psiphon

Security: Apache mod code review

Bug #457442 reported by root on 2009-06-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	psiphon	Confirmed	Unknown	Unassigned

Bug Description

* Run Static analysis tools to identify buffer overflows, memory leaks, thread deadlocks, etc.
* E.g, Coverity

See original description

Tags:

Revision history for this message

root (n-root-psiphon-ca) wrote on 2009-06-15:

Download full text (5.7 KiB)

Here's a quick, first cut using a basic tool, cppcheck. Also see the item at the bottom which is from compiler warnings.

cppcheck output:

                [./mod_psiphon_db_to_cookie.c:100]: Memory leak: tm
                [./mod_test.c:245]: Resource leak: f
                [./proxy/proxy_util.c:2885]: Memory leak: tm

Here are the files. Review my fixes in rev 967.

=======================================================

./mod_psiphon_db_to_cookie.c

No frees on return, so this does look like a memory leak. What's sizeof(*tm), shouldn't it be sizeof(struct tm)? Wait, why is there am allocation here at all? It looks like the pointer to the allocated memory is overwritten ("tm = gmtime(&t)") and the allocated memory is never referenced.. Also, should use thread-safe gtime_r (http://www.opengroup.org/onlinepubs/009695399/functions/gmtime.html).

=======================================================

                struct tm *tm = malloc(sizeof(*tm));
                time_t t = time(NULL);
                char *tstr;

dbtc_log("dbtc()");

dconf = (struct_dbtc_dir_config *) ap_get_module_config(r->per_dir_config,
&psiphon_db_to_cookie_module);

                if (!dconf->need_dbtc) {
                dbtc_log("dbtc(): no need dbtc");
                return DECLINED;
                };

                if (r->main != NULL) /*no subrequests*/
                {
                dbtc_log("dbtc(): not a main request");
                return DECLINED;
                }
                tm = gmtime(&t);
                t = mktime(tm);
                tstr = apr_psprintf(r->pool, "%d", t);

=======================================================

./mod_test.c

File f isn't closed. Is this just a test routine? Should fix anyways. Should this file be removed before open source?

=======================================================

                int test_hook(request_rec *r) {
                struct_test_dir_config *dconf;
                char body[MAX_BODY];
                // const char *body = "here is line\r\nhere IS digits: 12345\r\nqqqq\n";
                const char *result;

regs_v_t **regs_v;
FILE *f;

jsf_log("test_hook()");

dconf = (struct_test_dir_config *) ap_get_module_config(r->per_dir_config,
&test_module);

                if (!dconf->enable) {
                jsf_log("test_hook(): don't need test");
                return DECLINED;
                };

jsf_log("test_hook(): running");

ap_set_content_type(r, "text/plain");

...

Here's a quick, first cut using a basic tool, cppcheck.  Also see the item at the bottom which is from compiler warnings.
                
                cppcheck output:
                
                [./mod_psiphon_db_to_cookie.c:100]: Memory leak: tm
                [./mod_test.c:245]: Resource leak: f
                [./proxy/proxy_util.c:2885]: Memory leak: tm
                
                Here are the files.  Review my fixes in rev 967.
                
                =======================================================
                
                ./mod_psiphon_db_to_cookie.c
                
                No frees on return, so this does look like a memory leak.  What's sizeof(*tm), shouldn't it be sizeof(struct tm)?  Wait, why is there am allocation here at all?  It looks like the pointer to the allocated memory is overwritten ("tm = gmtime(&t)") and the allocated memory is never referenced..  Also, should use thread-safe gtime_r (http://www.opengroup.org/onlinepubs/009695399/functions/gmtime.html).
                
                =======================================================
                
                struct tm *tm = malloc(sizeof(*tm));
                time_t t = time(NULL);
                char *tstr;
                
                dbtc_log("dbtc()");
                
                dconf = (struct_dbtc_dir_config *) ap_get_module_config(r->per_dir_config,
                &psiphon_db_to_cookie_module);
                
                if (!dconf->need_dbtc) {
                dbtc_log("dbtc(): no need dbtc");
                return DECLINED;
                };
                
                if (r->main != NULL)  /*no subrequests*/
                {
                dbtc_log("dbtc(): not a main request");
                return DECLINED;
                }
                tm = gmtime(&t);
                t = mktime(tm);
                tstr = apr_psprintf(r->pool, "%d", t);
                
                =======================================================
                
                ./mod_test.c
                
                File f isn't closed.  Is this just a test routine?  Should fix anyways.  Should this file be removed before open source?
                
