Merge pull request #163 from baranyaib90/master

Fixes 13

Author: aarond10

.github/workflows/cmake.yml

@@ -8,26 +8,27 @@ jobs:
     # well on Windows or Mac.  You can convert this to a matrix build if you need
     # cross-platform coverage.
     # See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     strategy:
+      fail-fast: false
       matrix:
-        compiler: [gcc-10, clang-12]
+        compiler: [gcc-12, clang-15]
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@main
 
     - name: Update APT
       run: sudo apt-get update
 
     - name: Setup Dependencies
-      run: sudo apt-get install cmake libc-ares-dev libcurl4-openssl-dev libev-dev build-essential clang-tidy-12 ${{ matrix.compiler }} dnsutils python3-pip valgrind
+      run: sudo apt-get install cmake libc-ares-dev libcurl4-openssl-dev libev-dev build-essential clang-tidy-15 ${{ matrix.compiler }} dnsutils python3-pip valgrind
 
     - name: Setup Robot Framework
       run: sudo pip3 install robotframework
 
     - name: Set clang-tidy
-      run: sudo update-alternatives --install /usr/bin/clang-tidy clang-tidy /usr/bin/clang-tidy-12 100
+      run: sudo update-alternatives --install /usr/bin/clang-tidy clang-tidy /usr/bin/clang-tidy-15 100
 
     - name: Configure CMake
       env:
@@ -43,7 +44,7 @@ jobs:
     - name: Test
       run: make -C ${{github.workspace}}/ test ARGS="--verbose"
 
-    - uses: actions/upload-artifact@v2
+    - uses: actions/upload-artifact@v3
       if: ${{ success() || failure() }}
       with:
         name: robot-logs-${{ matrix.compiler }}

CMakeLists.txt

@@ -1,5 +1,5 @@
-project(HttpsDnsProxy C)
 cmake_minimum_required(VERSION 3.7)
+project(HttpsDnsProxy C)
 
 # FUNCTIONS
 
@@ -26,7 +26,7 @@ if (NOT CMAKE_INSTALL_BINDIR)
 endif()
 
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra --pedantic -Wno-strict-aliasing -Wno-variadic-macros")
-set(CMAKE_C_FLAGS_DEBUG "-g -DDEBUG")
+set(CMAKE_C_FLAGS_DEBUG "-gdwarf-4 -DDEBUG")
 set(CMAKE_C_FLAGS_RELEASE "-O2")
 
 if ((CMAKE_C_COMPILER_ID MATCHES GNU   AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 9) OR
@@ -92,7 +92,7 @@ if(NOT CLANG_TIDY_EXE)
   message(STATUS "clang-tidy not found.")
 else()
   message(STATUS "clang-tidy found: ${CLANG_TIDY_EXE}")
-  set(DO_CLANG_TIDY "${CLANG_TIDY_EXE}" "-fix" "-checks=*,-clang-analyzer-alpha.*,-misc-unused-parameters,-cert-err34-c,-google-readability-todo,-hicpp-signed-bitwise,-cppcoreguidelines-avoid-magic-numbers,-readability-magic-numbers,-gnu-folding-constant,-gnu-zero-variadic-macro-arguments,-readability-function-cognitive-complexity,-concurrency-mt-unsafe")
+  set(DO_CLANG_TIDY "${CLANG_TIDY_EXE}" "-fix" "-checks=*,-cert-err34-c,-readability-identifier-length,-altera-unroll-loops,-bugprone-easily-swappable-parameters,-concurrency-mt-unsafe,-*magic-numbers,-hicpp-signed-bitwise,-readability-function-cognitive-complexity,-altera-id-dependent-backward-branch,-google-readability-todo")
 endif()
 
