From 539e559e65cd8f227c45e4b046ac41c0edcf6c32 Mon Sep 17 00:00:00 2001
From: Garrett D'Amore <garrett@damore.org>
Date: Sat, 31 Dec 2022 13:55:11 -0800
Subject: Fixes for some security complaints.

None of these changes are actual security bugs, but GitHub's
scanner reports false positives at Critical severity for them.
(There are a number of complaints from that scanner, many of
which we do not necessarily agree with.)
---
 src/sp/protocol/pipeline0/push.c    | 2 +-
 src/supplemental/http/http_server.c | 4 ++--
 src/tools/nngcat/nngcat.c           | 8 ++++----
 3 files changed, 7 insertions(+), 7 deletions(-)

(limited to 'src')

diff --git a/src/sp/protocol/pipeline0/push.c b/src/sp/protocol/pipeline0/push.c
index 09953ccf..284af5aa 100644
--- a/src/sp/protocol/pipeline0/push.c
+++ b/src/sp/protocol/pipeline0/push.c
@@ -182,7 +182,7 @@ push0_pipe_ready(push0_pipe *p)
 	push0_sock *s = p->push;
 	nni_msg    *m;
 	nni_aio    *a = NULL;
-	size_t      l;
+	size_t      l = 0;
 	bool        blocked;
 
 	nni_mtx_lock(&s->m);
diff --git a/src/supplemental/http/http_server.c b/src/supplemental/http/http_server.c
index 59863d2b..5f0bb051 100644
--- a/src/supplemental/http/http_server.c
+++ b/src/supplemental/http/http_server.c
@@ -1,5 +1,5 @@
 //
-// Copyright 2020 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2022 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 // Copyright 2018 QXSoftware <lh563566994@126.com>
 // Copyright 2019 Devolutions <info@devolutions.net>
@@ -1155,7 +1155,7 @@ nni_http_server_res_error(nni_http_server *s, nni_http_res *res)
 	http_error *epage;
 	char *      body = NULL;
 	char *      html = NULL;
-	size_t      len;
+	size_t      len = 0;
 	uint16_t    code = nni_http_res_get_status(res);
 	int         rv;
 
diff --git a/src/tools/nngcat/nngcat.c b/src/tools/nngcat/nngcat.c
index 90a97d09..3f29f114 100644
--- a/src/tools/nngcat/nngcat.c
+++ b/src/tools/nngcat/nngcat.c
@@ -1,5 +1,5 @@
 //
-// Copyright 2020 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2022 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 // Copyright 2020 Lager Data, Inc. <support@lagerdata.com>
 //
@@ -549,7 +549,7 @@ resploop(nng_socket sock)
 		printmsg(nng_msg_body(msg), nng_msg_len(msg));
 		nng_msg_clear(msg);
 		if ((rv = nng_msg_append(msg, data, datalen)) != 0) {
-			fatal(nng_strerror(rv));
+			fatal("%s", nng_strerror(rv));
 		}
 		if ((rv = nng_sendmsg(sock, msg, 0)) != 0) {
 			fatal("Send error: %s", nng_strerror(rv));
@@ -586,7 +586,7 @@ sendloop(nng_socket sock)
 		start = nng_clock();
 		if (((rv = nng_msg_alloc(&msg, 0)) != 0) ||
 		    ((rv = nng_msg_append(msg, data, datalen)) != 0)) {
-			fatal(nng_strerror(rv));
+			fatal("%s", nng_strerror(rv));
 		}
 		if ((rv = nng_sendmsg(sock, msg, 0)) != 0) {
 			fatal("Send error: %s", nng_strerror(rv));
@@ -638,7 +638,7 @@ sendrecv(nng_socket sock)
 		start = nng_clock();
 		if (((rv = nng_msg_alloc(&msg, 0)) != 0) ||
 		    ((rv = nng_msg_append(msg, data, datalen)) != 0)) {
-			fatal(nng_strerror(rv));
+			fatal("%s", nng_strerror(rv));
 		}
 		if ((rv = nng_sendmsg(sock, msg, 0)) != 0) {
 			fatal("Send error: %s", nng_strerror(rv));
-- 
cgit v1.2.3-70-g09d2