conffile.fl: Use %option noyywrap rather than providing yywrap Prompted by review of fe0c91cce702 "configure.in, conffile.fl: Remove dependency on `libfl.a'." Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
configure.in, conffile.fl: Remove dependency on `libfl.a'. The `libfl' library contains two functions: * `main', which basically just calls `yylex' a lot, as an easy way to write simple programs in lex(1); and * `yywap', which lets a lex(1)-generated lexer know what to do when it encounters end-of-file. Specifically, it can return nonzero to say `that's it, we're done', or zero to say `there's more: I've set up ``yyin'' so that you can read more stuff'. The library doesn't do anything very sensible for `yywrap': it just always returns 1. (If you wanted to do something more complicated, you should just write `yywrap' yourself.) Secnet has its own `main' function which is fine. It wants `yywrap', though. This causes trouble with upstream `flex', which nowadays builds a shared `libfl.so' library. This contains /both/ `yywrap' /and/ `main', which breaks the `configure' test: what happens is that the test program requires `yywrap', which brings in `libfl.so', which brings in its `main', which refers to an undefined symbol `yylex' that's not defined in the test program. This doesn't go wrong in Debian, because Debian replaces the shared-library `libfl.so' with a linker script which says `oh, no, you don't want this: you want that ``libfl_pic.a'' over there'. The latter is a traditional archive, and ld(1) can pick `yywrap' out of it without pulling in the bogus `main' and its dependency on `yylex'. Anyway, this is all more trouble than it's worth. Define our own `yywrap' in `conffile.fl', and delete the `configure' machinery. Signed-off-by: Mark Wooding <mdw@distorted.org.uk>
Administrivia: Fix erroneous GPL3+ licence notices "version d or later" (!) Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Copyright updates - update to GPLv3, etc. Update to GPLv3. secnet as actually installed is GPLv3+ anyway because it depends on python-ipaddr (Apache 2.0, which is GPLv2-incompatible), adns (now GPLv3+), and libgmp (now LGPLv3+). Also: * Add missing copyright notices and credits. * Get rid of old FSF street address; use URL instead. * Remove obsolete LICENCE.txt (which was for snprintf reimplementation). * Remove obsolete references to Cendio (for old ipaddr.py, now gone). Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
NEW etc.: Use NEW in all obvious places Entirely automatic conversion, using the following Perl rune: perl -i~ -pe 's#^(\s+)(\w+)=safe_malloc\(sizeof\(\*\2\),"[^"]+"\);$#$1NEW($2);#' *.c conffile.fl conffile.y Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Config file fixes. * Reject integers in excess of 2^32-1 (rather than reducing them mod 2^32). * ptree_dump(): - Remove a magic number. - More realistic recursion limit. * Various bits of type hygeine. Signed-off-by: Richard Kettlewell <rjk@terraraq.org.uk>
integer arithmetic types: do not use unsigned for lengths In C it is not normally a good idea to use an unsigned integer type for integer values, even if they are known not ever to be zero (for example, because they are lengths). This is because C unsigned arithmetic has unhelpful behaviour when the values would become negative. In particular, comparing signed and unsigned integers, and doing arithmetic (especially subtraction) when unsigned integers are present, can be dangerous and lead to unexpected results. So fix the resulting warnings (which are due to -Wsign-compare which comes from -W) by making all lengths, counts (and iterators over them) and return values from scanf be of signed types, usually int32_t instead of uint32_t (but occasionally int). Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
integer and buffer overflows: introduce a number of asserts In various places we add and increment integers, hoping that they don't overflow. We also prepend and append things to our internal buffer, which is of fixed size, without checking that they will fit. This means that malicious configuration (for example, long site names) might be able to take over the secnet program. So, add a whole lot of checking. Many of these places don't have a sensible way to return an error; in those cases we assert. Some of the checks are off-by-one in the sense that they say "assert(x<...)" when "<=" would be OK too. This is done to avoid having to think too hard about fenceposts, as it's a simple way to avoid introducing bugs. Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk> Signed-off-by: Richard Kettlewell <richard@greenend.org.uk>
cleanup: specify never-interactive option for flex scanner We never parse configuration interactively. That's just as well, because without "%option never-interactive" flex generates a redundant declaration of isatty which upsets -Wredundant-decls. This is a bug in flex IMO but the workaround is fine for secnet. Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
cleanup: turn off some unused flex options We do not use yyunput or yyinput. Turning them off slightly improves the scanner performance (not that that's important) but also prevents "defined but not used" compiler warnings. Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Import release 0.1.15
Import release 0.1.14
Import release 0.09
Import release 0.06
Import release 0.03