 # BUILD

src/dns_poller.c

@@ -135,8 +135,8 @@ void dns_poller_init(dns_poller_t *d, struct ev_loop *loop,
                      int bootstrap_dns_polling_interval,
                      const char *hostname,
                      int family, dns_poller_cb cb, void *cb_data) {
-  int r = 0;
-  if ((r = ares_library_init(ARES_LIB_INIT_ALL)) != ARES_SUCCESS) {
+  int r = ares_library_init(ARES_LIB_INIT_ALL);
+  if (r != ARES_SUCCESS) {
     FLOG("ares_library_init error: %s", ares_strerror(r));
   }
 
@@ -148,11 +148,13 @@ void dns_poller_init(dns_poller_t *d, struct ev_loop *loop,
   };
   int optmask = ARES_OPT_TIMEOUTMS | ARES_OPT_TRIES | ARES_OPT_SOCK_STATE_CB;
 
-  if ((r = ares_init_options(&d->ares, &options, optmask)) != ARES_SUCCESS) {
+  r = ares_init_options(&d->ares, &options, optmask);
+  if (r != ARES_SUCCESS) {
     FLOG("ares_init_options error: %s", ares_strerror(r));
   }
 
-  if((r = ares_set_servers_ports_csv(d->ares, bootstrap_dns)) != ARES_SUCCESS) {
+  r = ares_set_servers_ports_csv(d->ares, bootstrap_dns);
+  if (r != ARES_SUCCESS) {
     FLOG("ares_set_servers_ports_csv error: %s", ares_strerror(r));
   }
 

src/dns_server.c

@@ -10,6 +10,12 @@
 #include "dns_server.h"
 #include "logging.h"
 
+
+enum {
+REQUEST_MAX = 1500  // A default MTU. We don't do TCP so any bigger is likely a waste
+};
+
+
 // Creates and bind a listening UDP socket for incoming requests.
 static int get_listen_sock(const char *listen_addr, int listen_port,
                            unsigned int *addrlen) {
@@ -40,7 +46,8 @@ static int get_listen_sock(const char *listen_addr, int listen_port,
     FLOG("Error creating socket");
   }
 
-  if ((res = bind(sock, ai->ai_addr, ai->ai_addrlen)) < 0) {
+  res = bind(sock, ai->ai_addr, ai->ai_addrlen);
+  if (res < 0) {
     FLOG("Error binding %s:%d: %s (%d)", listen_addr, listen_port,
          strerror(errno), res);
   }
@@ -51,9 +58,6 @@ static int get_listen_sock(const char *listen_addr, int listen_port,
   return sock;
 }
 
-// A default MTU. We don't do TCP so any bigger is likely a waste.
-#define REQUEST_MAX 1500
-
 static void watcher_cb(struct ev_loop __attribute__((unused)) *loop,
                        ev_io *w, int __attribute__((unused)) revents) {
   dns_server_t *d = (dns_server_t *)w->data;

src/https_client.c

@@ -13,7 +13,9 @@
 #include "options.h"
 
 #define DOH_CONTENT_TYPE "application/dns-message"
-#define DOH_MAX_RESPONSE_SIZE 65535
+enum {
+DOH_MAX_RESPONSE_SIZE = 65535
+};
 
 // the following macros require to have ctx pointer to https_fetch_ctx structure
 // else: compilation failure will occur
@@ -354,8 +356,8 @@ static int https_fetch_ctx_process_response(https_client_t *client,
       }
   }
 
-  if ((res = curl_easy_getinfo(
-        ctx->curl, CURLINFO_RESPONSE_CODE, &long_resp)) != CURLE_OK) {
+  res = curl_easy_getinfo(ctx->curl, CURLINFO_RESPONSE_CODE, &long_resp);
+  if (res != CURLE_OK) {
     ELOG_REQ("CURLINFO_RESPONSE_CODE: %s", curl_easy_strerror(res));
     faulty_response = 1;
   } else if (long_resp != 200) {
@@ -389,8 +391,8 @@ static int https_fetch_ctx_process_response(https_client_t *client,
 
