From: Dimitri Papadopoulos Orfanos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
Date: Thu, 18 Sep 2025 22:28:02 +0000 (+0200)
Subject: Manual fixes based on clang static analysis
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=197c0cc0fcecb11efacd98da57bbd0bd637fd9ff;p=users%2Fdwmw2%2Fopenconnect.git

Manual fixes based on clang static analysis

Signed-off-by: Dimitri Papadopoulos Orfanos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
---

diff --git a/auth-juniper.c b/auth-juniper.c
index 814412cd..009b0f09 100644
--- a/auth-juniper.c
+++ b/auth-juniper.c
@@ -145,7 +145,7 @@ static int check_cookie_success(struct openconnect_info *vpninfo)
 	if (!dsid)
 		return -ENOENT;
 
-	if (vpninfo->tncc_fd != -1) {
+	if (vpninfo->tncc_fd >= 0) {
 		/* update TNCC once we get a DSID cookie */
 		oncp_send_tncc_command(vpninfo, 0);
 	}
diff --git a/dtls.c b/dtls.c
index 427109e8..2e723f2a 100644
--- a/dtls.c
+++ b/dtls.c
@@ -101,7 +101,7 @@ static int connect_dtls_socket(struct openconnect_info *vpninfo, int *timeout)
 	int dtls_fd, ret;
 
 	/* Sanity check for the removal of new_dtls_{fd,ssl} */
-	if (vpninfo->dtls_fd != -1) {
+	if (vpninfo->dtls_fd >= 0) {
 		vpn_progress(vpninfo, PRG_ERR, _("DTLS connection attempted with an existing fd\n"));
 		vpninfo->dtls_attempt_period = 0;
 		return -EINVAL;
diff --git a/esp.c b/esp.c
index 33f58649..6407e59f 100644
--- a/esp.c
+++ b/esp.c
@@ -144,7 +144,7 @@ int esp_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable)
 	   reserve some extra space to handle that */
 	int receive_mtu = MAX(2048, vpninfo->ip_info.mtu + 256);
 
-	while (readable && vpninfo->dtls_fd != -1) {
+	while (readable && vpninfo->dtls_fd >= 0) {
 		int len = receive_mtu + vpninfo->pkt_trailer;
 		int i;
 		struct pkt *pkt;
diff --git a/library.c b/library.c
index 5185f035..b5e74e9b 100644
--- a/library.c
+++ b/library.c
@@ -773,9 +773,9 @@ void openconnect_vpninfo_free(struct openconnect_info *vpninfo)
 	openconnect_close_https(vpninfo, 1);
 	if (vpninfo->proto->udp_shutdown)
 		vpninfo->proto->udp_shutdown(vpninfo);
-	if (vpninfo->tncc_fd != -1)
+	if (vpninfo->tncc_fd >= 0)
 		closesocket(vpninfo->tncc_fd);
-	if (vpninfo->cmd_fd_write != -1) {
+	if (vpninfo->cmd_fd_write >= 0) {
 		closesocket(vpninfo->cmd_fd);
 		closesocket(vpninfo->cmd_fd_write);
 	}
diff --git a/main.c b/main.c
index 4fb6818f..6c21796b 100644
--- a/main.c
+++ b/main.c
@@ -1688,7 +1688,7 @@ static void print_connection_stats(void *_vpninfo, const struct oc_stats *stats)
 		     _("RX: %"PRIu64" packets (%"PRIu64" B); TX: %"PRIu64" packets (%"PRIu64" B)\n"),
 		       stats->rx_pkts, stats->rx_bytes, stats->tx_pkts, stats->tx_bytes);
 
-	if (vpninfo->ssl_fd != -1)
+	if (vpninfo->ssl_fd >= 0)
 		vpn_progress(vpninfo, PRG_INFO, _("SSL ciphersuite: %s\n"), openconnect_get_cstp_cipher(vpninfo));
 	if (vpninfo->dtls_state == DTLS_CONNECTED)
 		vpn_progress(vpninfo, PRG_INFO, _("%s ciphersuite: %s\n"),
diff --git a/mainloop.c b/mainloop.c
index 32bddcda..f4babc7c 100644
--- a/mainloop.c
+++ b/mainloop.c
@@ -176,7 +176,7 @@ int openconnect_mainloop(struct openconnect_info *vpninfo,
 	vpninfo->reconnect_timeout = reconnect_timeout;
 	vpninfo->reconnect_interval = reconnect_interval;
 
