Prefer unsigned over signed loop counters where possible

Especially when numbers are intended to never go below 0.
openssh · Jul 5, 2023 · f746fe6 · f746fe6
1 parent 8a6cd08
commit f746fe6
Show file tree

Hide file tree

Showing 40 changed files with 220 additions and 201 deletions.
diff --git a/addr.c b/addr.c
@@ -140,7 +140,7 @@ addr_sa_to_xaddr(struct sockaddr *sa, socklen_t slen, struct xaddr *xa)
 int
 addr_invert(struct xaddr *n)
 {
-	int i;
+	u_int i;
 
 	if (n == NULL)
 		return -1;
@@ -166,7 +166,7 @@ addr_invert(struct xaddr *n)
 int
 addr_netmask(int af, u_int l, struct xaddr *n)
 {
-	int i;
+	u_int i;
 
 	if (masklen_valid(af, l) != 0 || n == NULL)
 		return -1;
@@ -207,7 +207,7 @@ addr_hostmask(int af, u_int l, struct xaddr *n)
 int
 addr_and(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b)
 {
-	int i;
+	u_int i;
 
 	if (dst == NULL || a == NULL || b == NULL || a->af != b->af)
 		return -1;
@@ -230,7 +230,7 @@ addr_and(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b)
 int
 addr_or(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b)
 {
-	int i;
+	u_int i;
 
 	if (dst == NULL || a == NULL || b == NULL || a->af != b->af)
 		return (-1);
@@ -252,7 +252,7 @@ addr_or(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b)
 int
 addr_cmp(const struct xaddr *a, const struct xaddr *b)
 {
-	int i;
+	u_int i;
 
 	if (a->af != b->af)
 		return (a->af == AF_INET6 ? 1 : -1);
@@ -285,7 +285,7 @@ addr_cmp(const struct xaddr *a, const struct xaddr *b)
 int
 addr_is_all0s(const struct xaddr *a)
 {
-	int i;
+	u_int i;
 
 	switch (a->af) {
 	case AF_INET:
@@ -304,7 +304,7 @@ addr_is_all0s(const struct xaddr *a)
 void
 addr_increment(struct xaddr *a)
 {
-	int i;
+	u_int i;
 	uint32_t n;
 
 	switch (a->af) {

diff --git a/audit.c b/audit.c
@@ -82,7 +82,7 @@ audit_username(void)
 const char *
 audit_event_lookup(ssh_audit_event_t ev)
 {
-	int i;
+	size_t i;
 	static struct event_lookup_struct {
 		ssh_audit_event_t event;
 		const char *name;

diff --git a/auth-krb5.c b/auth-krb5.c
@@ -77,7 +77,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
 #endif
 	krb5_error_code problem;
 	krb5_ccache ccache = NULL;
-	int len;
+	size_t len;
 	char *client, *platform_client;
 	const char *errmsg;
 

diff --git a/auth2-chall.c b/auth2-chall.c
@@ -86,14 +86,16 @@ struct KbdintAuthctxt
 void
 remove_kbdint_device(const char *devname)
 {
-	int i, j;
+	size_t i, j;
 
-	for (i = 0; devices[i] != NULL; i++)
+	for (i = 0; devices[i] != NULL;) {
 		if (strcmp(devices[i]->name, devname) == 0) {
 			for (j = i; devices[j] != NULL; j++)
 				devices[j] = devices[j+1];
-			i--;
+			continue;
 		}
+		i++;
+	}
 }
 #endif
 
@@ -102,7 +104,8 @@ kbdint_alloc(const char *devs)
 {
 	KbdintAuthctxt *kbdintctxt;
 	struct sshbuf *b;
-	int i, r;
+	size_t i;
+	int r;
 
 #ifdef USE_PAM
 	if (!options.use_pam)
@@ -154,7 +157,7 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt)
 {
 	size_t len;
 	char *t;
-	int i;
+	size_t i;
 
 	if (kbdintctxt->device)
 		kbdint_reset_device(kbdintctxt);

diff --git a/auth2-hostbased.c b/auth2-hostbased.c
@@ -171,7 +171,7 @@ hostbased_key_allowed(struct ssh *ssh, struct passwd *pw,
 {
 	const char *resolvedname, *ipaddr, *lookup, *reason;
 	HostStatus host_status;
-	int len;
+	size_t len;
 	char *fp;
 
 	if (auth_key_is_revoked(key))

