Hardened C

It's not Rust, but. We can maximize our compiler warnings I guess. Signed-off-by: Eric Curtin <[email protected]>
slp · Apr 20, 2024 · 194b804 · 194b804
1 parent 01ae759
commit 194b804
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 9 deletions.
diff --git a/Makefile b/Makefile
@@ -10,10 +10,10 @@ endif
 all: krun krun-guest
 
 krun: krun.c
-	gcc -o $@ $< $(CFLAGS) $(LDFLAGS)
+	gcc -Wall -Wextra -pedantic -Wno-parentheses -o $@ $< $(CFLAGS) $(LDFLAGS)
 
 krun-guest: krun-guest.c
-	gcc -o $@ $< $(CFLAGS) $(LDFLAGS)
+	gcc -Wall -Wextra -pedantic -Wno-parentheses -o $@ $< $(CFLAGS) $(LDFLAGS)
 
 clean:
 	rm -rf krun krun-guest

diff --git a/krun-guest.c b/krun-guest.c
@@ -66,6 +66,11 @@ static int mount_filesystems()
     return 0;
 }
 
+static size_t strlen_u(const unsigned char* c)
+{
+    return strlen((const char*) c);
+}
+
 static void setup_fex()
 {
     int ret;
@@ -84,13 +89,13 @@ static void setup_fex()
         return;
     }
 
-    ret = write(fd, &fex_x86_magic[0], strlen(&fex_x86_magic[0]));
+    ret = write(fd, &fex_x86_magic[0], strlen_u(&fex_x86_magic[0]));
     if (ret < 0) {
         perror("registering fex x86 magic");
         return;
     }
 
-    ret = write(fd, &fex_x86_64_magic[0], strlen(&fex_x86_64_magic[0]));
+    ret = write(fd, &fex_x86_64_magic[0], strlen_u(&fex_x86_64_magic[0]));
     if (ret < 0) {
         perror("registering fex x86_64 magic");
         return;
@@ -272,7 +277,7 @@ int main(int argc, char **argv)
 
     if (mount_filesystems() < 0) {
         printf("Couldn't mount filesystems, bailing out\n");
-        exit(-2);
+        return -2;
     }
 
     setup_fex();
@@ -281,7 +286,7 @@ int main(int argc, char **argv)
 
     if (setup_user(username, uid, gid) < 0) {
         printf("Couldn't set up user, bailing out\n");
-        (exit -3);
+        return -3;
     }
 
     // Will not return if successful.
@@ -291,7 +296,7 @@ int main(int argc, char **argv)
     exec_argv = &argv[4];
     if (execvp(exec_argv[0], exec_argv) < 0) {
         printf("Couldn't execute '%s' inside the vm: %s\n", exec_argv[0], strerror(errno));
-        exit(-4);
+        return -4;
     }
 
     return 0;

diff --git a/krun.c b/krun.c
@@ -128,7 +128,7 @@ int connect_to_passt()
     return socket_fd;
 }
 
-int start_passt()
+int start_passt(void)
 {
     int socket_fds[2];
     const int PARENT = 0;
@@ -167,14 +167,16 @@ int start_passt()
 
         return socket_fds[PARENT];
     }
+
+    // Was returning nothing in this case, undefined behaviour
+    return -2;
 }
 
 
 int main(int argc, char *const argv[])
 {
     int ctx_id;
     int err;
-    int i;
     char path[PATH_MAX];
     char *username;
     char *const empty_envp[] = { 0 };