   if (!faulty_response)
   {
-    if ((res = curl_easy_getinfo(
-          ctx->curl, CURLINFO_CONTENT_TYPE, &str_resp)) != CURLE_OK) {
+    res = curl_easy_getinfo(ctx->curl, CURLINFO_CONTENT_TYPE, &str_resp);
+    if (res != CURLE_OK) {
       ELOG_REQ("CURLINFO_CONTENT_TYPE: %s", curl_easy_strerror(res));
     } else if (str_resp == NULL ||
         strncmp(str_resp, DOH_CONTENT_TYPE, sizeof(DOH_CONTENT_TYPE) - 1) != 0) {  // at least, start with it
@@ -400,23 +402,25 @@ static int https_fetch_ctx_process_response(https_client_t *client,
   }
 
   if (logging_debug_enabled() || faulty_response || ctx->buflen == 0) {
-    if ((res = curl_easy_getinfo(
-            ctx->curl, CURLINFO_REDIRECT_URL, &str_resp)) != CURLE_OK) {
+    res = curl_easy_getinfo(ctx->curl, CURLINFO_REDIRECT_URL, &str_resp);
+    if (res != CURLE_OK) {
       ELOG_REQ("CURLINFO_REDIRECT_URL: %s", curl_easy_strerror(res));
     } else if (str_resp != NULL) {
       WLOG_REQ("Request would be redirected to: %s", str_resp);
       if (strcmp(str_resp, client->opt->resolver_url) != 0) {
         WLOG("Please update Resolver URL to avoid redirection!");
       }
     }
-    if ((res = curl_easy_getinfo(
-            ctx->curl, CURLINFO_SSL_VERIFYRESULT, &long_resp)) != CURLE_OK) {
+
+    res = curl_easy_getinfo(ctx->curl, CURLINFO_SSL_VERIFYRESULT, &long_resp);
+    if (res != CURLE_OK) {
       ELOG_REQ("CURLINFO_SSL_VERIFYRESULT: %s", curl_easy_strerror(res));
     } else if (long_resp != CURLE_OK) {
       WLOG_REQ("CURLINFO_SSL_VERIFYRESULT: %s", curl_easy_strerror(long_resp));
     }
-    if ((res = curl_easy_getinfo(
-            ctx->curl, CURLINFO_OS_ERRNO, &long_resp)) != CURLE_OK) {
+
+    res = curl_easy_getinfo(ctx->curl, CURLINFO_OS_ERRNO, &long_resp);
+    if (res != CURLE_OK) {
       ELOG_REQ("CURLINFO_OS_ERRNO: %s", curl_easy_strerror(res));
     } else if (long_resp != 0) {
       WLOG_REQ("CURLINFO_OS_ERRNO: %d %s", long_resp, strerror(long_resp));
@@ -428,8 +432,8 @@ static int https_fetch_ctx_process_response(https_client_t *client,
   }
 
   if (logging_debug_enabled() || client->stat) {
-    if ((res = curl_easy_getinfo(
-            ctx->curl, CURLINFO_NUM_CONNECTS , &long_resp)) != CURLE_OK) {
+    res = curl_easy_getinfo(ctx->curl, CURLINFO_NUM_CONNECTS , &long_resp);
+    if (res != CURLE_OK) {
       ELOG_REQ("CURLINFO_NUM_CONNECTS: %s", curl_easy_strerror(res));
     } else {
       DLOG_REQ("CURLINFO_NUM_CONNECTS: %d", long_resp);
@@ -440,20 +444,22 @@ static int https_fetch_ctx_process_response(https_client_t *client,
   }
 
