aboutsummaryrefslogtreecommitdiff
path: root/src/libstore
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstore')
-rw-r--r--src/libstore/binary-cache-store.cc7
-rw-r--r--src/libstore/build/local-derivation-goal.cc2
-rw-r--r--src/libstore/build/worker.cc4
-rw-r--r--src/libstore/crypto.cc18
-rw-r--r--src/libstore/daemon.cc9
-rw-r--r--src/libstore/filetransfer.cc15
-rw-r--r--src/libstore/local-store.cc2
7 files changed, 30 insertions, 27 deletions
diff --git a/src/libstore/binary-cache-store.cc b/src/libstore/binary-cache-store.cc
index 9b1e22bad..fc0569a66 100644
--- a/src/libstore/binary-cache-store.cc
+++ b/src/libstore/binary-cache-store.cc
@@ -3,17 +3,15 @@
#include "compression.hh"
#include "derivations.hh"
#include "fs-accessor.hh"
-#include "globals.hh"
#include "nar-info.hh"
#include "sync.hh"
#include "remote-fs-accessor.hh"
-#include "nar-info-disk-cache.hh"
+#include "nar-info-disk-cache.hh" // IWYU pragma: keep
#include "nar-accessor.hh"
#include "thread-pool.hh"
#include "signals.hh"
#include <chrono>
-#include <future>
#include <regex>
#include <fstream>
#include <sstream>
@@ -480,7 +478,8 @@ void BinaryCacheStore::addSignatures(const StorePath & storePath, const StringSe
when addSignatures() is called sequentially on a path, because
S3 might return an outdated cached version. */
- auto narInfo = make_ref<NarInfo>((NarInfo &) *queryPathInfo(storePath));
+ // downcast: BinaryCacheStore always returns NarInfo from queryPathInfoUncached, making it sound
+ auto narInfo = make_ref<NarInfo>(dynamic_cast<NarInfo const &>(*queryPathInfo(storePath)));
narInfo->sigs.insert(sigs.begin(), sigs.end());
diff --git a/src/libstore/build/local-derivation-goal.cc b/src/libstore/build/local-derivation-goal.cc
index 87a2ef4bc..c435a3c00 100644
--- a/src/libstore/build/local-derivation-goal.cc
+++ b/src/libstore/build/local-derivation-goal.cc
@@ -1226,7 +1226,7 @@ void LocalDerivationGoal::startDaemon()
socklen_t remoteAddrLen = sizeof(remoteAddr);
AutoCloseFD remote{accept(daemonSocket.get(),
- (struct sockaddr *) &remoteAddr, &remoteAddrLen)};
+ reinterpret_cast<struct sockaddr *>(&remoteAddr), &remoteAddrLen)};
if (!remote) {
if (errno == EINTR || errno == EAGAIN) continue;
if (errno == EINVAL || errno == ECONNABORTED) break;
diff --git a/src/libstore/build/worker.cc b/src/libstore/build/worker.cc
index 04f0575b1..135cfecf5 100644
--- a/src/libstore/build/worker.cc
+++ b/src/libstore/build/worker.cc
@@ -4,7 +4,7 @@
#include "drv-output-substitution-goal.hh"
#include "local-derivation-goal.hh"
#include "signals.hh"
-#include "hook-instance.hh"
+#include "hook-instance.hh" // IWYU pragma: keep
#include <poll.h>
@@ -529,7 +529,7 @@ void Worker::waitForInput()
} else {
printMsg(lvlVomit, "%1%: read %2% bytes",
goal->getName(), rd);
- std::string_view data((char *) buffer.data(), rd);
+ std::string_view data(reinterpret_cast<char *>(buffer.data()), rd);
j->lastOutput = after;
handleWorkResult(goal, goal->handleChildOutput(k, data));
}
diff --git a/src/libstore/crypto.cc b/src/libstore/crypto.cc
index 2e0fd8ca5..e8ab15537 100644
--- a/src/libstore/crypto.cc
+++ b/src/libstore/crypto.cc
@@ -44,16 +44,16 @@ std::string SecretKey::signDetached(std::string_view data) const
{
unsigned char sig[crypto_sign_BYTES];
unsigned long long sigLen;
- crypto_sign_detached(sig, &sigLen, (unsigned char *) data.data(), data.size(),
- (unsigned char *) key.data());
- return name + ":" + base64Encode(std::string((char *) sig, sigLen));
+ crypto_sign_detached(sig, &sigLen, reinterpret_cast<const unsigned char *>(data.data()), data.size(),
+ reinterpret_cast<const unsigned char *>(key.data()));
+ return name + ":" + base64Encode(std::string(reinterpret_cast<char *>(sig), sigLen));
}
PublicKey SecretKey::toPublicKey() const
{
unsigned char pk[crypto_sign_PUBLICKEYBYTES];
- crypto_sign_ed25519_sk_to_pk(pk, (unsigned char *) key.data());
- return PublicKey(name, std::string((char *) pk, crypto_sign_PUBLICKEYBYTES));
+ crypto_sign_ed25519_sk_to_pk(pk, reinterpret_cast<const unsigned char *>(key.data()));
+ return PublicKey(name, std::string(reinterpret_cast<char *>(pk), crypto_sign_PUBLICKEYBYTES));
}
SecretKey SecretKey::generate(std::string_view name)
@@ -63,7 +63,7 @@ SecretKey SecretKey::generate(std::string_view name)
if (crypto_sign_keypair(pk, sk) != 0)
throw Error("key generation failed");
- return SecretKey(name, std::string((char *) sk, crypto_sign_SECRETKEYBYTES));
+ return SecretKey(name, std::string(reinterpret_cast<char *>(sk), crypto_sign_SECRETKEYBYTES));
}
PublicKey::PublicKey(std::string_view s)
@@ -85,9 +85,9 @@ bool verifyDetached(const std::string & data, const std::string & sig,
if (sig2.size() != crypto_sign_BYTES)
throw Error("signature is not valid");
- return crypto_sign_verify_detached((unsigned char *) sig2.data(),
- (unsigned char *) data.data(), data.size(),
- (unsigned char *) key->second.key.data()) == 0;
+ return crypto_sign_verify_detached(reinterpret_cast<unsigned char *>(sig2.data()),
+ reinterpret_cast<const unsigned char *>(data.data()), data.size(),
+ reinterpret_cast<const unsigned char *>(key->second.key.data())) == 0;
}
PublicKeys getDefaultPublicKeys()
diff --git a/src/libstore/daemon.cc b/src/libstore/daemon.cc
index aada43253..5ac9cd2ef 100644
--- a/src/libstore/daemon.cc
+++ b/src/libstore/daemon.cc
@@ -453,7 +453,11 @@ static void performOp(TunnelLogger * logger, ref<Store> store,
hashAlgo = parseHashType(hashAlgoRaw);
}
- GeneratorSource dumpSource{[&]() -> WireFormatGenerator {
+ // Note to future maintainers: do *not* inline this into the
+ // generator statement as the lambda itself needs to live to the
+ // end of the generator's lifetime and is otherwise a UAF.