diff --git a/auth2.c b/auth2.c
@@ -482,7 +482,8 @@ authmethods_get(Authctxt *authctxt)
 {
 	struct sshbuf *b;
 	char *list;
-	int i, r;
+	size_t i;
+	int r;
 
 	if ((b = sshbuf_new()) == NULL)
 		fatal_f("sshbuf_new failed");
@@ -508,7 +509,7 @@ authmethods_get(Authctxt *authctxt)
 static Authmethod *
 authmethod_byname(const char *name)
 {
-	int i;
+	size_t i;
 
 	if (name == NULL)
 		fatal_f("NULL authentication method name");
@@ -551,16 +552,17 @@ int
 auth2_methods_valid(const char *_methods, int need_enable)
 {
 	char *methods, *omethods, *method, *p;
-	u_int i, found;
-	int ret = -1;
+	u_int i;
+	int found, ret = -1;
 
 	if (*_methods == '\0') {
 		error("empty authentication method list");
 		return -1;
 	}
 	omethods = methods = xstrdup(_methods);
 	while ((method = strsep(&methods, ",")) != NULL) {
-		for (found = i = 0; !found && authmethods[i] != NULL; i++) {
+		found = 0;
+		for (i = 0; authmethods[i] != NULL; i++) {
 			if ((p = strchr(method, ':')) != NULL)
 				*p = '\0';
 			if (strcmp(method, authmethods[i]->name) != 0)

diff --git a/channels.c b/channels.c
@@ -1254,7 +1254,7 @@ x11_open_helper(struct ssh *ssh, struct sshbuf *b)
 {
 	struct ssh_channels *sc = ssh->chanctxt;
 	u_char *ucp;
-	u_int proto_len, data_len;
+	size_t proto_len, data_len;
 
 	/* Is this being called after the refusal deadline? */
 	if (sc->x11_refuse_time != 0 &&
@@ -1391,7 +1391,7 @@ channel_decode_socks4(Channel *c, struct sshbuf *input, struct sshbuf *output)
 {
 	const u_char *p;
 	char *host;
-	u_int len, have, i, found, need;
+	size_t len, have, i, found, need;
 	char username[256];
 	struct {
 		u_int8_t version;
@@ -1446,7 +1446,7 @@ channel_decode_socks4(Channel *c, struct sshbuf *input, struct sshbuf *output)
 		return -1;
 	}
 	len = strlen(p);
-	debug2("channel %d: decode socks4: user %s/%d", c->self, p, len);
+	debug2("channel %d: decode socks4: user %s/%zu", c->self, p, len);
 	len++; /* trailing '\0' */
 	strlcpy(username, p, sizeof(username));
 	if ((r = sshbuf_consume(input, len)) != 0)
@@ -1465,7 +1465,7 @@ channel_decode_socks4(Channel *c, struct sshbuf *input, struct sshbuf *output)
 			return -1;
 		}
 		len = strlen(p);
-		debug2("channel %d: decode socks4a: host %s/%d",
+		debug2("channel %d: decode socks4a: host %s/%zu",
 		    c->self, p, len);
 		len++;				/* trailing '\0' */
 		if (len > NI_MAXHOST) {

diff --git a/compat.c b/compat.c
@@ -41,7 +41,7 @@
 void
 compat_banner(struct ssh *ssh, const char *version)
 {
-	int i;
+	size_t i;
 	static struct {
 		char	*pat;
 		int	bugs;

diff --git a/dh.c b/dh.c
@@ -237,7 +237,7 @@ dh_pub_is_valid(const DH *dh, const BIGNUM *dh_pub)
 {
 	int i;
 	int n = BN_num_bits(dh_pub);
-	int bits_set = 0;
+	u_int bits_set = 0;
 	BIGNUM *tmp;
 	const BIGNUM *dh_p;
 
@@ -267,13 +267,13 @@ dh_pub_is_valid(const DH *dh, const BIGNUM *dh_pub)
 	for (i = 0; i <= n; i++)
 		if (BN_is_bit_set(dh_pub, i))
 			bits_set++;
-	debug2("bits set: %d/%d", bits_set, BN_num_bits(dh_p));
+	debug2("bits set: %u/%d", bits_set, BN_num_bits(dh_p));
 
 	/*
 	 * if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial
 	 */
 	if (bits_set < 4) {
-		logit("invalid public DH value (%d/%d)",
+		logit("invalid public DH value (%u/%d)",
 		    bits_set, BN_num_bits(dh_p));
 		return 0;
 	}