   if (logging_debug_enabled()) {
-    if ((res = curl_easy_getinfo(
-            ctx->curl, CURLINFO_EFFECTIVE_URL, &str_resp)) != CURLE_OK) {
+    res = curl_easy_getinfo(ctx->curl, CURLINFO_EFFECTIVE_URL, &str_resp);
+    if (res != CURLE_OK) {
       ELOG_REQ("CURLINFO_EFFECTIVE_URL: %s", curl_easy_strerror(res));
     } else {
       DLOG_REQ("CURLINFO_EFFECTIVE_URL: %s", str_resp);
     }
-    if ((res = curl_easy_getinfo(
-            ctx->curl, CURLINFO_HTTP_VERSION, &long_resp)) != CURLE_OK) {
+
+    res = curl_easy_getinfo(ctx->curl, CURLINFO_HTTP_VERSION, &long_resp);
+    if (res != CURLE_OK) {
       ELOG_REQ("CURLINFO_HTTP_VERSION: %s", curl_easy_strerror(res));
     } else if (long_resp != CURL_HTTP_VERSION_NONE) {
       DLOG_REQ("CURLINFO_HTTP_VERSION: %s", http_version_str(long_resp));
     }
-    if ((res = curl_easy_getinfo(
-            ctx->curl, CURLINFO_PROTOCOL, &long_resp)) != CURLE_OK) {
+
+    res = curl_easy_getinfo(ctx->curl, CURLINFO_PROTOCOL, &long_resp);
+    if (res != CURLE_OK) {
       ELOG_REQ("CURLINFO_PROTOCOL: %s", curl_easy_strerror(res));
     } else if (long_resp != CURLPROTO_HTTPS) {
       DLOG_REQ("CURLINFO_PROTOCOL: %d", long_resp);

src/logging.c

@@ -1,3 +1,4 @@
+#include <inttypes.h>
 #include <stdarg.h>
 #include <stdint.h>
 #include <stdio.h>         // NOLINT(llvmlibc-restrict-system-libc-headers)
@@ -26,7 +27,7 @@ static void logging_timer_cb(struct ev_loop __attribute__((unused)) *loop,
                              ev_timer __attribute__((unused)) *w,
                              int __attribute__((unused)) revents) {
   if (logf) {
-    fflush(logf);
+    (void)fflush(logf);
   }
 }
 
@@ -47,20 +48,20 @@ void logging_flush_cleanup(struct ev_loop *loop) {
 
 void logging_init(int fd, int level) {
   if (logf) {
-    fclose(logf);
+    (void)fclose(logf);
   }
   logf = fdopen(fd, "a");
   loglevel = level;
 }
 
-void logging_cleanup() {
+void logging_cleanup(void) {
   if (logf) {
-    fclose(logf);
+    (void)fclose(logf);
   }
   logf = NULL;
 }
 
-int logging_debug_enabled() {
+int logging_debug_enabled(void) {
   return loglevel <= LOG_DEBUG;
 }
 
@@ -78,18 +79,18 @@ void _log(const char *file, int line, int severity, const char *fmt, ...) {
 
   struct timeval tv;
   gettimeofday(&tv, NULL);
-  fprintf(logf, "%s %8lu.%06lu %s:%d ", SeverityStr[severity],
+  (void)fprintf(logf, "%s %8"PRIu64".%06"PRIu64" %s:%d ", SeverityStr[severity],
           (uint64_t)tv.tv_sec,
           (uint64_t)tv.tv_usec, file, line);
 
   va_list args;
   va_start(args, fmt);
-  vfprintf(logf, fmt, args);
+  (void)vfprintf(logf, fmt, args);
   va_end(args);
-  fprintf(logf, "\n");
+  (void)fprintf(logf, "\n");
 
   if (severity >= LOG_FLUSH_LEVEL) {
-    fflush(logf);
+    (void)fflush(logf);
   }
   if (severity == LOG_FATAL) {
 #ifdef DEBUG

src/logging.h

@@ -16,10 +16,10 @@ void logging_flush_init(struct ev_loop *loop);
 void logging_flush_cleanup(struct ev_loop *loop);
 
 // Cleans up and flushes open logs.
-void logging_cleanup();
+void logging_cleanup(void);
 
 // Returns 1 if debug logging is enabled.
-int logging_debug_enabled();
+int logging_debug_enabled(void);
 
 // Internal. Don't use.
 void _log(const char *file, int line, int severity, const char *fmt, ...);

src/main.c

@@ -53,8 +53,8 @@ static int hostname_from_uri(const char* uri,
   if (!isalpha(*(end - 1))) { return 0; }  // last digit non-alpha.
 
