Massive constification + solve an alignment issue by using a union.

Approved by:	re (blanket)

1 files changed, 63 insertions, 66 deletions

diff --git a/contrib/unbound/smallapp/unbound-anchor.c b/contrib/unbound/smallapp/unbound-anchor.c
index ef0031c..eeb7682 100644
--- a/contrib/unbound/smallapp/unbound-anchor.c
+++ b/contrib/unbound/smallapp/unbound-anchor.c
@@ -244,7 +244,7 @@ get_builtin_ds(void)
 
 /** print hex data */
 static void
-print_data(char* msg, char* data, int len)
+print_data(const char* msg, const char* data, int len)
 {
 	int i;
 	printf("%s: ", msg);
@@ -268,8 +268,8 @@ ub_ctx_error_exit(struct ub_ctx* ctx, const char* str, const char* str2)
  * Create a new unbound context with the commandline settings applied
  */
 static struct ub_ctx* 
-create_unbound_context(char* res_conf, char* root_hints, char* debugconf,
-        int ip4only, int ip6only)
+create_unbound_context(const char* res_conf, const char* root_hints,
+	const char* debugconf, int ip4only, int ip6only)
 {
 	int r;
 	struct ub_ctx* ctx = ub_ctx_create();
@@ -306,7 +306,7 @@ create_unbound_context(char* res_conf, char* root_hints, char* debugconf,
 
 /** printout certificate in detail */
 static void
-verb_cert(char* msg, X509* x)
+verb_cert(const char* msg, X509* x)
 {
 	if(verb == 0 || verb == 1) return;
 	if(verb == 2) {
@@ -322,7 +322,7 @@ verb_cert(char* msg, X509* x)
 
 /** printout certificates in detail */
 static void
-verb_certs(char* msg, STACK_OF(X509)* sk)
+verb_certs(const char* msg, STACK_OF(X509)* sk)
 {
 	int i, num = sk_X509_num(sk);
 	if(verb == 0 || verb == 1) return;
@@ -360,7 +360,7 @@ read_cert_bio(BIO* bio)
 
 /* read the certificate file */
 static STACK_OF(X509)*
-read_cert_file(char* file)
+read_cert_file(const char* file)
 {
 	STACK_OF(X509)* sk;
 	FILE* in;
@@ -435,7 +435,7 @@ read_builtin_cert(void)
 
 /** read update cert file or use builtin */
 static STACK_OF(X509)*
-read_cert_or_builtin(char* file)
+read_cert_or_builtin(const char* file)
 {
 	STACK_OF(X509) *sk = read_cert_file(file);
 	if(!sk) {
@@ -459,7 +459,7 @@ do_list_builtin(void)
 
 /** printout IP address with message */
 static void
-verb_addr(char* msg, struct ip_list* ip)
+verb_addr(const char* msg, struct ip_list* ip)
 {
 	if(verb) {
 		char out[100];
@@ -526,7 +526,7 @@ RR_to_ip(int tp, char* data, int len, int port)
 
 /** Resolve name, type, class and add addresses to iplist */
 static void
-resolve_host_ip(struct ub_ctx* ctx, char* host, int port, int tp, int cl,
+resolve_host_ip(struct ub_ctx* ctx, const char* host, int port, int tp, int cl,
 	struct ip_list** head)
 {
 	struct ub_result* res = NULL;
@@ -561,29 +561,27 @@ resolve_host_ip(struct ub_ctx* ctx, char* host, int port, int tp, int cl,
 
 /** parse a text IP address into a sockaddr */
 static struct ip_list*
-parse_ip_addr(char* str, int port)
+parse_ip_addr(const char* str, int port)
 {
 	socklen_t len = 0;
-	struct sockaddr_storage* addr = NULL;
-	struct sockaddr_in6 a6;
-	struct sockaddr_in a;
+	union {
+		struct sockaddr_in6 a6;
+		struct sockaddr_in a;
+	} addr;
 	struct ip_list* ip;
 	uint16_t p = (uint16_t)port;
-	memset(&a6, 0, sizeof(a6));
-	memset(&a, 0, sizeof(a));
+	memset(&addr, 0, sizeof(addr));
 
