Fixes for some security complaints.

None of these changes are actual security bugs, but GitHub's scanner reports false positives at Critical severity for them. (There are a number of complaints from that scanner, many of which we do not necessarily agree with.)
author: Garrett D'Amore <garrett@damore.org> 2022-12-31 13:55:11 -0800
committer: Garrett D'Amore <garrett@damore.org> 2022-12-31 13:55:11 -0800
commit: 539e559e65cd8f227c45e4b046ac41c0edcf6c32 (patch)
tree: 36eb234d9511bdcc0edf29a4a1a31b427be929fb /tests
parent: f26ddeb81a5ea9d316444951f54a2a017db70482 (diff)
download: nng-539e559e65cd8f227c45e4b046ac41c0edcf6c32.tar.gz
nng-539e559e65cd8f227c45e4b046ac41c0edcf6c32.tar.bz2
nng-539e559e65cd8f227c45e4b046ac41c0edcf6c32.zip
10 files changed, 46 insertions, 44 deletions
diff --git a/tests/compat_testutil.c b/tests/compat_testutil.c
index 7db03bf0..1656c852 100644
--- a/tests/compat_testutil.c
+++ b/tests/compat_testutil.c
@@ -1,8 +1,8 @@
 /*
     Copyright (c) 2013 Insollo Entertainment, LLC. All rights reserved.
     Copyright 2016 Franklin "Snaipe" Mathieu <franklinmathieu@gmail.com>
-    Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
     Copyright 2018 Capitar IT Group BV <info@capitar.com>
+	Copyright 2022 Staysail Systems, Inc. <info@staysail.tech>
 
     Permission is hereby granted, free of charge, to any person obtaining a
     copy of this software and associated documentation files (the "Software"),
@@ -201,7 +201,7 @@ get_test_port(int argc, const char *argv[])
 void
 test_addr_from(char *out, const char *proto, const char *ip, int port)
 {
-	sprintf(out, "%s://%s:%d", proto, ip, port);
+	(void) snprintf(out, 128, "%s://%s:%d", proto, ip, port);
 }
 
 extern int nng_thread_create(void **, void (*)(void *), void *);
diff --git a/tests/httpserver.c b/tests/httpserver.c
index f7a28b5d..c593fc81 100644
--- a/tests/httpserver.c
+++ b/tests/httpserver.c
@@ -1,5 +1,5 @@
 //
-// Copyright 2021 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2022 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 // Copyright 2020 Dirac Research <robert.bielik@dirac.com>
 //
@@ -191,7 +191,7 @@ TestMain("HTTP Server", {
 		char     urlstr[48];
 		nng_url *url;
 
-		trantest_next_address(portbuf, "%u");
+		trantest_next_address(portbuf, "");
 
 		snprintf(
 		    urlstr, sizeof(urlstr), "http://127.0.0.1:%s", portbuf);
@@ -295,7 +295,7 @@ TestMain("HTTP Server", {
 		char *   subdir1;
 		char *   subdir2;
 
-		trantest_next_address(urlstr, "http://127.0.0.1:%u");
+		trantest_next_address(urlstr, "http://127.0.0.1:");
 		So(nng_url_parse(&url, urlstr) == 0);
 		So(nng_http_server_hold(&s, url) == 0);
 		So((tmpdir = nni_plat_temp_dir()) != NULL);
@@ -497,7 +497,7 @@ TestMain("HTTP Server", {
 		char *   subdir1;
 		char *   subdir2;
 
-		trantest_next_address(urlstr, "http://127.0.0.1:%u");
+		trantest_next_address(urlstr, "http://127.0.0.1:");
 		So(nng_url_parse(&url, urlstr) == 0);
 		So(nng_http_server_hold(&s, url) == 0);
 		So((tmpdir = nni_plat_temp_dir()) != NULL);
@@ -698,7 +698,7 @@ TestMain("HTTP Server", {
 		char *   file1;
 		char *   file2;
 
-		trantest_next_address(urlstr, "http://127.0.0.1:%u");
+		trantest_next_address(urlstr, "http://127.0.0.1:");
 		So(nng_url_parse(&url, urlstr) == 0);
 		So(nng_http_server_hold(&s, url) == 0);
 		So((tmpdir = nni_plat_temp_dir()) != NULL);
@@ -788,7 +788,7 @@ TestMain("HTTP Server", {
 		char     urlstr[32];
 		nng_url *url;
 