   // If using basic authentication in URL, chop off prefix.
-  char *tmp = NULL;
-  if ((tmp = strchr(uri, '@'))) {
+  char *tmp = strchr(uri, '@');
+  if (tmp) {
     tmp++;
     if (tmp < end) {
       uri = tmp;
@@ -169,7 +169,7 @@ static void dns_poll_cb(const char* hostname, void *data,
   memset(buf, 0, sizeof(buf)); // NOLINT(clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling)
   if (strlen(hostname) > 254) { FLOG("Hostname too long."); }
   int ip_start = snprintf(buf, sizeof(buf) - 1, "%s:443:", hostname);  // NOLINT(clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling)
-  snprintf(buf + ip_start, sizeof(buf) - 1 - ip_start, "%s", addr_list); // NOLINT(clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling)
+  (void)snprintf(buf + ip_start, sizeof(buf) - 1 - ip_start, "%s", addr_list); // NOLINT(clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling)
   if (app->resolv && app->resolv->data) {
     char * old_addr_list = strstr(app->resolv->data, ":443:");
     if (old_addr_list) {

src/options.c

@@ -15,22 +15,24 @@
 #define O_CLOEXEC 0
 #endif
 
-#define DEFAULT_HTTP_VERSION 2
+enum {
+DEFAULT_HTTP_VERSION = 2
+};
 
 
-const char * options_sw_version() {
+const char * options_sw_version(void) {
 #ifdef SW_VERSION
   return SW_VERSION;
 #else
-  return "2023.01.01-atLeast";  // update date sometimes, like 1-2 times a year
+  return "2023.10.10-atLeast";  // update date sometimes, like 1-2 times a year
 #endif
 }
 
 void options_init(struct Options *opt) {
   opt->listen_addr = "127.0.0.1";
   opt->listen_port = 5053;
   opt->logfile = "-";
-  opt->logfd = -1;
+  opt->logfd = STDOUT_FILENO;
   opt->loglevel = LOG_ERROR;
   opt->daemonize = 0;
   opt->dscp = 0;
@@ -124,16 +126,16 @@ int options_parse_args(struct Options *opt, int argc, char **argv) {
     }
   }
   if (opt->user) {
-    struct passwd *p = NULL;
-    if (!(p = getpwnam(opt->user)) || !p->pw_uid) {
+    struct passwd *p = getpwnam(opt->user);
+    if (!p || !p->pw_uid) {
       printf("Username (%s) invalid.\n", opt->user);
       return -1;
     }
     opt->uid = p->pw_uid;
   }
   if (opt->group) {
-    struct group *g = NULL;
-    if (!(g = getgrnam(opt->group)) || !g->gr_gid) {
+    struct group *g = getgrnam(opt->group);
+    if (!g || !g->gr_gid) {
       printf("Group (%s) invalid.\n", opt->group);
       return -1;
     }
@@ -152,13 +154,13 @@ int options_parse_args(struct Options *opt, int argc, char **argv) {
            "----------------------------\n");
     sleep(1);
   }
-  if (opt->logfile == NULL ||
-      !strcmp(opt->logfile, "-")) {
-    opt->logfd = STDOUT_FILENO;
-  } else if ((opt->logfd = open(opt->logfile,
-                                O_CREAT | O_WRONLY | O_APPEND | O_CLOEXEC,
-                                S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP)) <= 0) {
-    printf("Logfile '%s' is not writable.\n", opt->logfile);
+  if (opt->logfile != NULL && strcmp(opt->logfile, "-") != 0) {
+    opt->logfd = open(opt->logfile,
+                      O_CREAT | O_WRONLY | O_APPEND | O_CLOEXEC,
+                      S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
+    if (opt->logfd <= 0) {
+      printf("Could not open logfile '%s' for writing.\n", opt->logfile);
+    }
   }
   if (opt->resolver_url == NULL ||
       strncmp(opt->resolver_url, "https://", 8) != 0) {