Fix compiler warnings. Reported by GCC with flags:

  -Wall -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS

Note, e.g. sprintf(digest, "%s%02x", digest, ...) is undefined behaviour because
the destination and source variables overlap, and GCC warnings for this.

acmp.c:258:13: warning: 'acmp_clone_node_no_state' defined but not used [-Wunused-function]
apache2_config.c:806:9: warning: unused variable 'offset' [-Wunused-variable]
apache2_config.c:1886:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_config.c:1942:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_config.c:2470:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_config.c:2538:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_util.c:226:11: warning: unused variable 'str' [-Wunused-variable]
apache2_util.c:225:11: warning: unused variable 'saved' [-Wunused-variable]
apache2_util.c:224:11: warning: unused variable 'parse_remote' [-Wunused-variable]
apache2_util.c:223:11: warning: unused variable 'remote' [-Wunused-variable]
msc_status_engine.c:216:17: warning: unused variable 'i' [-Wunused-variable]
msc_status_engine.c:375:55: warning: the address of 'pcre' will always evaluate as 'true' [-Waddress]
msc_crypt.c:67:17: warning: unused variable 'bytes' [-Wunused-variable]
msc_crypt.c:1083:33: warning: variable 'enc' set but not used [-Wunused-but-set-variable]
msc_crypt.c:1090:29: warning: variable 'enc' set but not used [-Wunused-but-set-variable]
/usr/include/bits/stdio2.h:30:10: warning: '__sprintf_chk' argument 5 overlaps destination object 'digest' [-Wrestrict]
msc_json.c:405:11: warning: unused variable 'json_data' [-Wunused-variable]
msc_crypt.c:1097:79: warning: '%s' directive argument is null [-Wformat-overflow=]
msc_logging.c:1144:20: warning: unused variable 'now' [-Wunused-variable]
msc_remote_rules.c:729:19: warning: unused variable 'word' [-Wunused-variable]
msc_remote_rules.c:727:17: warning: unused variable 'tmp' [-Wunused-variable]
msc_remote_rules.c:805:1: warning: control reaches end of non-void function [-Wreturn-type]
msc_tree.c:836:19: warning: unused variable 'ip' [-Wunused-variable]
msc_xml.c:29:44: warning: variable 'entity' set but not used [-Wunused-but-set-variable]
msc_util.c:2627:11: warning: unused variable 'start' [-Wunused-variable]
msc_util.c:2626:17: warning: unused variable 'fd' [-Wunused-variable]
msc_util.c:2624:18: warning: unused variable 'rc' [-Wunused-variable]
msc_util.c:1077:19: warning: array subscript 1 is outside array bounds of 'unsigned char[1]' [-Warray-bounds=]

Author: notroj

apache2/acmp.c

@@ -251,6 +251,7 @@ static void acmp_add_node_to_parent(acmp_node_t *parent, acmp_node_t *child) {
     }
 }
 
+#if 0
 /**
  * Copies values from one node to another, without child/sibling/fail pointers
  * and without state variables.
@@ -262,6 +263,7 @@ static void acmp_clone_node_no_state(acmp_node_t *from, acmp_node_t *to) {
     to->fail = NULL;
     to->hit_count = 0;
 }
+#endif
 
 static inline acmp_node_t *acmp_btree_find(acmp_node_t *node, acmp_utf8_char_t letter) {
     acmp_btree_node_t *bnode = node->btree;

apache2/apache2_config.c

@@ -797,7 +797,6 @@ static const char *add_rule(cmd_parms *cmd, directory_config *dcfg, int type,
     int type_with_lua = 1;
     int type_rule;
     int rule_actionset;
-    int offset = 0;
 