-	if(inet_pton(AF_INET6, str, &a6.sin6_addr) > 0) {
+	if(inet_pton(AF_INET6, str, &addr.a6.sin6_addr) > 0) {
 		/* it is an IPv6 */
-		a6.sin6_family = AF_INET6;
-		a6.sin6_port = (in_port_t)htons(p);
-		addr = (struct sockaddr_storage*)&a6;
-		len = (socklen_t)sizeof(struct sockaddr_in6);
+		addr.a6.sin6_family = AF_INET6;
+		addr.a6.sin6_port = (in_port_t)htons(p);
+		len = (socklen_t)sizeof(addr.a6);
 	}
-	if(inet_pton(AF_INET, str, &a.sin_addr) > 0) {
+	if(inet_pton(AF_INET, str, &addr.a.sin_addr) > 0) {
 		/* it is an IPv4 */
-		a.sin_family = AF_INET;
-		a.sin_port = (in_port_t)htons(p);
-		addr = (struct sockaddr_storage*)&a;
+		addr.a.sin_family = AF_INET;
+		addr.a.sin_port = (in_port_t)htons(p);
 		len = (socklen_t)sizeof(struct sockaddr_in);
 	}
 	if(!len) return NULL;
@@ -593,7 +591,7 @@ parse_ip_addr(char* str, int port)
 		exit(0);
 	}
 	ip->len = len;
-	memmove(&ip->addr, addr, len);
+	memmove(&ip->addr, &addr, len);
 	if(verb) printf("server address is %s\n", str);
 	return ip;
 }
@@ -613,8 +611,8 @@ parse_ip_addr(char* str, int port)
  * @return list of IP addresses.
  */
 static struct ip_list*
-resolve_name(char* host, int port, char* res_conf, char* root_hints,
-	char* debugconf, int ip4only, int ip6only)
+resolve_name(const char* host, int port, const char* res_conf,
+	const char* root_hints, const char* debugconf, int ip4only, int ip6only)
 {
 	struct ub_ctx* ctx;
 	struct ip_list* list = NULL;
@@ -801,7 +799,7 @@ TLS_shutdown(int fd, SSL* ssl, SSL_CTX* sslctx)
 
 /** write a line over SSL */
 static int
-write_ssl_line(SSL* ssl, char* str, char* sec)
+write_ssl_line(SSL* ssl, const char* str, const char* sec)
 {
 	char buf[1024];
 	size_t l;
@@ -1020,7 +1018,7 @@ do_chunked_read(SSL* ssl)
 
 /** start HTTP1.1 transaction on SSL */
 static int
-write_http_get(SSL* ssl, char* pathname, char* urlname)
+write_http_get(SSL* ssl, const char* pathname, const char* urlname)
 {
 	if(write_ssl_line(ssl, "GET /%s HTTP/1.1", pathname) &&
 	   write_ssl_line(ssl, "Host: %s", urlname) &&
@@ -1091,7 +1089,7 @@ read_http_result(SSL* ssl)
 
 /** https to an IP addr, return BIO with pathname or NULL */
 static BIO*
-https_to_ip(struct ip_list* ip, char* pathname, char* urlname)
+https_to_ip(struct ip_list* ip, const char* pathname, const char* urlname)
 {
 	int fd;
 	SSL* ssl;
@@ -1131,7 +1129,7 @@ https_to_ip(struct ip_list* ip, char* pathname, char* urlname)
  * @return a memory BIO with the file in it.
  */
 static BIO*
-https(struct ip_list* ip_list, char* pathname, char* urlname)
+https(struct ip_list* ip_list, const char* pathname, const char* urlname)
 {
 	struct ip_list* ip;
 	BIO* bio = NULL;
@@ -1213,7 +1211,7 @@ xml_selectbio(struct xml_data* data, const char* tag)
  * 	NOT zero terminated.
  * @param len: length of this part of the data.
  */
-void
+static void
 xml_charhandle(void *userData, const XML_Char *s, int len)
 {
 	struct xml_data* data = (struct xml_data*)userData;
@@ -1256,7 +1254,7 @@ xml_charhandle(void *userData, const XML_Char *s, int len)
  * @return the value or NULL. (ptr into atts).
  */
 static const XML_Char*
-find_att(const XML_Char **atts, XML_Char* name)
+find_att(const XML_Char **atts, const XML_Char* name)
 {
 	int i;
 	for(i=0; atts[i]; i+=2) {
@@ -1370,7 +1368,7 @@ handle_keydigest(struct xml_data* data, const XML_Char **atts)
 
