text attachment was scrubbed... Name: 0003-Remove-trailing-semicolon-after-RB_GENERATE_STATIC.patch Type: text/x-patch Size: 1686 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20191127/d3d24d15/attachment-0002.bin>
Maybe Matching Threads
- [PATCH 0/2] Fix Memory Management Issue in `ssh-sk-helper` with External SK Libraries
- Incomplete attestation data for FIDO2 SKs?
- [PATCH] Simplify code with freezero
- [PATCH] remove stray `;` after function definitions
- [PATCH 1/3] Add private key protection information extraction to ssh-keygen