     #ifdef DEBUG_CONF
     ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_NOERRNO, 0, cmd->pool,
@@ -1935,7 +1934,6 @@ static const char *cmd_conn_read_state_limit(cmd_parms *cmd, void *_dcfg,
         ap_log_perror(APLOG_MARK, APLOG_EMERG, 0, cmd->pool, "cmd_conn_read_state_limit: _dcfg is NULL");
         return NULL;
     }
-    directory_config *dcfg = (directory_config *)_dcfg;
     long int limit;
 
     limit = strtol(p1, NULL, 10);
@@ -1991,7 +1989,6 @@ static const char *cmd_conn_write_state_limit(cmd_parms *cmd, void *_dcfg,
         ap_log_perror(APLOG_MARK, APLOG_EMERG, 0, cmd->pool, "cmd_conn_write_state_limit: _dcfg is NULL");
         return NULL;
     }
-    directory_config *dcfg = (directory_config *)_dcfg;
     long int limit;
 
     limit = strtol(p1, NULL, 10);
@@ -2519,7 +2516,6 @@ static const char *cmd_sever_conn_filters_engine(cmd_parms *cmd, void *_dcfg,
         ap_log_perror(APLOG_MARK, APLOG_EMERG, 0, cmd->pool, "cmd_sever_conn_filters_engine: _dcfg is NULL");
         return NULL;
     }
-    directory_config *dcfg = (directory_config *)_dcfg;
 
     if (strcasecmp(p1, "on") == 0)
     {
@@ -2587,7 +2583,6 @@ static const char *cmd_remote_rules_fail(cmd_parms *cmd, void *_dcfg, const char
         ap_log_perror(APLOG_MARK, APLOG_EMERG, 0, cmd->pool, "cmd_remote_rules_fail: _dcfg is NULL");
         return NULL;
     }
-    directory_config *dcfg = (directory_config *)_dcfg;
 
     if (strncasecmp(p1, "warn", 4) == 0)
     {

apache2/apache2_util.c

@@ -215,10 +215,6 @@ static void internal_log_ex(request_rec *r, directory_config *dcfg, modsec_rec *
     apr_size_t nbytes, nbytes_written;
     apr_file_t *debuglog_fd = NULL;
     int filter_debug_level = 0;
-    char *remote = NULL;
-    char *parse_remote = NULL;
-    char *saved = NULL;
-    char *str = NULL;
     char str1[1024] = "";
     char str2[1256] = "";
 

apache2/msc_crypt.c

@@ -64,7 +64,6 @@ char *normalize_path(modsec_rec *msr, char *input) {
 
         if(uri->path)   {
             char *Uri = NULL;
-            int bytes = 0;
             /*int i;*/
             char *abs_link = NULL;
             char *filename = NULL;
@@ -1079,22 +1078,18 @@ int inject_hashed_response_body(modsec_rec *msr, int elts) {
     if (ctype && encoding == NULL) {
         if (ctype && (p = m_strcasestr(ctype, "charset=") , p != NULL)) {
             p += 8 ;
-            if (encoding = apr_pstrndup(msr->mp, p, strcspn(p, " ;") ), encoding) {
-                xmlCharEncoding enc;
-                enc = xmlParseCharEncoding(encoding);
-                handler = xmlFindCharEncodingHandler(encoding);
-            }
+            encoding = apr_pstrndup(msr->mp, p, strcspn(p, " ;"));
+            handler = xmlFindCharEncodingHandler(encoding);
         }
     } else  {
         if(encoding != NULL)    {
-            xmlCharEncoding enc;
-            enc = xmlParseCharEncoding(encoding);
             handler = xmlFindCharEncodingHandler(encoding);
         }
     }
 
     if (msr->txcfg->debuglog_level >= 4)
-        msr_log(msr, 4, "inject_hashed_response_body: Detected encoding type [%s].", encoding);
+        msr_log(msr, 4, "inject_hashed_response_body: Detected encoding type [%s].",
+                encoding ? encoding : "(none)");
 
     if (handler == NULL)
         handler = xmlFindCharEncodingHandler("UTF-8");

apache2/msc_geo.c

@@ -279,7 +279,6 @@ int geo_lookup(modsec_rec *msr, geo_rec *georec, const char *target, char **erro
     apr_size_t nbytes;
     unsigned int rec_val = 0;
     apr_off_t seekto = 0;
-    apr_status_t ret;
     int rc;
     int country = 0;
     int level;

apache2/msc_json.c

@@ -402,7 +402,6 @@ int json_complete(modsec_rec *msr, char **error_msg) {
     assert(msr != NULL);
     assert(msr->json != NULL);
     assert(error_msg != NULL);
-    char *json_data = (char *) NULL;
 
