From b44ab4ec21c9cb03d90b3dc98b13b7bd82fcec3c Mon Sep 17 00:00:00 2001 From: Raul Metsma Date: Fri, 5 Apr 2024 14:17:41 +0300 Subject: [PATCH] Fix Coverity warnings IB-7930 Signed-off-by: Raul Metsma --- src/Conf.cpp | 2 +- src/crypto/Connect.cpp | 2 +- src/crypto/X509Crypto.cpp | 46 +++++++++++++++++++++------------------ src/digidoc-tool.cpp | 39 ++++++++++++++++----------------- 4 files changed, 46 insertions(+), 43 deletions(-) diff --git a/src/Conf.cpp b/src/Conf.cpp index 0615af863..de7cbcefc 100644 --- a/src/Conf.cpp +++ b/src/Conf.cpp @@ -319,7 +319,7 @@ ConfV4* ConfV4::instance() { return dynamic_cast(Conf::instance()); } vector ConfV4::verifyServiceCerts() const { if(X509Cert cert = verifyServiceCert()) - return { cert }; + return { std::move(cert) }; return {}; } diff --git a/src/crypto/Connect.cpp b/src/crypto/Connect.cpp index d5b66718e..ddb5da5fb 100644 --- a/src/crypto/Connect.cpp +++ b/src/crypto/Connect.cpp @@ -338,7 +338,7 @@ Connect::Result Connect::exec(initializer_list> he if(!r.isRedirect() || recursive > 3) return r; string location = r.headers.find("Location") == r.headers.cend() ? r.headers["location"] : r.headers["Location"]; - string url = location.find("://") != string::npos ? location : baseurl + location; + string url = location.find("://") != string::npos ? std::move(location) : baseurl + location; Connect c(url, method, timeout); c.recursive = recursive + 1; return c.exec(headers); diff --git a/src/crypto/X509Crypto.cpp b/src/crypto/X509Crypto.cpp index d0fbb6959..c8fa040d7 100644 --- a/src/crypto/X509Crypto.cpp +++ b/src/crypto/X509Crypto.cpp @@ -26,6 +26,7 @@ #include #include #include +#include using namespace digidoc; using namespace std; @@ -103,26 +104,30 @@ int X509Crypto::compareIssuerToString(string_view name) const "UID", "userId" }; - for(size_t old = 0, pos = name.find(','); ; pos = name.find(',', old)) + bool escape = false; + string_view key; + std::unordered_map data; + for(size_t i = 0, pos = 0; i < name.size(); ++i) { - if(pos == string::npos) - pos = name.size(); - if(pos < old) - break; - if(name[pos-1] == '\\') - { - old = pos + 1; - continue; + if(escape) + escape = false; + else if(char chr = name[i]; chr == '\\') + escape = true; + else if(chr == '=' && key.empty()) { + key = name.substr(pos, i - pos); + pos += key.size() + 1; + } else if(auto last = (i + 1) == name.size(); last || chr == ',') { + auto value = name.substr(pos, last ? string_view::npos : i - pos); + data[key] = value; + key = {}; + pos += value.size() + 1; } + } - auto nameitem = name.substr(old, pos - old); - old = pos + 1; - - if(pos = nameitem.find('='); - pos == string::npos || pos == 0 || nameitem[pos-1] == '\\') - continue; - - auto obj = find(list.cbegin(), list.cend(), nameitem.substr(0, pos)); + X509_NAME *issuer = X509_get_issuer_name(cert.handle()); + for(const auto &[key, val]: data) + { + auto obj = find(list.cbegin(), list.cend(), key); if(obj == list.cend()) continue; @@ -130,13 +135,13 @@ int X509Crypto::compareIssuerToString(string_view name) const obj++; ASN1_OBJECT *obja = OBJ_txt2obj(*obj, 0); if(!obja) - continue; + return -1; static const string_view escape = " #+,;<=>\\"; - string value(nameitem.substr(pos+1, pos-old)); + string value(val); static const errc ok{}; uint8_t result{}; - for(string::size_type pos = value.find('\\'); pos < value.size(); pos = value.find('\\', ++pos)) + for(size_t pos = value.find('\\'); pos < value.size(); pos = value.find('\\', ++pos)) { if(auto data = next(value.data(), pos + 1); from_chars(data, next(data, 2), result, 16).ec == ok) { @@ -148,7 +153,6 @@ int X509Crypto::compareIssuerToString(string_view name) const } bool found = false; - X509_NAME *issuer = X509_get_issuer_name(cert.handle()); for(int i = 0; i < X509_NAME_entry_count(issuer); ++i) { X509_NAME_ENTRY *entb = X509_NAME_get_entry(issuer, i); diff --git a/src/digidoc-tool.cpp b/src/digidoc-tool.cpp index f2eb87d43..8628a92d3 100644 --- a/src/digidoc-tool.cpp +++ b/src/digidoc-tool.cpp @@ -122,8 +122,7 @@ static ostream &operator<<(ostream &os, Signature::Validator::Status status) static ostream &endl(ostream &os) { - os.put('\n'); - return os; + return os.put('\n'); } } @@ -384,14 +383,14 @@ ToolConfig::ToolConfig(int argc, char *argv[]) { for(int i = 2; i < argc; i++) { - string arg(toUTF8(argv[i])); + string_view arg(argv[i]); if(arg.find("--profile=") == 0) profile = arg.substr(10); else if(arg.find("--file=") == 0) { - string arg2(i+1 < argc ? toUTF8(argv[i+1]) : string()); + string_view arg2(i+1 < argc ? argv[i+1] : string_view()); files.emplace(arg.substr(7), - arg2.find("--mime=") == 0 ? arg2.substr(7) : "application/octet-stream"); + arg2.find("--mime=") == 0 ? toUTF8(arg2.substr(7)) : "application/octet-stream"); } #ifdef _WIN32 else if(arg == "--cng") cng = true; @@ -402,23 +401,23 @@ ToolConfig::ToolConfig(int argc, char *argv[]) { cng = false; if(arg.find('=') != string::npos) - pkcs11 = arg.substr(arg.find('=') + 1); + pkcs11 = toUTF8(arg.substr(arg.find('=') + 1)); } else if(arg.find("--pkcs12=") == 0) { cng = false; - pkcs12 = arg.substr(9); + pkcs12 = toUTF8(arg.substr(9)); } else if(arg == "--dontValidate") dontValidate = true; else if(arg == "--XAdESEN") XAdESEN = true; else if(arg.find("--pin=") == 0) pin = arg.substr(6); - else if(arg.find("--cert=") == 0) cert = arg.substr(7); - else if(arg.find("--city=") == 0) city = arg.substr(7); - else if(arg.find("--street=") == 0) street = arg.substr(9); - else if(arg.find("--state=") == 0) state = arg.substr(8); - else if(arg.find("--postalCode=") == 0) postalCode = arg.substr(13); - else if(arg.find("--country=") == 0) country = arg.substr(10); - else if(arg.find("--role=") == 0) roles.push_back(arg.substr(7)); + else if(arg.find("--cert=") == 0) cert = toUTF8(arg.substr(7)); + else if(arg.find("--city=") == 0) city = toUTF8(arg.substr(7)); + else if(arg.find("--street=") == 0) street = toUTF8(arg.substr(9)); + else if(arg.find("--state=") == 0) state = toUTF8(arg.substr(8)); + else if(arg.find("--postalCode=") == 0) postalCode = toUTF8(arg.substr(13)); + else if(arg.find("--country=") == 0) country = toUTF8(arg.substr(10)); + else if(arg.find("--role=") == 0) roles.push_back(toUTF8(arg.substr(7))); else if(arg == "--sha224") uri = URI_SHA224; else if(arg == "--sha256") uri = URI_SHA256; else if(arg == "--sha384") uri = URI_SHA384; @@ -435,13 +434,13 @@ ToolConfig::ToolConfig(int argc, char *argv[]) else if(arg == "--rsapss") rsaPss = true; else if(arg.find("--tsurl") == 0) tsurl = arg.substr(8); else if(arg.find("--tslurl=") == 0) tslurl = arg.substr(9); - else if(arg.find("--tslcert=") == 0) tslcerts = vector{ X509Cert(arg.substr(10)) }; + else if(arg.find("--tslcert=") == 0) tslcerts = vector{ X509Cert(toUTF8(arg.substr(10))) }; else if(arg == "--TSLAllowExpired") expired = true; else if(arg == "--dontsign") doSign = false; else if(arg == "--nocolor") RED = GREEN = YELLOW = RESET = {}; - else if(arg.find("--loglevel=") == 0) _logLevel = stoi(arg.substr(11)); - else if(arg.find("--logfile=") == 0) _logFile = arg.substr(10); - else path = arg; + else if(arg.find("--loglevel=") == 0) _logLevel = atoi(arg.substr(11).data()); + else if(arg.find("--logfile=") == 0) _logFile = toUTF8(arg.substr(10)); + else path = toUTF8(arg); } } @@ -917,7 +916,7 @@ static int tslcmd(int /*argc*/, char* /*argv*/[]) { int returnCode = EXIT_SUCCESS; string cache = CONF(TSLCache); - TSL t(cache + "/" + File::fileName(CONF(TSLUrl))); + TSL t(File::path(cache, File::fileName(CONF(TSLUrl)))); cout << "TSL: " << t.url() << endl << " Type: " << t.type() << endl << " Territory: " << t.territory() << endl @@ -953,7 +952,7 @@ static int tslcmd(int /*argc*/, char* /*argv*/[]) cout << " TSL: missing" << endl; continue; } - TSL tp(std::move(path)); + TSL tp(path); cout << " TSL: " << p.location << endl << " Type: " << tp.type() << endl << " Territory: " << tp.territory() << endl