Fix Coverity warnings

IB-7930 Signed-off-by: Raul Metsma <raul@metsma.ee>
open-eid · Aug 21, 2024 · 78e28fc · 78e28fc
1 parent e8db376
commit 78e28fc
Show file tree

Hide file tree

Showing 5 changed files with 55 additions and 50 deletions.
diff --git a/src/Conf.cpp b/src/Conf.cpp
@@ -319,7 +319,7 @@ ConfV4* ConfV4::instance() { return dynamic_cast<ConfV4*>(Conf::instance()); }
 vector<X509Cert> ConfV4::verifyServiceCerts() const
 {
     if(X509Cert cert = verifyServiceCert())
-        return { cert };
+        return { std::move(cert) };
     return {};
 }
 

diff --git a/src/crypto/X509Crypto.cpp b/src/crypto/X509Crypto.cpp
@@ -26,6 +26,7 @@
 #include <algorithm>
 #include <array>
 #include <charconv>
+#include <unordered_map>
 
 using namespace digidoc;
 using namespace std;
@@ -103,40 +104,47 @@ int X509Crypto::compareIssuerToString(string_view name) const
         "UID", "userId"
     };
 
-    for(size_t old = 0, pos = name.find(','); ; pos = name.find(',', old))
+    bool escape = false;
+    string_view key;
+    std::unordered_map<string_view,string_view> data;
+    for(size_t i = 0, pos = 0; i < name.size(); ++i)
     {
-        if(pos == string::npos)
-            pos = name.size();
-        if(pos < old)
-            break;
-        if(name[pos-1] == '\\')
+        if(escape)
+            escape = false;
+        else if(char chr = name[i]; chr == '\\')
+            escape = true;
+        else if(chr == '=' && key.empty())
         {
-            old = pos + 1;
-            continue;
+            key = name.substr(pos, i - pos);
+            pos += key.size() + 1;
         }
+        else if(auto last = (i + 1) == name.size(); last || chr == ',')
+        {
+            auto value = name.substr(pos, last ? string_view::npos : i - pos);
+            data[key] = value;
+            key = {};
+            pos += value.size() + 1;
+        }
+    }
 
-        auto nameitem = name.substr(old, pos - old);
-        old = pos + 1;
-
-        if(pos = nameitem.find('=');
-            pos == string::npos || pos == 0 || nameitem[pos-1] == '\\')
-            continue;
-
-        auto obj = find(list.cbegin(), list.cend(), nameitem.substr(0, pos));
+    X509_NAME *issuer = X509_get_issuer_name(cert.handle());
+    for(const auto &[key, val]: data)
+    {
+        auto obj = find(list.cbegin(), list.cend(), key);
         if(obj == list.cend())
             continue;
 
         if(*obj == "STREET"sv)
             obj++;
         ASN1_OBJECT *obja = OBJ_txt2obj(*obj, 0);
         if(!obja)
-            continue;
+            return -1;
 
         static const string_view escape = " #+,;<=>\\";
-        string value(nameitem.substr(pos+1, pos-old));
+        string value(val);
         static const errc ok{};
         uint8_t result{};
-        for(string::size_type pos = value.find('\\'); pos < value.size(); pos = value.find('\\', ++pos))
+        for(size_t pos = value.find('\\'); pos < value.size(); pos = value.find('\\', ++pos))
         {
             if(auto data = next(value.data(), pos + 1); from_chars(data, next(data, 2), result, 16).ec == ok)
             {
@@ -148,7 +156,6 @@ int X509Crypto::compareIssuerToString(string_view name) const
         }
 
         bool found = false;
-        X509_NAME *issuer = X509_get_issuer_name(cert.handle());
         for(int i = 0; i < X509_NAME_entry_count(issuer); ++i)
         {
             X509_NAME_ENTRY *entb = X509_NAME_get_entry(issuer, i);

diff --git a/src/digidoc-tool.cpp b/src/digidoc-tool.cpp
@@ -122,8 +122,7 @@ static ostream &operator<<(ostream &os, Signature::Validator::Status status)
 
 static ostream &endl(ostream &os)
 {
-    os.put('\n');
-    return os;
+    return os.put('\n');
 }
 }
 
