Merge #1065

1065: Addded -Wconversion -Wpointer-arith flags #175 - Host build r=anitagov a=berinpaul - Enabled warnings for host build (and related common and includes necessary for it) #973 Co-authored-by: berinpul <berin.paul@vvdntech.in>
openenclave · Nov 30, 2018 · 33f159f · 33f159f
2 parents 1424f00 + 55c232c
commit 33f159f
Show file tree

Hide file tree

Showing 23 changed files with 132 additions and 85 deletions.
diff --git a/host/CMakeLists.txt b/host/CMakeLists.txt
@@ -98,7 +98,7 @@ target_link_libraries(oehost PRIVATE bcrypt Crypt32)
 endif()
 
 if(UNIX)
-target_compile_options(oehost PRIVATE -Wno-attributes -Wmissing-prototypes -fPIC -m64)
+target_compile_options(oehost PRIVATE -Wno-attributes -Wmissing-prototypes -Wconversion -Wpointer-arith -fPIC -m64)
 target_compile_definitions(oehost PRIVATE _GNU_SOURCE)
 endif(UNIX)
 

diff --git a/host/calls.c b/host/calls.c
@@ -815,7 +815,8 @@ oe_result_t oe_call_enclave(oe_enclave_t* enclave, const char* func, void* args)
                 OE_ECALL_CALL_ENCLAVE,
                 (uint64_t)&call_enclave_args,
                 &arg_out));
-        OE_CHECK(arg_out);
+
+        OE_CHECK((oe_result_t)arg_out);
     }
 
     /* Check the result */
@@ -876,7 +877,7 @@ oe_result_t oe_call_enclave_function(
                 OE_ECALL_CALL_ENCLAVE_FUNCTION,
                 (uint64_t)&args,
                 &arg_out));
-        OE_CHECK(arg_out);
+        OE_CHECK((oe_result_t)arg_out);
     }
 
     /* Check the result */

diff --git a/host/create.c b/host/create.c
@@ -443,7 +443,7 @@ static oe_result_t _initialize_enclave(oe_enclave_t* enclave)
     unsigned int subleaf = 0; // pass sub-leaf of 0 - needed for leaf 4
 
     // Initialize enclave cache of CPUID info for emulation
-    for (int i = 0; i < OE_CPUID_LEAF_COUNT; i++)
+    for (unsigned int i = 0; i < OE_CPUID_LEAF_COUNT; i++)
     {
         oe_get_cpuid(
             i,

diff --git a/host/crypto/openssl/asn1.c b/host/crypto/openssl/asn1.c
@@ -44,7 +44,7 @@ oe_result_t oe_asn1_get_raw(
             &tmp_length,
             &tmp_tag,
             &tmp_class,
-            oe_asn1_remaining(asn1));
+            (long)oe_asn1_remaining(asn1));
 
         if (rc != V_ASN1_CONSTRUCTED && rc != 0)
             OE_RAISE(OE_FAILURE);
@@ -132,7 +132,7 @@ oe_result_t oe_asn1_get_oid(oe_asn1_t* asn1, oe_oid_string_t* oid)
         const unsigned char* ptr = asn1->ptr;
 
         /* Convert OID to an ASN1 object */
-        if (!(obj = d2i_ASN1_OBJECT(&obj, &ptr, oe_asn1_remaining(asn1))))
+        if (!(obj = d2i_ASN1_OBJECT(&obj, &ptr, (long)oe_asn1_remaining(asn1))))
             OE_RAISE(OE_FAILURE);
 
         /* Convert OID to string format */

diff --git a/host/crypto/openssl/cert.c b/host/crypto/openssl/cert.c
@@ -144,7 +144,7 @@ static STACK_OF(X509) * _read_cert_chain(const char* pem)
             end++;
 
         /* Create a BIO for this certificate */
-        if (!(bio = BIO_new_mem_buf(pem, end - pem)))
+        if (!(bio = BIO_new_mem_buf(pem, (int)(end - pem))))
             goto done;
 
         /* Read BIO into X509 object */
@@ -200,7 +200,10 @@ static X509* _clone_x509(X509* x509)
     if (!BIO_get_mem_ptr(out, &mem))
         goto done;
 