                =======================================================
                
                int test_hook(request_rec *r) {
                struct_test_dir_config *dconf;
                char body[MAX_BODY];
                //    const char *body = "here is line\r\nhere IS digits: 12345\r\nqqqq\n";
                const char *result;
                
                regs_v_t **regs_v;
                FILE *f;
                
                jsf_log("test_hook()");
                
                dconf = (struct_test_dir_config *) ap_get_module_config(r->per_dir_config,
                &test_module);
                
                if (!dconf->enable) {
                jsf_log("test_hook(): don't need test");
                return DECLINED;
                };
                
                jsf_log("test_hook(): running");
                
                ap_set_content_type(r, "text/plain");
                
                if (!(f = fopen("/var/tmp/test.js", "r"))) {
                jsf_err_log("test_hook(): Can't open a file");
                return OK;
                }
                
                regs_v = jsf_init1(r);
                if (!regs_v) jsf_err_log("test_hook(): no regs_v");
                
                /*
                while (!feof(f)) {
                if (fgets(body, MAX_BODY, f)) {
                if (regs_v) {
                result = jsf(r, regs_v, body, strlen(body));
                } else {
                result = body;
                }
                
                ap_rprintf(r, "%s", result);
                }
                }
                
                fclose(f);
                */
                return OK;
                }
                
                =======================================================
                
                ./proxy/proxy_util.c
                
                Same as 1st case, memory leak.
                
                =======================================================
                struct tm *tm = malloc(sizeof(*tm));
                time_t t = time(NULL);
                char *tstr;
                
                
                
                
                ctdb_log("ap_proxy_cookie_to_db(\"%s\")", val);
                
                tm = gmtime(&t);
                t = mktime(tm);
                tstr = apr_psprintf(r->pool, "%d", (int)t);
                
                
                
                if (!(dbd = ap_dbd_acquire(r))) {
                ctdb_err_log("ctdb(): Can't get DB connect");
                return;
                }
                =======================================================
                
                From compiler warnings:
                
                mod_map_to_proxy.c: In function ‘hook_uri2proxy’:
                mod_map_to_proxy.c:166: warning: too few arguments for format
                
                if(!*decrypted_uri)
                {
                if (ap_is_default_port(port, r))
                {
                return_url=apr_psprintf(r->pool, "%s://%s%s/", ap_http_scheme(r),
                ap_get_server_name(r), conf->loc);
                }
                else
                {
                return_url=apr_psprintf(r->pool, "%s://%s:%u%s/", ap_http_scheme(r),
                ap_get_server_name(r), port);
                }
                
                apr_table_setn(r->err_headers_out, "Location", return_url);
                return HTTP_MOVED_TEMPORARILY;
                
                }

Revision history for this message

root (n-root-psiphon-ca) wrote on 2009-06-15:

printf in mod_map_to_proxy.c fixed in r968

Revision history for this message

root (n-root-psiphon-ca) wrote on 2009-06-15:

Download full text (113.1 KiB)

Splint 3.1.1 --- 28 Apr 2003

                mod_bluebar.c: (in function bluebar_filter)
                mod_bluebar.c:118:5: Return value (type ap_filter_t *) ignored:
                ap_add_output_fi...
                Result returned by function call is not used. If this is intended, can cast
                result to (void) to eliminate message. (Use -retvalother to inhibit warning)
                mod_bluebar.c:132:17: Return value (type apr_status_t) ignored:
                ap_pass_brigade(...
                mod_bluebar.c:134:13: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_bluebar.c:147:5: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_bluebar.c:72:25: Variable end declared but not used
                A variable is declared but never used. Use /*@unused@*/ in front of
                declaration to suppress message. (Use -varuse to inhibit warning)
                mod_bluebar.c:74:17: Variable subpool declared but not used
                mod_bluebar.c: (in function bluebar_store_filter)
                mod_bluebar.c:160:9: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_bluebar.c:174:5: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_bluebar.c:157:9: Variable seen_eos declared but not used
                mod_bluebar.c:183:5: Initializer block for bluebar_cmds[1] has 1 field, but
                command_rec has 6 fields: NULL
                Initializer does not set every field in the structure. (Use -fullinitblock to
                inhibit warning)
                mod_bluebar.c: (in function bluebar_register_hook)
                mod_bluebar.c:190:9: Function ap_register_output_filter_protocol expects arg 5
                to be unsigned int gets int: 0x1 | 0x2
                To ignore signs in type comparisons use +ignoresigns
                mod_bluebar.c:188:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                mod_bluebar.c:193:9: Function ap_register_output_filter_protocol expects arg 5
                to be unsigned int gets int: 0x1 | 0x2
                mod_bluebar.c:191:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                mod_bluebar.c:198:10: Variable bluebar_module redefined
                A function or variable is redefined. One of the declarations should use
                extern. (Use -redef to inhibit warning)
                mod_bluebar.c:35:10: Previous definition of bluebar_module
                mod_deflate.c: (in function flush_libz_buffer)
                mod_deflate.c:334:14: Assignment of apr_size_t to uInt:
                ctx->stream.avail_out = c->bufferSize
                Types are incompatible. (Use -type to inhibit warning)
                mod_deflate.c: (in function deflate_out_filter)
                mod_deflate.c:593:9: Assignment of apr_size_t to uInt:
                ctx->stream.avail_out = c->bufferSize
                mod_deflate.c:628:49: Function apr_off_t_toa expects arg 2 to...