-		trantest_next_address(urlstr, "http://127.0.0.1:%u");
+		trantest_next_address(urlstr, "http://127.0.0.1:");
 		So(nng_url_parse(&url, urlstr) == 0);
 		So(nng_http_server_hold(&s, url) == 0);
 
@@ -859,7 +859,7 @@ TestMain("HTTP Server", {
 		char     urlstr[32];
 		nng_url *url;
 
-		trantest_next_address(urlstr, "http://127.0.0.1:%u");
+		trantest_next_address(urlstr, "http://127.0.0.1:");
 		So(nng_url_parse(&url, urlstr) == 0);
 		So(nng_http_server_hold(&s, url) == 0);
 
@@ -978,7 +978,7 @@ TestMain("HTTP Server", {
 		char     urlstr[32];
 		nng_url *url;
 
-		trantest_next_address(urlstr, "http://127.0.0.1:%u");
+		trantest_next_address(urlstr, "http://127.0.0.1:");
 		So(nng_url_parse(&url, urlstr) == 0);
 		So(nng_http_server_hold(&s, url) == 0);
 
diff --git a/tests/scalability.c b/tests/scalability.c
index 17d6ce70..c794a4ee 100644
--- a/tests/scalability.c
+++ b/tests/scalability.c
@@ -67,7 +67,7 @@ int
 transact(nng_socket *clients, int num)
 {
 	nng_msg *msg;
-	int      rv;
+	int      rv = 0;
 	int      i;
 
 	for (i = 0; i < num; i++) {
diff --git a/tests/synch.c b/tests/synch.c
index 84da5568..9174385d 100644
--- a/tests/synch.c
+++ b/tests/synch.c
@@ -1,5 +1,5 @@
 //
-// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2022 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 //
 // This software is supplied under the terms of the MIT License, a
@@ -22,9 +22,9 @@ struct notifyarg {
 };
 
 void
-notifyafter(void *arg)
+notifyafter(void *a)
 {
-	struct notifyarg *na = arg;
+	struct notifyarg *na = a;
 
 	nng_msleep(na->when);
 	nng_mtx_lock(na->mx);
diff --git a/tests/tcp.c b/tests/tcp.c
index 91b85866..1e4cfe11 100644
--- a/tests/tcp.c
+++ b/tests/tcp.c
@@ -1,5 +1,5 @@
 //
-// Copyright 2021 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2022 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 // Copyright 2018 Devolutions <info@devolutions.net>
 //
@@ -61,5 +61,5 @@ check_props_v4(nng_msg *msg)
 }
 
 TestMain("TCP Transport", {
-	trantest_test_extended("tcp://127.0.0.1:%u", check_props_v4);
+	trantest_test_extended("tcp://127.0.0.1:", check_props_v4);
 })
diff --git a/tests/tcp6.c b/tests/tcp6.c
index 846b2c8e..3822fd80 100644
--- a/tests/tcp6.c
+++ b/tests/tcp6.c
@@ -1,5 +1,5 @@
 //
-// Copyright 2021 Staysail Systems, Inc. <info@staystail.tech>
+// Copyright 2022 Staysail Systems, Inc. <info@staystail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 //
 // This software is supplied under the terms of the MIT License, a
@@ -78,7 +78,7 @@ TestMain("TCP (IPv6) Transport", {
 	nni_init();
 
 	if (has_v6()) {
-		trantest_test_extended("tcp://[::1]:%u", check_props_v6);
+		trantest_test_extended("tcp://[::1]:", check_props_v6);
 	} else {
 		SkipSo("IPv6 not available");
 	}
diff --git a/tests/tls.c b/tests/tls.c
index 1a841f6f..545d2da2 100644
--- a/tests/tls.c
+++ b/tests/tls.c
@@ -1,6 +1,6 @@
 //
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
-// Copyright 2021 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2022 Staysail Systems, Inc. <info@staysail.tech>
 //
 // This software is supplied under the terms of the MIT License, a
 // copy of which should be located in the distribution where this
@@ -281,7 +281,7 @@ TestMain("TLS Transport", {
 
 	tt.dialer_init   = init_dialer_tls;
 	tt.listener_init = init_listener_tls;
-	tt.tmpl          = "tls+tcp://127.0.0.1:%u";
+	tt.tmpl          = "tls+tcp://127.0.0.1:";
 	tt.proptest      = check_props_v4;
 
 	trantest_test(&tt);
@@ -296,7 +296,7 @@ TestMain("TLS Transport", {
 		So(nng_tls_register() == 0);
 		So(nng_pair_open(&s) == 0);
 		Reset({ nng_close(s); });
-		trantest_next_address(addr, "tls+tcp://*:%u");
+		trantest_next_address(addr, "tls+tcp://*:");
 		So(nng_dial(s, addr, NULL, 0) == NNG_EADDRINVAL);
 	});
 