-    if (!(in = BIO_new_mem_buf(mem->data, mem->length)))
+    if (mem->length > OE_INT_MAX)
+        goto done;
+
+    if (!(in = BIO_new_mem_buf(mem->data, (int)mem->length)))
         goto done;
 
     ret = PEM_read_bio_X509(in, NULL, 0, NULL);
@@ -246,7 +249,7 @@ static oe_result_t _cert_chain_get_length(const CertChain* impl, int* length)
     if ((num = sk_X509_num(impl->sk)) <= 0)
         OE_RAISE(OE_FAILURE);
 
-    *length = (size_t)num;
+    *length = num;
 
     result = OE_OK;
 
@@ -438,7 +441,7 @@ oe_result_t oe_cert_read_pem(
         impl->magic = 0;
 
     /* Check parameters */
-    if (!pem_data || !pem_size || !cert)
+    if (!pem_data || !pem_size || pem_size > OE_INT_MAX || !cert)
         OE_RAISE(OE_INVALID_PARAMETER);
 
     /* Must have pem_size-1 non-zero characters followed by zero-terminator */
@@ -449,7 +452,7 @@ oe_result_t oe_cert_read_pem(
     oe_initialize_openssl();
 
     /* Create a BIO object for reading the PEM data */
-    if (!(bio = BIO_new_mem_buf(pem_data, pem_size)))
+    if (!(bio = BIO_new_mem_buf(pem_data, (int)pem_size)))
         OE_RAISE(OE_FAILURE);
 
     /* Convert the PEM BIO into a certificate object */
@@ -962,14 +965,15 @@ oe_result_t oe_cert_find_extension(
             /* If the caller's buffer is too small, raise error */
             if (str->length > *size)
             {
-                *size = str->length;
+                *size = (size_t)str->length;
                 OE_RAISE(OE_BUFFER_TOO_SMALL);
             }
 
             if (data)
             {
-                OE_CHECK(oe_memcpy_s(data, *size, str->data, str->length));
-                *size = str->length;
+                OE_CHECK(
+                    oe_memcpy_s(data, *size, str->data, (size_t)str->length));
+                *size = (size_t)str->length;
                 result = OE_OK;
                 goto done;
             }

diff --git a/host/crypto/openssl/crl.c b/host/crypto/openssl/crl.c
@@ -50,11 +50,11 @@ oe_result_t oe_crl_read_der(
         memset(impl, 0, sizeof(crl_t));
 
     /* Check for invalid parameters */
-    if (!der_data || !der_size || !crl)
+    if (!der_data || !der_size || der_size > OE_INT_MAX || !crl)
         OE_RAISE(OE_UNEXPECTED);
 
     /* Create a BIO for reading the DER-formatted data */
-    if (!(bio = BIO_new_mem_buf(der_data, der_size)))
+    if (!(bio = BIO_new_mem_buf(der_data, (int)der_size)))
         goto done;
 
     /* Read BIO into X509_CRL object */

diff --git a/host/crypto/openssl/ec.c b/host/crypto/openssl/ec.c
@@ -381,7 +381,8 @@ oe_result_t oe_ec_public_key_from_coordinates(
     oe_initialize_openssl();
 
     /* Reject invalid parameters */
-    if (!public_key || !x_data || !x_size || !y_data || !y_size)
+    if (!public_key || !x_data || !x_size || x_size > OE_INT_MAX || !y_data ||
+        !y_size || y_size > OE_INT_MAX)
         OE_RAISE(OE_INVALID_PARAMETER);
 
     /* Get the NID for this curve type */
@@ -405,10 +406,10 @@ oe_result_t oe_ec_public_key_from_coordinates(
         if (!(x = BN_new()) || !(y = BN_new()))
             OE_RAISE(OE_FAILURE);
 
-        if (!(BN_bin2bn(x_data, x_size, x)))
+        if (!(BN_bin2bn(x_data, (int)x_size, x)))
             OE_RAISE(OE_FAILURE);
 
-        if (!(BN_bin2bn(y_data, y_size, y)))
+        if (!(BN_bin2bn(y_data, (int)y_size, y)))
             OE_RAISE(OE_FAILURE);
 
         if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, NULL))
@@ -479,7 +480,8 @@ oe_result_t oe_ecdsa_signature_write_der(
     int sig_len;
 
     /* Reject invalid parameters */
-    if (!signature_size || !data || !size || !s_data || !s_size)
+    if (!signature_size || !data || !size || size > OE_INT_MAX || !s_data ||
+        !s_size || s_size > OE_INT_MAX)
         OE_RAISE(OE_INVALID_PARAMETER);
 