 /** See if XML element equals the zone name */
 static int
-xml_is_zone_name(BIO* zone, char* name)
+xml_is_zone_name(BIO* zone, const char* name)
 {
 	char buf[1024];
 	char* z = NULL;
@@ -1602,8 +1600,6 @@ xml_parse(BIO* xml, time_t now)
 	XML_ParserFree(parser);
 
 	if(verb >= 4) {
-		char* pp = NULL;
-		int len;
 		(void)BIO_seek(data.ds, 0);
 		len = BIO_get_mem_data(data.ds, &pp);
 		printf("got DS bio %d: '", len);
@@ -1646,7 +1642,7 @@ get_usage_of_ex(X509* cert)
 
 /** get valid signers from the list of signers in the signature */
 static STACK_OF(X509)*
-get_valid_signers(PKCS7* p7, char* p7signer)
+get_valid_signers(PKCS7* p7, const char* p7signer)
 {
 	int i;
 	STACK_OF(X509)* validsigners = sk_X509_new_null();
@@ -1729,7 +1725,7 @@ get_valid_signers(PKCS7* p7, char* p7signer)
 
 /** verify a PKCS7 signature, false on failure */
 static int
-verify_p7sig(BIO* data, BIO* p7s, STACK_OF(X509)* trust, char* p7signer)
+verify_p7sig(BIO* data, BIO* p7s, STACK_OF(X509)* trust, const char* p7signer)
 {
 	PKCS7* p7;
 	X509_STORE *store = X509_STORE_new();
@@ -1807,7 +1803,7 @@ verify_p7sig(BIO* data, BIO* p7s, STACK_OF(X509)* trust, char* p7signer)
 
 /** write unsigned root anchor file, a 5011 revoked tp */
 static void
-write_unsigned_root(char* root_anchor_file)
+write_unsigned_root(const char* root_anchor_file)
 {
 	FILE* out;
 	time_t now = time(NULL);
@@ -1833,7 +1829,7 @@ write_unsigned_root(char* root_anchor_file)
 
 /** write root anchor file */
 static void
-write_root_anchor(char* root_anchor_file, BIO* ds)
+write_root_anchor(const char* root_anchor_file, BIO* ds)
 {
 	char* pp = NULL;
 	int len;
@@ -1859,8 +1855,8 @@ write_root_anchor(char* root_anchor_file, BIO* ds)
 
 /** Perform the verification and update of the trustanchor file */
 static void
-verify_and_update_anchor(char* root_anchor_file, BIO* xml, BIO* p7s,
-	STACK_OF(X509)* cert, char* p7signer)
+verify_and_update_anchor(const char* root_anchor_file, BIO* xml, BIO* p7s,
+	STACK_OF(X509)* cert, const char* p7signer)
 {
 	BIO* ds;
 
@@ -1888,10 +1884,11 @@ static void do_wsa_cleanup(void) { WSACleanup(); }
 
 /** perform actual certupdate work */
 static int
-do_certupdate(char* root_anchor_file, char* root_cert_file,
-	char* urlname, char* xmlname, char* p7sname, char* p7signer,
-	char* res_conf, char* root_hints, char* debugconf,
-	int ip4only, int ip6only, int port, struct ub_result* dnskey)
+do_certupdate(const char* root_anchor_file, const char* root_cert_file,
+	const char* urlname, const char* xmlname, const char* p7sname,
+	const char* p7signer, const char* res_conf, const char* root_hints,
+	const char* debugconf, int ip4only, int ip6only, int port,
+	struct ub_result* dnskey)
 {
 	STACK_OF(X509)* cert;
 	BIO *xml, *p7s;
@@ -1945,7 +1942,7 @@ do_certupdate(char* root_anchor_file, char* root_cert_file,
  * 	2 if it is OK.
  */
 static int
-try_read_anchor(char* file)
+try_read_anchor(const char* file)
 {
 	int empty = 1;
 	char line[10240];
@@ -1989,7 +1986,7 @@ try_read_anchor(char* file)
 