@@ -314,11 +314,11 @@ TestMain("TLS Transport", {
 			nng_close(s2);
 			nng_close(s1);
 		});
-		trantest_next_address(addr, "tls+tcp://*:%u");
+		trantest_next_address(addr, "tls+tcp://*:");
 		So(nng_listener_create(&l, s1, addr) == 0);
 		So(init_listener_tls(l) == 0);
 		// reset port back one
-		trantest_prev_address(addr, "tls+tcp://127.0.0.1:%u");
+		trantest_prev_address(addr, "tls+tcp://127.0.0.1:");
 		So(nng_dialer_create(&d, s2, addr) == 0);
 		So(init_dialer_tls(d) == 0);
 		So(nng_dialer_set_int(
@@ -390,13 +390,12 @@ TestMain("TLS Transport", {
 			nng_close(s2);
 			nng_close(s1);
 		});
-		trantest_next_address(addr, "tls+tcp://127.0.0.1:%u");
+		trantest_next_address(addr, "tls+tcp://127.0.0.1:");
 		So(nng_listener_create(&l, s1, addr) == 0);
 		So(init_listener_tls(l) == 0);
 		So(nng_listener_start(l, 0) == 0);
 		// reset port back one
-		trantest_prev_address(
-		    addr, "tls+tcp://127.0.0.1;127.0.0.1:%u");
+		trantest_prev_address(addr, "tls+tcp://127.0.0.1;127.0.0.1:");
 		So(nng_dialer_create(&d, s2, addr) == 0);
 		So(init_dialer_tls(d) == 0);
 		So(nng_dialer_start(d, 0) == 0);
@@ -436,14 +435,14 @@ TestMain("TLS Transport", {
 			nng_close(s2);
 			nng_close(s1);
 		});
-		trantest_next_address(addr, "tls+tcp://:%u");
+		trantest_next_address(addr, "tls+tcp://:");
 		So(nng_listener_create(&l, s1, addr) == 0);
 		So(init_listener_tls_file(NULL, l) == 0);
 		So(nng_listener_start(l, 0) == 0);
 		nng_msleep(100);
 
 		// reset port back one
-		trantest_prev_address(addr, "tls+tcp://127.0.0.1:%u");
+		trantest_prev_address(addr, "tls+tcp://127.0.0.1:");
 		So(nng_socket_set_int(s2, NNG_OPT_TLS_AUTH_MODE,
 		       NNG_TLS_AUTH_MODE_REQUIRED) == 0);
 
@@ -466,7 +465,7 @@ TestMain("TLS Transport", {
 			nng_close(s2);
 			nng_close(s1);
 		});
-		trantest_next_address(addr, "tls+tcp://*:%u");
+		trantest_next_address(addr, "tls+tcp://*:");
 		So(nng_listener_create(&l, s1, addr) == 0);
 		So(init_listener_tls_file(l) == 0);
 		So(nng_listener_set_int(l, NNG_OPT_TLS_AUTH_MODE,
@@ -475,7 +474,7 @@ TestMain("TLS Transport", {
 		nng_msleep(100);
 
 		// reset port back one
-		trantest_prev_address(addr, "tls+tcp://127.0.0.1:%u");
+		trantest_prev_address(addr, "tls+tcp://127.0.0.1:");
 		So(nng_socket_set_ms(s2, NNG_OPT_RECVTIMEO, 200) == 0);
 		So(nng_dialer_create(&d, s2, addr) == 0);
 		So(init_dialer_tls_file(d) == 0);
@@ -511,7 +510,7 @@ TestMain("TLS Transport", {
 			nng_close(s2);
 			nng_close(s1);
 		});
-		trantest_next_address(addr, "tls+tcp4://*:%u");
+		trantest_next_address(addr, "tls+tcp4://*:");
 		So(nng_listener_create(&l, s1, addr) == 0);
 		So(init_listener_tls_ex(l, NNG_TLS_AUTH_MODE_REQUIRED) == 0);
 		So(nng_listener_start(l, 0) == 0);
@@ -519,7 +518,7 @@ TestMain("TLS Transport", {
 		nng_msleep(100);
 
