fixed compiler warnings issued by:

gcc 4.3
	curl.h gcc type-checking
	glibc with enabled FORTIFY_SOURCE checking

src/charon/daemon.c

@@ -719,7 +719,7 @@ int main(int argc, char *argv[])
 	if (pid_file)
 	{
 		fprintf(pid_file, "%d\n", getpid());
-		fchown(fileno(pid_file), charon->uid, charon->gid);
+		ignore_result(fchown(fileno(pid_file), charon->uid, charon->gid));
 		fclose(pid_file);
 	}
 	

src/charon/plugins/sql/sql_attribute.c

@@ -17,6 +17,8 @@
 
 #include "sql_attribute.h"
 
+#include <time.h>
+
 #include <daemon.h>
 
 typedef struct private_sql_attribute_t private_sql_attribute_t;

src/charon/plugins/updown/updown_plugin.c

@@ -72,7 +72,10 @@ static void updown(ike_sa_t *ike_sa, child_sa_t *child_sa, bool up)
 		FILE *shell;
 
 		/* get subnet/bits from string */
-		asprintf(&my_client, "%R", my_ts);
+		if (asprintf(&my_client, "%R", my_ts) < 0)
+		{
+			my_client = NULL;
+		}
 		pos = strchr(my_client, '/');
 		*pos = '\0';
 		my_client_mask = pos + 1;
@@ -81,7 +84,10 @@ static void updown(ike_sa_t *ike_sa, child_sa_t *child_sa, bool up)
 		{
 			*pos = '\0';
 		}
-		asprintf(&other_client, "%R", other_ts);
+		if (asprintf(&other_client, "%R", other_ts) < 0)
+		{
+			other_client = NULL;
+		}
 		pos = strchr(other_client, '/');
 		*pos = '\0';
 		other_client_mask = pos + 1;
@@ -93,11 +99,17 @@ static void updown(ike_sa_t *ike_sa, child_sa_t *child_sa, bool up)
 
 		if (vip)
 		{
-			asprintf(&virtual_ip, "PLUTO_MY_SOURCEIP='%H' ", vip);
+			if (asprintf(&virtual_ip, "PLUTO_MY_SOURCEIP='%H' ", vip) < 0)
+			{
+				virtual_ip = NULL;
+			}
 		}
 		else
 		{
-			asprintf(&virtual_ip, "");
+			if (asprintf(&virtual_ip, "") < 0)
+			{
+				virtual_ip = NULL;
+			}
 		}
 		
 		iface = charon->kernel_interface->get_interface(

src/charon/sa/ike_sa.c

@@ -2176,7 +2176,7 @@ static void remove_dns_servers(private_ike_sa_t *this)
 		if (!found)
 		{	
 			/* write line untouched back to file */
-			fwrite(orig_line.ptr, orig_line.len, 1, file);
+			ignore_result(fwrite(orig_line.ptr, orig_line.len, 1, file));
 			fprintf(file, "\n");
 		}
 	}
@@ -2230,7 +2230,7 @@ static void add_dns_server(private_ike_sa_t *this, host_t *dns)
 	{
 		this->dns_servers->insert_last(this->dns_servers, dns->clone(dns));
 	}
-	fwrite(contents.ptr, contents.len, 1, file);
+	ignore_result(fwrite(contents.ptr, contents.len, 1, file));
 	
 	fclose(file);	
 }

src/dumm/dumm.c

@@ -87,7 +87,7 @@ static void delete_guest(private_dumm_t *this, guest_t *guest)
 		guest->destroy(guest);
 		if (len > 8 && len < 512)
 		{
-			system(buf);
+			ignore_result(system(buf));
 		}
 	}
 }
@@ -280,7 +280,10 @@ dumm_t *dumm_create(char *dir)
 	 	}
 		if (dir)
 		{
-			asprintf(&this->dir, "%s/%s", cwd, dir);
+			if (asprintf(&this->dir, "%s/%s", cwd, dir) < 0)
+			{
+				this->dir = NULL;
+			}
 		}
 		else
 		{
@@ -288,17 +291,21 @@ dumm_t *dumm_create(char *dir)
 		}
 	}
 	this->template = NULL;
-	asprintf(&this->guest_dir, "%s/%s", this->dir, GUEST_DIR);
+	if (asprintf(&this->guest_dir, "%s/%s", this->dir, GUEST_DIR) < 0)
+	{
+		this->guest_dir = NULL;
+	}
 	this->guests = linked_list_create();
 	this->bridges = linked_list_create();
 	