-	if (vpninfo->cmd_fd != -1) {
+	if (vpninfo->cmd_fd >= 0) {
 		monitor_fd_new(vpninfo, cmd);
 		monitor_read_fd(vpninfo, cmd);
 	}
@@ -234,7 +234,7 @@ int openconnect_mainloop(struct openconnect_info *vpninfo,
 			while ((this = dequeue_packet(&vpninfo->incoming_queue)))
 				free_pkt(vpninfo, this);
 #ifdef HAVE_VHOST
-		} else if (vpninfo->vhost_fd != -1) {
+		} else if (vpninfo->vhost_fd >= 0) {
 			did_work += vhost_tun_mainloop(vpninfo, &timeout, vhost_r, did_work);
 			/* If it returns zero *then* it will have read the eventfd
 			 * and there's no need to do so again until we poll again. */
diff --git a/ppp.c b/ppp.c
index e01ed719..f121d089 100644
--- a/ppp.c
+++ b/ppp.c
@@ -1568,7 +1568,7 @@ int ppp_tcp_mainloop(struct openconnect_info *vpninfo, int *timeout, int readabl
 	/* If we're still attempting DTLS, do nothing yet. */
 	switch (vpninfo->dtls_state) {
 	case DTLS_ESTABLISHED:
-		if (vpninfo->ssl_fd != -1) {
+		if (vpninfo->ssl_fd >= 0) {
 			openconnect_close_https(vpninfo, 0); /* don't keep stale HTTPS socket */
 			vpn_progress(vpninfo, PRG_INFO,
 				     _("DTLS tunnel connected; exiting HTTPS mainloop.\n"));
@@ -1615,7 +1615,7 @@ int ppp_tcp_mainloop(struct openconnect_info *vpninfo, int *timeout, int readabl
 		 * gets invoked. When f5_connect() actually establishes the tunnel,
 		 * it does so to start the PPP state machine for the TCP connection.
 		 */
-		if (vpninfo->ssl_fd != -1 && vpninfo->ppp->ppp_state != PPPS_DEAD)
+		if (vpninfo->ssl_fd >= 0 && vpninfo->ppp->ppp_state != PPPS_DEAD)
 			return ppp_mainloop(vpninfo, 0, &vpninfo->ssl_times, timeout, readable);
 
 		/* This will call *back* into the protocol's ->tcp_connect()
diff --git a/pulse.c b/pulse.c
index e8dd9b7c..6d09bdc4 100644
--- a/pulse.c
+++ b/pulse.c
@@ -3146,7 +3146,7 @@ int pulse_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable)
 int pulse_bye(struct openconnect_info *vpninfo, const char *reason)
 {
 	int ret = -1;
-	if (vpninfo->ssl_fd != -1) {
+	if (vpninfo->ssl_fd >= 0) {
 		struct oc_text_buf *buf = buf_alloc();
 		buf_append_ift_hdr(buf, VENDOR_JUNIPER, 0x89);
 		if (!buf_error(buf))
diff --git a/ssl.c b/ssl.c
index a3db7869..b64c8979 100644
--- a/ssl.c
+++ b/ssl.c
@@ -867,7 +867,7 @@ int keystore_fetch(const char *key, unsigned char **result)
 
 void cmd_fd_set(struct openconnect_info *vpninfo, fd_set *fds, int *maxfd)
 {
-	if (vpninfo->cmd_fd != -1) {
+	if (vpninfo->cmd_fd >= 0) {
 		FD_SET(vpninfo->cmd_fd, fds);
 		if (vpninfo->cmd_fd > *maxfd)
 			*maxfd = vpninfo->cmd_fd;
diff --git a/tun.c b/tun.c
index 7cd977d5..234f980d 100644
--- a/tun.c
+++ b/tun.c
@@ -442,7 +442,7 @@ int openconnect_setup_tun_fd(struct openconnect_info *vpninfo, int tun_fd)
 {
 	set_fd_cloexec(tun_fd);
 
-	if (vpninfo->tun_fd != -1)
+	if (vpninfo->tun_fd >= 0)
 		unmonitor_fd(vpninfo, tun);
 
 	vpninfo->tun_fd = tun_fd;
@@ -580,7 +580,7 @@ void os_shutdown_tun(struct openconnect_info *vpninfo)
 #ifdef __sun__
 		close(vpninfo->ip_fd);
 		vpninfo->ip_fd = -1;
-		if (vpninfo->ip6_fd != -1) {
+		if (vpninfo->ip6_fd >= 0) {
 			close(vpninfo->ip6_fd);
 			vpninfo->ip6_fd = -1;
 		}
diff --git a/vhost.c b/vhost.c
index 408010bd..ae19c3f8 100644
--- a/vhost.c
+++ b/vhost.c
@@ -383,11 +383,11 @@ static void free_vring(struct openconnect_info *vpninfo,
 
 void shutdown_vhost(struct openconnect_info *vpninfo)
 {
-	if (vpninfo->vhost_fd != -1)
+	if (vpninfo->vhost_fd >= 0)
 		close(vpninfo->vhost_fd);
-	if (vpninfo->vhost_kick_fd != -1)
+	if (vpninfo->vhost_kick_fd >= 0)
 		close(vpninfo->vhost_kick_fd);
-	if (vpninfo->vhost_call_fd != -1)
+	if (vpninfo->vhost_call_fd >= 0)
 		close(vpninfo->vhost_call_fd);
 
 	vpninfo->vhost_fd = vpninfo->vhost_kick_fd = vpninfo->vhost_call_fd = -1;