+ // NOLINTNEXTLINE(cppcoreguidelines-avoid-capturing-lambda-coroutines): does not outlive the outer function
+ auto g = [&]() -> WireFormatGenerator {
if (method == FileIngestionMethod::Recursive) {
/* We parse the NAR dump through into `saved` unmodified,
so why all this extra work? We still parse the NAR so
@@ -489,7 +493,8 @@ static void performOp(TunnelLogger * logger, ref<Store> store,
}
co_yield std::move(file->contents);
}
- }()};
+ };
+ GeneratorSource dumpSource{g()};
logger->startWork();
auto path = store->addToStoreFromDump(dumpSource, baseName, method, hashAlgo);
logger->stopWork();
diff --git a/src/libstore/filetransfer.cc b/src/libstore/filetransfer.cc
index 9cb805444..11c8a755c 100644
--- a/src/libstore/filetransfer.cc
+++ b/src/libstore/filetransfer.cc
@@ -5,7 +5,6 @@
#include "s3.hh"
#include "signals.hh"
#include "compression.hh"
-#include "finally.hh"
#if ENABLE_S3
#include <aws/core/client/ClientConfiguration.h>
@@ -143,9 +142,9 @@ struct curlFileTransfer : public FileTransfer
if (successfulStatuses.count(getHTTPStatus()) && this->dataCallback) {
writtenToSink += realSize;
- dataCallback(*this, {(const char *) contents, realSize});
+ dataCallback(*this, {static_cast<const char *>(contents), realSize});
} else {
- this->result.data.append((const char *) contents, realSize);
+ this->result.data.append(static_cast<const char *>(contents), realSize);
}
return realSize;
@@ -157,13 +156,13 @@ struct curlFileTransfer : public FileTransfer
static size_t writeCallbackWrapper(void * contents, size_t size, size_t nmemb, void * userp)
{
- return ((TransferItem *) userp)->writeCallback(contents, size, nmemb);
+ return static_cast<TransferItem *>(userp)->writeCallback(contents, size, nmemb);
}
size_t headerCallback(void * contents, size_t size, size_t nmemb)
{
size_t realSize = size * nmemb;
- std::string line((char *) contents, realSize);
+ std::string line(static_cast<char *>(contents), realSize);
printMsg(lvlVomit, "got header for '%s': %s", request.uri, trim(line));
static std::regex statusLine("HTTP/[^ ]+ +[0-9]+(.*)", std::regex::extended | std::regex::icase);
@@ -204,7 +203,7 @@ struct curlFileTransfer : public FileTransfer
static size_t headerCallbackWrapper(void * contents, size_t size, size_t nmemb, void * userp)
{
- return ((TransferItem *) userp)->headerCallback(contents, size, nmemb);
+ return static_cast<TransferItem *>(userp)->headerCallback(contents, size, nmemb);
}
int progressCallback(double dltotal, double dlnow)
@@ -219,7 +218,7 @@ struct curlFileTransfer : public FileTransfer
static int progressCallbackWrapper(void * userp, double dltotal, double dlnow, double ultotal, double ulnow)
{
- return ((TransferItem *) userp)->progressCallback(dltotal, dlnow);
+ return static_cast<TransferItem *>(userp)->progressCallback(dltotal, dlnow);
}
static int debugCallback(CURL * handle, curl_infotype type, char * data, size_t size, void * userptr)
@@ -246,7 +245,7 @@ struct curlFileTransfer : public FileTransfer
static size_t readCallbackWrapper(char *buffer, size_t size, size_t nitems, void * userp)
{
- return ((TransferItem *) userp)->readCallback(buffer, size, nitems);
+ return static_cast<TransferItem *>(userp)->readCallback(buffer, size, nitems);
}
void init()
diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc
index 8ea335551..af9c4ace1 100644
--- a/src/libstore/local-store.cc
+++ b/src/libstore/local-store.cc
@@ -1318,7 +1318,7 @@ StorePath LocalStore::addToStoreFromDump(Source & source0, std::string_view name
auto *toRealloc = dumpBuffer.release();
if (auto realloced = realloc(toRealloc, oldSize + want)) {
- dumpBuffer.reset((char*) realloced);
+ dumpBuffer.reset(static_cast<char *>(realloced));
} else {
free(toRealloc);
throw std::bad_alloc();
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 19:43:44 +0000