-	if (mkdir(this->guest_dir, PERME) < 0 && errno != EEXIST)
+	if (this->dir == NULL || this->guest_dir == NULL ||
+		(mkdir(this->guest_dir, PERME) < 0 && errno != EEXIST))
 	{
 		DBG1("creating guest directory '%s' failed: %m", this->guest_dir);
 		destroy(this);
 		return NULL;
 	}
-		
+	
 	load_guests(this);
 	return &this->public;
 }

src/dumm/guest.c

@@ -576,11 +576,22 @@ static private_guest_t *guest_create_generic(char *parent, char *name,
 		
 	if (*parent == '/' || getcwd(cwd, sizeof(cwd)) == NULL)
 	{
-		asprintf(&this->dirname, "%s/%s", parent, name);
+		if (asprintf(&this->dirname, "%s/%s", parent, name) < 0)
+		{
+			this->dirname = NULL;
+		}
 	}
 	else
 	{
-		asprintf(&this->dirname, "%s/%s/%s", cwd, parent, name);
+		if (asprintf(&this->dirname, "%s/%s/%s", cwd, parent, name) < 0)
+		{
+			this->dirname = NULL;
+		}
+	}
+	if (this->dirname == NULL)
+	{
+		free(this);
+		return NULL;
 	}
 	if (create)
 	{

src/libfreeswan/freeswan.h

@@ -446,6 +446,7 @@ bitstomask(
 /* option pickup from files (userland only because of use of FILE) */
 const char *optionsfrom(const char *filename, int *argcp, char ***argvp,
 						int optind, FILE *errorreport);
+#define ignore_result(call) { if (call); }
 #endif
 
 /*

src/libstrongswan/plugins/agent/agent_private_key.c

@@ -215,9 +215,13 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey)
 	chunk_t blob = chunk_from_buf(buf), key, type, tmp;
 	
 	len = htonl(1);
-	write(this->socket, &len, sizeof(len));
 	buf[0] = SSH_AGENT_ID_REQUEST;
-	write(this->socket, &buf, 1);
+	if (write(this->socket, &len, sizeof(len)) != sizeof(len) ||
+		write(this->socket, &buf, 1) != 1)
+	{
+		DBG1("writing to ssh-agent failed");
+		return FALSE;
+	}
 	
 	blob.len = read(this->socket, blob.ptr, blob.len);
 	
@@ -275,20 +279,36 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme,
 	}
 	
 	len = htonl(1 + sizeof(u_int32_t) * 3 + this->key.len + data.len);
-	write(this->socket, &len, sizeof(len));
 	buf[0] = SSH_AGENT_SIGN_REQUEST;
-	write(this->socket, &buf, 1);
+	if (write(this->socket, &len, sizeof(len)) != sizeof(len) ||
+		write(this->socket, &buf, 1) != 1)
+	{
+		DBG1("writing to ssh-agent failed");
+		return FALSE;
+	}
 	
 	len = htonl(this->key.len);
-	write(this->socket, &len, sizeof(len));
-	write(this->socket, this->key.ptr, this->key.len);
+	if (write(this->socket, &len, sizeof(len)) != sizeof(len) ||
+		write(this->socket, this->key.ptr, this->key.len) != this->key.len)
+	{
+		DBG1("writing to ssh-agent failed");
+		return FALSE;
+	}
 	
 	len = htonl(data.len);
-	write(this->socket, &len, sizeof(len));
-	write(this->socket, data.ptr, data.len);
+	if (write(this->socket, &len, sizeof(len)) != sizeof(len) ||
+		write(this->socket, data.ptr, data.len) != data.len)
+	{
+		DBG1("writing to ssh-agent failed");
+		return FALSE;
+	}
 	
 	flags = htonl(0);
-	write(this->socket, &flags, sizeof(flags));
+	if (write(this->socket, &flags, sizeof(flags)) != sizeof(flags))
+	{
+		DBG1("writing to ssh-agent failed");
+		return FALSE;
+	}
 	
 	blob.len = read(this->socket, blob.ptr, blob.len);
 	if (blob.len < sizeof(u_int32_t) + sizeof(u_char) ||

src/libstrongswan/plugins/curl/curl_fetcher.c

@@ -123,7 +123,7 @@ static bool set_option(private_curl_fetcher_t *this, fetcher_option_t option, ..
 		case FETCH_REQUEST_DATA:
 		{
 			chunk_t data = va_arg(args, chunk_t);
-			curl_easy_setopt(this->curl, CURLOPT_POSTFIELDS, data.ptr);
+			curl_easy_setopt(this->curl, CURLOPT_POSTFIELDS, (char*)data.ptr);
 			curl_easy_setopt(this->curl, CURLOPT_POSTFIELDSIZE, data.len);
 			return TRUE;
 		}

src/libstrongswan/utils.h

@@ -95,6 +95,11 @@
  */
 #define countof(array) (sizeof(array)/sizeof(array[0]))
 
