secnet and clang

[Richard Kettlewell]

I've fed secnet through Clang and its static analyzer.

First, just the compiler:

     It complained about a bunch of unused function arguments.  I have
     a patch to fix this.

     It also found an error in md5.c.  I have a patch for this too.

And the analyser:

     The results can be found at:

         http://deodand.anjou.terraraq.org.uk/~richard/secnet.scan/

     The sha1.c dead assignments are attempts to clear
     possibly-sensitive values from RAM and of course are ineffective
     with post-neolithic compilers.  Actually both GCC and Clang have
     those variables in registers at that point anyway, even in 32-bit
     builds, so they'd be extra-pointless even if not optimized out.

     The conffile.tab.c assignments might be less dead with other
     configurations of the Bison macro soup.

     conffile.yy.c:1387, 1535.  False positives as far as I can see -
     yy_ensure_buffer_stack fatals if the allocation fails, so the
     analyzer's initial assumption should never be true.

     conffile.yy.c:1508 etc.  The original code in conffile.y looks OK
     to me.  Either the analyser's reasoning is defective (the
     explanations at 1366-69 seem rather suspect) or there is a bug in
     Bison.

     conffile.yy.c:556.  False positive, the operation would not be
     idempotent on an LP64 platform.

     conffile.yy.c:1577, 1582.  True but uninteresting.

ttfn/rjk