     *error_msg = NULL;
 

apache2/msc_logging.c

@@ -1134,8 +1134,6 @@ void sec_audit_logger_json(modsec_rec *msr) {
     /* AUDITLOG_PART_TRAILER */
 
     if (strchr(msr->txcfg->auditlog_parts, AUDITLOG_PART_TRAILER) != NULL) {
-        apr_time_t now = apr_time_now();
-
         /* Messages */
         been_opened = 0;
         if (msr->alerts->nelts > 0) {

apache2/msc_remote_rules.c

@@ -719,9 +719,7 @@ int msc_remote_add_rules_from_uri(cmd_parms *orig_parms,
         if (plain_text[len]  == '\n')
         {
             const char *rule = NULL;
-            int tmp = len;
             char *cmd_name = NULL;
-            char *word = NULL;
             const command_rec *cmd;
 
             ap_directive_t *newdir;
@@ -792,6 +790,7 @@ int msc_remote_add_rules_from_uri(cmd_parms *orig_parms,
     {
         msc_remote_clean_chunk(&downloaded_content);
     }
+    return 0;
 #else
     *error_msg = "SecRemoteRules was not enabled during ModSecurity " \
         "compilation.";

apache2/msc_status_engine.c

@@ -164,7 +164,6 @@ int DSOLOCAL msc_status_engine_mac_address (unsigned char *mac)
 #ifdef DARWIN
     struct ifaddrs* ifaphead;
     struct ifaddrs* ifap;
-    int i = 0;
 
     if ( getifaddrs( &ifaphead ) != 0 ) {
         goto failed;
@@ -213,7 +212,6 @@ int DSOLOCAL msc_status_engine_mac_address (unsigned char *mac)
         }
 
         if ( ioctl( sock, SIOCGIFHWADDR, ifr ) == 0 ) {
-            int i = 0;
             if (!ifr->ifr_addr.sa_data[0] && !ifr->ifr_addr.sa_data[1]
                 && !ifr->ifr_addr.sa_data[2]) {
                 continue;
@@ -290,7 +288,6 @@ int DSOLOCAL msc_status_engine_unique_id (unsigned char *digest)
     unsigned char *mac_address = NULL;
     char *machine_name = NULL;
     int ret = 0;
-    int i = 0;
     apr_sha1_ctx_t context;
 
     mac_address = malloc(sizeof(char)*(MAC_ADDRESS_SIZE));
@@ -321,10 +318,7 @@ int DSOLOCAL msc_status_engine_unique_id (unsigned char *digest)
     apr_sha1_update(&context, mac_address, strlen(mac_address));
     apr_sha1_final(hex_digest, &context);
 
-    for (i = 0; i < APR_SHA1_DIGESTSIZE; i++)
-    {
-        sprintf(digest, "%s%02x", digest, hex_digest[i]);
-    }
+    ap_bin2hex(hex_digest, APR_SHA1_DIGESTSIZE, digest);
 
 failed_set_machine_name:
     free(machine_name);
@@ -372,7 +366,7 @@ int DSOLOCAL msc_beacon_string (char *beacon_string, int beacon_string_max_len)
     /* 6 represents: strlen("(null)") */
     beacon_string_len = (modsec ? strlen(modsec) : 6) +
         (apache ? strlen(apache) : 6) + (apr ? strlen(apr) : 6) +
-        (apr_loaded ? strlen(apr_loaded) : 6) + (pcre ? strlen(pcre) : 6) +
+        (apr_loaded ? strlen(apr_loaded) : 6) + strlen(pcre) +
         (pcre_loaded ? strlen(pcre_loaded) : 6) + (lua ? strlen(lua) : 6) +
         (libxml ? strlen(libxml) : 6) + (APR_SHA1_DIGESTSIZE * 2);
 

apache2/msc_tree.c

@@ -833,7 +833,7 @@ TreeNode *CPTIpMatch(modsec_rec *msr, unsigned char *ipdata, CPTTree *tree, int
 }
 