+/**
+ * Ignore result of functions tagged with warn_unused_result attributes
+ */
+#define ignore_result(call) { if(call); }
+
 /**
  * Assign a function as a class method
  */

src/pluto/ac.c

@@ -860,7 +860,7 @@ load_acerts(void)
 	}
     }
     /* restore directory path */
-    chdir(save_dir);
+    ignore_result(chdir(save_dir));
 }
 
 /*

src/pluto/ca.c

@@ -295,7 +295,7 @@ load_authcerts(const char *type, const char *path, u_char auth_flags)
 	}
     }
     /* restore directory path */
-    chdir(save_dir);
+    ignore_result(chdir(save_dir));
 }
 
 /*

src/pluto/crl.c

@@ -373,7 +373,7 @@ load_crls(void)
 	}
     }
     /* restore directory path */
-    chdir(save_dir);
+    ignore_result(chdir(save_dir));
 }
 
 /*

src/pluto/defs.c

@@ -249,6 +249,7 @@ write_chunk(const char *filename, const char *label, chunk_t ch
 {
     mode_t oldmask;
     FILE *fd;
+    size_t written;
 
     if (!force)
     {
@@ -268,8 +269,14 @@ write_chunk(const char *filename, const char *label, chunk_t ch
 
     if (fd)
     {
-	fwrite(ch.ptr, sizeof(u_char), ch.len, fd);
+	written = fwrite(ch.ptr, sizeof(u_char), ch.len, fd);
 	fclose(fd);
+	if (written != ch.len)
+	{
+	    plog("  writing to %s file '%s' failed", label, filename);
+	    umask(oldmask);
+	    return FALSE;
+	}
 	plog("  written %s file '%s' (%d bytes)", label, filename, (int)ch.len);
 	umask(oldmask);
 	return TRUE;

src/pluto/fetch.c

@@ -324,7 +324,7 @@ fetch_curl(char *url, chunk_t *blob)
 	curl_easy_setopt(curl, CURLOPT_URL, url);
 	curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_buffer);
 	curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&response);
-	curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, &errorbuffer);
+	curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errorbuffer);
 	curl_easy_setopt(curl, CURLOPT_FAILONERROR, TRUE);
 	curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, FETCH_CMD_TIMEOUT);
 
@@ -705,9 +705,9 @@ fetch_ocsp_status(ocsp_location_t* location)
 	curl_easy_setopt(curl, CURLOPT_URL, uri);
 	curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_buffer);
 	curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&response);
-	curl_easy_setopt(curl, CURLOPT_POSTFIELDS, request.ptr);
+	curl_easy_setopt(curl, CURLOPT_POSTFIELDS, (void*)request.ptr);
 	curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, request.len);
-	curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, &errorbuffer);
+	curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errorbuffer);
 	curl_easy_setopt(curl, CURLOPT_FAILONERROR, TRUE);
 	curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, FETCH_CMD_TIMEOUT);
 

src/scepclient/scep.c

@@ -522,7 +522,7 @@ scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op
 	    headers = curl_slist_append(headers, "Content-Type:");
 	    headers = curl_slist_append(headers, "Expect:");
 	    curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers); 
-	    curl_easy_setopt(curl, CURLOPT_POSTFIELDS, pkcs7.ptr);
+	    curl_easy_setopt(curl, CURLOPT_POSTFIELDS, (char*)pkcs7.ptr);
 	    curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, pkcs7.len);
 	}
     }

src/starter/invokepluto.c

@@ -215,7 +215,7 @@ starter_start_pluto (starter_config_t *cfg, bool no_fork)
 	_stop_requested = 0;
 
 	if (cfg->setup.prepluto)
-	    system(cfg->setup.prepluto);
+	    ignore_result(system(cfg->setup.prepluto));
 
 	pid = fork();
 	switch (pid)
@@ -258,7 +258,7 @@ starter_start_pluto (starter_config_t *cfg, bool no_fork)
 			DBG_log("pluto (%d) started", _pluto_pid)
 		    )
 		    if (cfg->setup.postpluto)
-			system(cfg->setup.postpluto);
+			ignore_result(system(cfg->setup.postpluto));
 		    return 0;
 		}
 	    }

src/starter/klips.c

@@ -36,7 +36,7 @@ starter_klips_init(void)
 	/* ipsec module makes the pf_key proc interface visible */
 	if (stat(PROC_MODULES, &stb) == 0)
 	{
-	    system("modprobe -qv ipsec");
+	    ignore_result(system("modprobe -qv ipsec"));
 	}
 