     /* If signature is null, then signature_size must be zero */
@@ -491,11 +493,11 @@ oe_result_t oe_ecdsa_signature_write_der(
         OE_RAISE(OE_FAILURE);
 
     /* Convert R to big number object */
-    if (!(BN_bin2bn(data, size, sig->r)))
+    if (!(BN_bin2bn(data, (int)size, sig->r)))
         OE_RAISE(OE_FAILURE);
 
     /* Convert S to big number object */
-    if (!(BN_bin2bn(s_data, s_size, sig->s)))
+    if (!(BN_bin2bn(s_data, (int)s_size, sig->s)))
         OE_RAISE(OE_FAILURE);
 
     /* Determine the size of the binary signature */
@@ -517,12 +519,12 @@ oe_result_t oe_ecdsa_signature_write_der(
     /* Check whether buffer is too small */
     if (sig_len > *signature_size)
     {
-        *signature_size = sig_len;
+        *signature_size = (size_t)sig_len;
         OE_RAISE(OE_BUFFER_TOO_SMALL);
     }
 
     /* Set the size of the output buffer */
-    *signature_size = sig_len;
+    *signature_size = (size_t)sig_len;
 
     result = OE_OK;
 

diff --git a/host/crypto/openssl/key.c b/host/crypto/openssl/key.c
@@ -58,7 +58,7 @@ oe_result_t oe_private_key_read_pem(
         oe_secure_zero_fill(impl, sizeof(oe_private_key_t));
 
     /* Check parameters */
-    if (!pem_data || pem_size == 0 || !impl)
+    if (!pem_data || !pem_size || pem_size > OE_INT_MAX || !impl)
         OE_RAISE(OE_INVALID_PARAMETER);
 
     /* Must have pem_size-1 non-zero characters followed by zero-terminator */
@@ -69,7 +69,7 @@ oe_result_t oe_private_key_read_pem(
     oe_initialize_openssl();
 
     /* Create a BIO object for reading the PEM data */
-    if (!(bio = BIO_new_mem_buf(pem_data, pem_size)))
+    if (!(bio = BIO_new_mem_buf(pem_data, (int)pem_size)))
         OE_RAISE(OE_FAILURE);
 
     /* Read the key object */
@@ -115,7 +115,7 @@ oe_result_t oe_public_key_read_pem(
         oe_secure_zero_fill(impl, sizeof(oe_public_key_t));
 
     /* Check parameters */
-    if (!pem_data || pem_size == 0 || !impl)
+    if (!pem_data || !pem_size || pem_size > OE_INT_MAX || !impl)
         OE_RAISE(OE_INVALID_PARAMETER);
 
     /* Must have pem_size-1 non-zero characters followed by zero-terminator */
@@ -126,7 +126,7 @@ oe_result_t oe_public_key_read_pem(
     oe_initialize_openssl();
 
     /* Create a BIO object for reading the PEM data */
-    if (!(bio = BIO_new_mem_buf(pem_data, pem_size)))
+    if (!(bio = BIO_new_mem_buf(pem_data, (int)pem_size)))
         OE_RAISE(OE_FAILURE);
 
     /* Read the key object */

diff --git a/host/crypto/openssl/random.c b/host/crypto/openssl/random.c
@@ -6,7 +6,10 @@
 
 oe_result_t oe_random_internal(void* data, size_t size)
 {
-    if (!RAND_bytes(data, size))
+    if (size > OE_INT_MAX)
+        return OE_INVALID_PARAMETER;
+
+    if (!RAND_bytes(data, (int)size))
         return OE_FAILURE;
 
     return OE_OK;

diff --git a/host/crypto/openssl/rsa.c b/host/crypto/openssl/rsa.c
@@ -78,7 +78,7 @@ static oe_result_t _generate_key_pair(
     /* Create the public and private RSA keys */
     {
         /* Create the private key */
-        if (!(rsa_private = RSA_generate_key(bits, exponent, 0, 0)))
+        if (!(rsa_private = RSA_generate_key((int)bits, exponent, 0, 0)))
             OE_RAISE(OE_FAILURE);
 
         /* Create the public key */

diff --git a/host/elf.c b/host/elf.c
@@ -228,7 +228,7 @@ static void _adjust_section_header_offsets(
 