 TreeNode *TreeAddIP(const char *buffer, CPTTree *tree, int type) {
-    unsigned long ip, ret;
+    unsigned long ret;
     unsigned char netmask_v4 = NETMASK_32, netmask_v6 = NETMASK_128;
     char ip_strv4[NETMASK_32], ip_strv6[NETMASK_128];
     struct in_addr addr4;

apache2/msc_util.c

@@ -104,13 +104,12 @@ int swap_int32(int x) {
  * \retval rval On Success
  */
 char *utf8_unicode_inplace_ex(apr_pool_t *mp, unsigned char *input, long int input_len, int *changed) {
-    int unicode_len = 0, length = 0;
+    int unicode_len = 0;
     unsigned int d = 0;
     unsigned char c, *utf;
     char *rval, *data;
-    unsigned int i, len, j;
+    unsigned int i, len;
     unsigned int bytes_left = input_len;
-    unsigned char *unicode = NULL;
 
     assert(input != NULL);
 
@@ -2497,10 +2496,7 @@ int ip_tree_from_uri(TreeRoot **rtree, char *uri,
     apr_pool_t *mp, char **error_msg)
 {
     TreeNode *tnode = NULL;
-    apr_status_t rc;
     int line = 0;
-    apr_file_t *fd;
-    char *start;
     int res;
 
     struct msc_curl_memory_buffer_t chunk;

apache2/msc_xml.c

@@ -132,29 +132,19 @@ static void msc_xml_on_characters(void *ctx, const xmlChar *ch, int len) {
 }
 
 
-static xmlParserInputBufferPtr
-xml_unload_external_entity(const char *URI, xmlCharEncoding enc)    {
-    return NULL;
-}
-
 
 /**
  * Initialise XML parser.
  */
 int xml_init(modsec_rec *msr, char **error_msg) {
     assert(msr != NULL);
     assert(error_msg != NULL);
-    xmlParserInputBufferCreateFilenameFunc entity;
 
     *error_msg = NULL;
 
     msr->xml = apr_pcalloc(msr->mp, sizeof(xml_data));
     if (msr->xml == NULL) return -1;
 
-    if(msr->txcfg->xml_external_entity == 0)    {
-        entity = xmlParserInputBufferCreateFilenameDefault(xml_unload_external_entity);
-    }
-
     if (msr->txcfg->parse_xml_into_args != MSC_XML_ARGS_OFF) {
 
         msr->xml->sax_handler = (xmlSAXHandler *)apr_pcalloc(msr->mp, sizeof(xmlSAXHandler));

apache2/re.c

@@ -205,10 +205,9 @@ char *msre_ruleset_phase_rule_update_target_matching_exception(modsec_rec *msr,
     assert(ruleset != NULL);
     assert(phase_arr != NULL);
     msre_rule **rules;
-    int i, j, mode;
+    int i, mode;
     char *err;
 
-    j = 0;
     mode = 0;
     rules = (msre_rule **)phase_arr->elts;
     for (i = 0; i < phase_arr->nelts; i++) {
@@ -247,7 +246,6 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
     char *my_error_msg = NULL, *target = NULL;
     char *p = NULL, *savedptr = NULL;
     unsigned int is_negated = 0, is_counting = 0;
-    int name_len = 0, value_len = 0;
     char *name = NULL, *value = NULL;
     char *opt = NULL, *param = NULL;
     char *target_list = NULL, *replace = NULL;
@@ -297,10 +295,6 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
                 goto end;
             }
 
-            name_len = strlen(name);
-
-            if (value != NULL) value_len = strlen(value);
-
             targets = (msre_var **)rule->targets->elts;
             // TODO need a good way to remove the element from array, maybe change array by tables or rings
             for (i = 0; i < rule->targets->nelts; i++) {
@@ -395,10 +389,6 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
                     goto end;
                 }
 
-                name_len = strlen(name);
-
-                if (value != NULL) value_len = strlen(value);
-
                 if (msr) {
                     msr_log(msr, 9, "Trying to append variable name [%s] value [%s]", name, value);
                 }

apache2/re_operators.c

@@ -4231,11 +4231,6 @@ static int msre_op_fuzzy_hash_init(msre_rule *rule, char **error_msg)
     return 1;
 #endif
     return 1;
-
-invalid_parameters:
-    *error_msg = apr_psprintf(rule->ruleset->mp, "Operator @fuzzyHash " \
-        "requires valid parameters. File and threshold.");
-    return -1;
 }
 
 static int msre_op_fuzzy_hash_execute(modsec_rec *msr, msre_rule *rule,