 	/* now test again */
@@ -50,9 +50,9 @@ starter_klips_init(void)
     }
     
     /* load crypto algorithm modules */
-    system("modprobe -qv ipsec_aes");
-    system("modprobe -qv ipsec_blowfish");
-	system("modprobe -qv ipsec_sha2");
+    ignore_result(system("modprobe -qv ipsec_aes"));
+    ignore_result(system("modprobe -qv ipsec_blowfish"));
+    ignore_result(system("modprobe -qv ipsec_sha2"));
 
     DBG(DBG_CONTROL,
 	DBG_log("Found KLIPS IPsec stack")
@@ -64,19 +64,19 @@ starter_klips_init(void)
 void
 starter_klips_cleanup(void)
 {
-	if (system("type eroute > /dev/null 2>&1") == 0)
-	{
-		system("spi --clear");
-        system("eroute --clear");
-	}
+    if (system("type eroute > /dev/null 2>&1") == 0)
+    {
+	ignore_result(system("spi --clear"));
+	ignore_result(system("eroute --clear"));
+    }
 	else if (system("type setkey > /dev/null 2>&1") == 0)
     {
-    	system("setkey -F");
-        system("setkey -FP");
+	ignore_result(system("setkey -F"));
+	ignore_result(system("setkey -FP"));
     }
     else
     {
-        plog("WARNING: cannot flush IPsec state/policy database");
+	plog("WARNING: cannot flush IPsec state/policy database");
     }
 }
 

src/starter/netkey.c

@@ -36,7 +36,7 @@ starter_netkey_init(void)
 	/* af_key module makes the netkey proc interface visible */
 	if (stat(PROC_MODULES, &stb) == 0)
 	{
-	    system("modprobe -qv af_key");
+	    ignore_result(system("modprobe -qv af_key"));
 	}
 
 	/* now test again */
@@ -52,11 +52,11 @@ starter_netkey_init(void)
     /* make sure that all required IPsec modules are loaded */
     if (stat(PROC_MODULES, &stb) == 0)
     {
-	system("modprobe -qv ah4");
-	system("modprobe -qv esp4");
-	system("modprobe -qv ipcomp");
-	system("modprobe -qv xfrm4_tunnel");
-	system("modprobe -qv xfrm_user");
+	ignore_result(system("modprobe -qv ah4"));
+	ignore_result(system("modprobe -qv esp4"));
+	ignore_result(system("modprobe -qv ipcomp"));
+	ignore_result(system("modprobe -qv xfrm4_tunnel"));
+	ignore_result(system("modprobe -qv xfrm_user"));
     }
 
     DBG(DBG_CONTROL,
@@ -70,13 +70,13 @@ starter_netkey_cleanup(void)
 {
     if (system("ip xfrm state > /dev/null 2>&1") == 0)
     {
-	system("ip xfrm state flush");
-	system("ip xfrm policy flush");
+	ignore_result(system("ip xfrm state flush"));
+	ignore_result(system("ip xfrm policy flush"));
     }
     else if (system("type setkey > /dev/null 2>&1") == 0)
     {
-	system("setkey -F");
-        system("setkey -FP");
+	ignore_result(system("setkey -F"));
+	ignore_result(system("setkey -FP"));
     }
     else
     {

src/starter/parser.l

@@ -23,6 +23,7 @@
 
 #define MAX_INCLUDE_DEPTH  20
 
+#define YY_NO_INPUT
 #define YY_NO_UNPUT
 extern void yyerror(const char *);
 extern int yylex (void);

src/starter/starter.c

@@ -180,7 +180,7 @@ static void generate_selfcert()
 #endif
 	    setegid(gid);
 	    seteuid(uid);
-	    system("ipsec scepclient --out pkcs1 --out cert-self --quiet");
+	    ignore_result(system("ipsec scepclient --out pkcs1 --out cert-self --quiet"));
 	    seteuid(0);
 	    setegid(0);
 
@@ -195,7 +195,7 @@ static void generate_selfcert()
 		fprintf(f, ": RSA myKey.der\n");
 		fclose(f);
 	    }
-	    chown(SECRETS_FILE, uid, gid);
+	    ignore_result(chown(SECRETS_FILE, uid, gid));
 	    umask(oldmask);
 	}
 }

src/whack/whack.c

@@ -1868,7 +1868,7 @@ main(int argc, char **argv)
 		    }
 
 		    le++;	/* include NL in line */
-		    write(1, ls, le - ls);
+		    ignore_result(write(1, ls, le - ls));
 
 		    /* figure out prefix number
 		     * and how it should affect our exit status