     /* Adjust section header offset */
     if (ehdr->e_shoff >= offset)
-        ehdr->e_shoff += adjustment;
+        ehdr->e_shoff += (uint64_t)adjustment;
 
     elf64_shdr_t* shdrs = (elf64_shdr_t*)((uint8_t*)elf->data + ehdr->e_shoff);
 
@@ -238,7 +238,7 @@ static void _adjust_section_header_offsets(
         elf64_shdr_t* sh = &shdrs[i];
 
         if (sh->sh_offset >= offset)
-            sh->sh_offset += adjustment;
+            sh->sh_offset += (uint64_t)adjustment;
     }
 }
 
@@ -297,7 +297,7 @@ int elf64_load(const char* path, elf64_t* elf)
 #endif
 
     /* Store the size of this file */
-    elf->size = statbuf.st_size;
+    elf->size = (size_t)statbuf.st_size;
 
     /* Allocate the data to hold this image */
     if (!(elf->data = malloc(elf->size)))
@@ -1362,7 +1362,7 @@ static void _print_string_table(const char* buf, size_t size)
             printf(", ");
 
         printf("\"");
-        fwrite(start, 1, end - start, stdout);
+        fwrite(start, 1, (size_t)(end - start), stdout);
         printf("\"");
     }
     printf(" }\n");
@@ -1512,7 +1512,8 @@ int elf64_add_section(
     elf64_shdr_t sh;
 
     /* Reject invalid parameters */
-    if (!_is_valid_elf64(elf) || !name || !secdata || !secsize)
+    if (!_is_valid_elf64(elf) || !name || !secdata || !secsize ||
+        secsize > OE_SSIZE_MAX)
         GOTO(done);
 
     /* Fail if new section name is invalid */
@@ -1555,7 +1556,7 @@ int elf64_add_section(
             GOTO(done);
 
         /* Reset ELF object based on updated memory */
-        if (_reset_buffer(elf, &mem, sh.sh_offset, secsize) != 0)
+        if (_reset_buffer(elf, &mem, sh.sh_offset, (ssize_t)secsize) != 0)
             GOTO(done);
     }
 
@@ -1583,7 +1584,11 @@ int elf64_add_section(
         oe_strlcat((char*)elf->data + nameoffset, name, namesize);
 
         /* Reset ELF object based on updated memory */
-        if (_reset_buffer(elf, &mem, nameoffset, namesize) != 0)
+
+        if (namesize > OE_SSIZE_MAX)
+            GOTO(done);
+
+        if (_reset_buffer(elf, &mem, nameoffset, (ssize_t)namesize) != 0)
             GOTO(done);
 
         /* Initialize the section name */
@@ -1632,7 +1637,8 @@ int elf64_add_section(
 
     /* Verify that the section is exactly as expected */
     {
-        const void* section = _get_section(elf, _get_header(elf)->e_shnum - 1);
+        const void* section =
+            _get_section(elf, (size_t)(_get_header(elf)->e_shnum - 1));
         if (section == NULL)
             GOTO(done);
 
@@ -1707,7 +1713,9 @@ oe_result_t elf64_remove_section(elf64_t* elf, const char* name)
         const uint8_t* end = (const uint8_t*)elf->data + elf->size;
 
         /* Remove section from the memory image */
-        OE_CHECK(oe_memmove_s(first, end - first, last, end - last));
+        OE_CHECK(
+            oe_memmove_s(
+                first, (size_t)(end - first), last, (size_t)(end - last)));
 
         /* Adjust the size of the memory image */
         elf->size -= shdr->sh_size;
@@ -1775,9 +1783,9 @@ oe_result_t elf64_remove_section(elf64_t* elf, const char* name)
         OE_CHECK(
             oe_memmove_s(
                 first,
-                (end - first) * sizeof(elf64_shdr_t),
+                (size_t)(end - first) * sizeof(elf64_shdr_t),
                 last,
-                (end - last) * sizeof(elf64_shdr_t)));
+                (size_t)(end - last) * sizeof(elf64_shdr_t)));
 
         /* Adjust the number of headers */
         _get_header(elf)->e_shnum--;

diff --git a/host/files.c b/host/files.c
@@ -48,7 +48,7 @@ oe_result_t __oe_load_file(
         if (stat(path, &st) != 0)
             OE_RAISE(OE_NOT_FOUND);
 
-        *size = st.st_size;
+        *size = (size_t)st.st_size;
     }
 
     /* Check for integer overflow */