 		// reset port back one
-		trantest_prev_address(addr, "tls+tcp4://localhost:%u");
+		trantest_prev_address(addr, "tls+tcp4://localhost:");
 		So(nng_dialer_create(&d, s2, addr) == 0);
 		So(init_dialer_tls_ex(d, true) == 0);
 
diff --git a/tests/trantest.h b/tests/trantest.h
index be258e28..91b75494 100644
--- a/tests/trantest.h
+++ b/tests/trantest.h
@@ -1,5 +1,5 @@
 //
-// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2022 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 //
 // This software is supplied under the terms of the MIT License, a
@@ -45,8 +45,8 @@ unsigned trantest_port = 0;
 
 extern int  notransport(void);
 extern void trantest_checktran(const char *url);
-extern void trantest_next_address(char *out, const char *template);
-extern void trantest_prev_address(char *out, const char *template);
+extern void trantest_next_address(char *out, const char *prefix);
+extern void trantest_prev_address(char *out, const char *prefix);
 extern void trantest_init(trantest *tt, const char *addr);
 extern int  trantest_dial(trantest *tt, nng_dialer *dp);
 extern int  trantest_listen(trantest *tt, nng_listener *lp);
@@ -87,9 +87,9 @@ trantest_checktran(const char *url)
 }
 
 void
-trantest_next_address(char *out, const char *template)
+trantest_next_address(char *out, const char *prefix)
 {
-	trantest_checktran(template);
+	trantest_checktran(prefix);
 
 	if (trantest_port == 0) {
 		char *pstr;
@@ -102,15 +102,18 @@ trantest_next_address(char *out, const char *template)
 			trantest_port = atoi(pstr);
 		}
 	}
-	(void) snprintf(out, NNG_MAXADDRLEN, template, trantest_port);
+
+	// we append the port, and for web sockets also a /test path
+	(void) snprintf(out, NNG_MAXADDRLEN, "%s%u%s", prefix, trantest_port,
+		prefix[0] == 'w' ? "/test" : "");
 	trantest_port++;
 }
 
 void
-trantest_prev_address(char *out, const char *template)
+trantest_prev_address(char *out, const char *prefix)
 {
 	trantest_port--;
-	trantest_next_address(out, template);
+	trantest_next_address(out, prefix);
 }
 
 void
diff --git a/tests/ws.c b/tests/ws.c
index c7f057f1..b4e08718 100644
--- a/tests/ws.c
+++ b/tests/ws.c
@@ -1,5 +1,5 @@
 //
-// Copyright 2021 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2022 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 //
 // This software is supplied under the terms of the MIT License, a
@@ -82,5 +82,5 @@ check_props_v4(nng_msg *msg)
 }
 
 TestMain("WebSocket Transport", {
-	trantest_test_extended("ws://127.0.0.1:%u/test", check_props_v4);
+	trantest_test_extended("ws://127.0.0.1:", check_props_v4);
 })
diff --git a/tests/wss.c b/tests/wss.c
index 455d9d85..6d7bc003 100644
--- a/tests/wss.c
+++ b/tests/wss.c
@@ -1,5 +1,5 @@
 //
-// Copyright 2021 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2022 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 //
 // This software is supplied under the terms of the MIT License, a
@@ -241,7 +241,7 @@ TestMain("WebSocket Secure (TLS) Transport", {
 
 	tt.dialer_init   = init_dialer_wss;
 	tt.listener_init = init_listener_wss;
-	tt.tmpl          = "wss://localhost:%u/test";
+	tt.tmpl          = "wss://localhost:";
 	tt.proptest      = check_props;
 
 	trantest_test(&tt);
author	Garrett D'Amore <garrett@damore.org>	2022-12-31 13:55:11 -0800
committer	Garrett D'Amore <garrett@damore.org>	2022-12-31 13:55:11 -0800
commit	539e559e65cd8f227c45e4b046ac41c0edcf6c32 (patch)
tree	36eb234d9511bdcc0edf29a4a1a31b427be929fb /tests
parent	f26ddeb81a5ea9d316444951f54a2a017db70482 (diff)
download	nng-539e559e65cd8f227c45e4b046ac41c0edcf6c32.tar.gz nng-539e559e65cd8f227c45e4b046ac41c0edcf6c32.tar.bz2 nng-539e559e65cd8f227c45e4b046ac41c0edcf6c32.zip