 /** Write the builtin root anchor to a file */
 static void
-write_builtin_anchor(char* file)
+write_builtin_anchor(const char* file)
 {
 	const char* builtin_root_anchor = get_builtin_ds();
 	FILE* out = fopen(file, "w");
@@ -2015,7 +2012,7 @@ write_builtin_anchor(char* file)
  * @return 0 if trustpoint is insecure, 1 on success.  Exit on failure.
  */
 static int
-provide_builtin(char* root_anchor_file, int* used_builtin)
+provide_builtin(const char* root_anchor_file, int* used_builtin)
 {
 	/* try to read it */
 	switch(try_read_anchor(root_anchor_file))
@@ -2037,7 +2034,7 @@ provide_builtin(char* root_anchor_file, int* used_builtin)
  * add an autotrust anchor for the root to the context
  */
 static void
-add_5011_probe_root(struct ub_ctx* ctx, char* root_anchor_file)
+add_5011_probe_root(struct ub_ctx* ctx, const char* root_anchor_file)
 {
 	int r;
 	r = ub_ctx_set_option(ctx, "auto-trust-anchor-file:", root_anchor_file);
@@ -2074,7 +2071,7 @@ prime_root_key(struct ub_ctx* ctx)
 
 /** see if ADDPEND keys exist in autotrust file (if possible) */
 static int
-read_if_pending_keys(char* file)
+read_if_pending_keys(const char* file)
 {
 	FILE* in = fopen(file, "r");
 	char line[8192];
@@ -2096,7 +2093,7 @@ read_if_pending_keys(char* file)
 
 /** read last successful probe time from autotrust file (if possible) */
 static int32_t
-read_last_success_time(char* file)
+read_last_success_time(const char* file)
 {
 	FILE* in = fopen(file, "r");
 	char line[1024];
@@ -2133,7 +2130,7 @@ read_last_success_time(char* file)
  * @return true if certupdate is ok.
  */
 static int
-probe_date_allows_certupdate(char* root_anchor_file)
+probe_date_allows_certupdate(const char* root_anchor_file)
 {
 	int has_pending_keys = read_if_pending_keys(root_anchor_file);
 	int32_t last_success = read_last_success_time(root_anchor_file);
@@ -2171,10 +2168,10 @@ probe_date_allows_certupdate(char* root_anchor_file)
 
 /** perform the unbound-anchor work */
 static int
-do_root_update_work(char* root_anchor_file, char* root_cert_file,
-	char* urlname, char* xmlname, char* p7sname, char* p7signer,
-	char* res_conf, char* root_hints, char* debugconf,
-	int ip4only, int ip6only, int force, int port)
+do_root_update_work(const char* root_anchor_file, const char* root_cert_file,
+	const char* urlname, const char* xmlname, const char* p7sname,
+	const char* p7signer, const char* res_conf, const char* root_hints,
+	const char* debugconf, int ip4only, int ip6only, int force, int port)
 {
 	struct ub_ctx* ctx;
 	struct ub_result* dnskey;
@@ -2224,15 +2221,15 @@ extern char* optarg;
 int main(int argc, char* argv[])
 {
 	int c;
-	char* root_anchor_file = ROOT_ANCHOR_FILE;
-	char* root_cert_file = ROOT_CERT_FILE;
-	char* urlname = URLNAME;
-	char* xmlname = XMLNAME;
-	char* p7sname = P7SNAME;
-	char* p7signer = P7SIGNER;
-	char* res_conf = NULL;
-	char* root_hints = NULL;
-	char* debugconf = NULL;
+	const char* root_anchor_file = ROOT_ANCHOR_FILE;
+	const char* root_cert_file = ROOT_CERT_FILE;
+	const char* urlname = URLNAME;
+	const char* xmlname = XMLNAME;
+	const char* p7sname = P7SNAME;
+	const char* p7signer = P7SIGNER;
+	const char* res_conf = NULL;
+	const char* root_hints = NULL;
+	const char* debugconf = NULL;
 	int dolist=0, ip4only=0, ip6only=0, force=0, port = HTTPS_PORT;
 	/* parse the options */
 	while( (c=getopt(argc, argv, "46C:FP:a:c:f:hln:r:s:u:vx:")) != -1) {