@@ -384,14 +383,14 @@ ToolConfig::ToolConfig(int argc, char *argv[])
 {
     for(int i = 2; i < argc; i++)
     {
-        string arg(toUTF8(argv[i]));
+        string_view arg(argv[i]);
         if(arg.find("--profile=") == 0)
             profile = arg.substr(10);
         else if(arg.find("--file=") == 0)
         {
-            string arg2(i+1 < argc ? toUTF8(argv[i+1]) : string());
+            string_view arg2(i+1 < argc ? argv[i+1] : string_view());
             files.emplace(arg.substr(7),
-                arg2.find("--mime=") == 0 ? arg2.substr(7) : "application/octet-stream");
+                arg2.find("--mime=") == 0 ? toUTF8(arg2.substr(7)) : "application/octet-stream");
         }
 #ifdef _WIN32
         else if(arg == "--cng") cng = true;
@@ -402,23 +401,23 @@ ToolConfig::ToolConfig(int argc, char *argv[])
         {
             cng = false;
             if(arg.find('=') != string::npos)
-                pkcs11 = arg.substr(arg.find('=') + 1);
+                pkcs11 = toUTF8(arg.substr(arg.find('=') + 1));
         }
         else if(arg.find("--pkcs12=") == 0)
         {
             cng = false;
-            pkcs12 = arg.substr(9);
+            pkcs12 = toUTF8(arg.substr(9));
         }
         else if(arg == "--dontValidate") dontValidate = true;
         else if(arg == "--XAdESEN") XAdESEN = true;
         else if(arg.find("--pin=") == 0) pin = arg.substr(6);
-        else if(arg.find("--cert=") == 0) cert = arg.substr(7);
-        else if(arg.find("--city=") == 0) city = arg.substr(7);
-        else if(arg.find("--street=") == 0) street = arg.substr(9);
-        else if(arg.find("--state=") == 0) state = arg.substr(8);
-        else if(arg.find("--postalCode=") == 0) postalCode = arg.substr(13);
-        else if(arg.find("--country=") == 0) country = arg.substr(10);
-        else if(arg.find("--role=") == 0) roles.push_back(arg.substr(7));
+        else if(arg.find("--cert=") == 0) cert = toUTF8(arg.substr(7));
+        else if(arg.find("--city=") == 0) city = toUTF8(arg.substr(7));
+        else if(arg.find("--street=") == 0) street = toUTF8(arg.substr(9));
+        else if(arg.find("--state=") == 0) state = toUTF8(arg.substr(8));
+        else if(arg.find("--postalCode=") == 0) postalCode = toUTF8(arg.substr(13));
+        else if(arg.find("--country=") == 0) country = toUTF8(arg.substr(10));
+        else if(arg.find("--role=") == 0) roles.push_back(toUTF8(arg.substr(7)));
         else if(arg == "--sha224") uri = URI_SHA224;
         else if(arg == "--sha256") uri = URI_SHA256;
         else if(arg == "--sha384") uri = URI_SHA384;
@@ -435,13 +434,13 @@ ToolConfig::ToolConfig(int argc, char *argv[])
         else if(arg == "--rsapss") rsaPss = true;
         else if(arg.find("--tsurl") == 0) tsurl = arg.substr(8);
         else if(arg.find("--tslurl=") == 0) tslurl = arg.substr(9);
-        else if(arg.find("--tslcert=") == 0) tslcerts = vector<X509Cert>{ X509Cert(arg.substr(10)) };
+        else if(arg.find("--tslcert=") == 0) tslcerts = vector<X509Cert>{ X509Cert(toUTF8(arg.substr(10))) };
         else if(arg == "--TSLAllowExpired") expired = true;
         else if(arg == "--dontsign") doSign = false;
         else if(arg == "--nocolor") RED = GREEN = YELLOW = RESET = {};
-        else if(arg.find("--loglevel=") == 0) _logLevel = stoi(arg.substr(11));
-        else if(arg.find("--logfile=") == 0) _logFile = arg.substr(10);
-        else path = arg;
+        else if(arg.find("--loglevel=") == 0) _logLevel = atoi(arg.substr(11).data());
+        else if(arg.find("--logfile=") == 0) _logFile = toUTF8(arg.substr(10));
+        else path = toUTF8(arg);
     }
 }
 
@@ -917,7 +916,7 @@ static int tslcmd(int /*argc*/, char* /*argv*/[])
 {
     int returnCode = EXIT_SUCCESS;
     string cache = CONF(TSLCache);
-    TSL t(cache + "/" + File::fileName(CONF(TSLUrl)));
+    TSL t(File::path(cache, File::fileName(CONF(TSLUrl))));
     cout << "TSL: " << t.url() << endl
         << "         Type: " << t.type() << endl
         << "    Territory: " << t.territory() << endl

diff --git a/src/util/File.cpp b/src/util/File.cpp
@@ -22,6 +22,7 @@
 #include "log.h"
 
 #include <algorithm>
+#include <charconv>
 #include <ctime>
 #include <locale>
 #include <sstream>
@@ -204,9 +205,6 @@ string File::directory(const string& path)
  *
  * @param directory directory path.
  * @param relativePath relative path.
- * @param unixStyle when set to <code>true</code> returns path with unix path separators,
- *        otherwise returns with operating system specific path separators.
- *        Default value is <code>false</code>.
  * @return returns full path.
  */
 string File::path(string dir, string_view relativePath)
@@ -345,6 +343,7 @@ string File::toUriPath(const string &path)
 string File::fromUriPath(string_view path)
 {
     string ret;
+    ret.reserve(path.size());
     char data[] = "00";
     for(auto i = path.begin(); i != path.end(); ++i)
     {
@@ -361,15 +360,15 @@ string File::fromUriPath(string_view path)
     return ret;
 }
 
-vector<unsigned char> File::hexToBin(const string &in)
+vector<unsigned char> File::hexToBin(string_view in)
 {
     vector<unsigned char> out;
-    char data[] = "00";
-    for(string::const_iterator i = in.cbegin(); distance(i, in.cend()) >= 2;)
+    out.reserve(in.size() / 2);
+    uint8_t result{};
+    for(size_t pos{}; pos + 1 < in.size(); pos += 2)
     {
-        data[0] = *(i++);
-        data[1] = *(i++);
-        out.push_back(static_cast<unsigned char>(strtoul(data, nullptr, 16)));
+        if(auto i = next(in.data(), pos); from_chars(i, i + 2, result, 16).ec == std::errc{})
+            out.push_back(result);
     }
     return out;
 }
diff --git a/src/util/File.h b/src/util/File.h
@@ -51,7 +51,7 @@ namespace digidoc
               static void deleteTempFiles();
               static std::string toUriPath(const std::string &path);
               static std::string fromUriPath(std::string_view path);
-              static std::vector<unsigned char> hexToBin(const std::string &in);
+              static std::vector<unsigned char> hexToBin(std::string_view in);
 #ifdef _WIN32
               static std::string dllPath(std::string_view dll);
 #endif