Splint 3.1.1 --- 28 Apr 2003
                
                mod_bluebar.c: (in function bluebar_filter)
                mod_bluebar.c:118:5: Return value (type ap_filter_t *) ignored:
                ap_add_output_fi...
                Result returned by function call is not used. If this is intended, can cast
                result to (void) to eliminate message. (Use -retvalother to inhibit warning)
                mod_bluebar.c:132:17: Return value (type apr_status_t) ignored:
                ap_pass_brigade(...
                mod_bluebar.c:134:13: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_bluebar.c:147:5: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_bluebar.c:72:25: Variable end declared but not used
                A variable is declared but never used. Use /*@unused@*/ in front of
                declaration to suppress message. (Use -varuse to inhibit warning)
                mod_bluebar.c:74:17: Variable subpool declared but not used
                mod_bluebar.c: (in function bluebar_store_filter)
                mod_bluebar.c:160:9: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_bluebar.c:174:5: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_bluebar.c:157:9: Variable seen_eos declared but not used
                mod_bluebar.c:183:5: Initializer block for bluebar_cmds[1] has 1 field, but
                command_rec has 6 fields: NULL
                Initializer does not set every field in the structure. (Use -fullinitblock to
                inhibit warning)
                mod_bluebar.c: (in function bluebar_register_hook)
                mod_bluebar.c:190:9: Function ap_register_output_filter_protocol expects arg 5
                to be unsigned int gets int: 0x1 | 0x2
                To ignore signs in type comparisons use +ignoresigns
                mod_bluebar.c:188:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                mod_bluebar.c:193:9: Function ap_register_output_filter_protocol expects arg 5
                to be unsigned int gets int: 0x1 | 0x2
                mod_bluebar.c:191:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                mod_bluebar.c:198:10: Variable bluebar_module redefined
                A function or variable is redefined. One of the declarations should use
                extern. (Use -redef to inhibit warning)
                mod_bluebar.c:35:10: Previous definition of bluebar_module
                mod_deflate.c: (in function flush_libz_buffer)
                mod_deflate.c:334:14: Assignment of apr_size_t to uInt:
                ctx->stream.avail_out = c->bufferSize
                Types are incompatible. (Use -type to inhibit warning)
                mod_deflate.c: (in function deflate_out_filter)
                mod_deflate.c:593:9: Assignment of apr_size_t to uInt:
                ctx->stream.avail_out = c->bufferSize
                mod_deflate.c:628:49: Function apr_off_t_toa expects arg 2 to be apr_off_t gets
                uLong: ctx->stream.total_in
                mod_deflate.c:636:49: Function apr_off_t_toa expects arg 2 to be apr_off_t gets
                uLong: ctx->stream.total_out
                mod_deflate.c:695:9: Return value (type apr_status_t) ignored:
                (e)->type->read(...
                mod_deflate.c:704:9: Assignment of apr_size_t to uInt:
                ctx->stream.avail_in = len
                mod_deflate.c:716:17: Assignment of apr_size_t to uInt:
                ctx->stream.avail_out = c->bufferSize
                mod_deflate.c:734:5: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_deflate.c: (in function deflate_in_filter)
                mod_deflate.c:833:9: Assignment of apr_size_t to uInt:
                ctx->stream.avail_out = c->bufferSize
                mod_deflate.c:835:9: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_deflate.c:875:17: Assignment of apr_size_t to uInt:
                ctx->stream.avail_out = c->bufferSize
                mod_deflate.c:884:13: Return value (type apr_status_t) ignored:
                (bkt)->type->rea...
                mod_deflate.c:888:13: Assignment of apr_size_t to uInt:
                ctx->stream.avail_in = len
                mod_deflate.c:902:21: Assignment of apr_size_t to uInt:
                ctx->stream.avail_out = c->bufferSize
                mod_deflate.c:930:17: Assignment of apr_size_t to uInt:
                ctx->stream.avail_out = c->bufferSize
                mod_deflate.c:962:9: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_deflate.c:970:9: Operands of < have incompatible types (uInt, apr_size_t):
                ctx->stream.avail_out < c->bufferSize
                mod_deflate.c:980:9: Assignment of apr_size_t to uInt:
                ctx->stream.avail_out = c->bufferSize
                mod_deflate.c:987:9: Return value (type apr_status_t) ignored:
                apr_brigade_part...
                mod_deflate.c: (in function inflate_out_filter)
                mod_deflate.c:1086:9: Assignment of apr_size_t to uInt:
                ctx->stream.avail_out = c->bufferSize
                mod_deflate.c:1190:9: Return value (type apr_status_t) ignored:
                (e)->type->read(...
                mod_deflate.c:1245:9: Assignment of apr_size_t to uInt:
                ctx->stream.avail_in = len
                mod_deflate.c:1287:17: Assignment of apr_size_t to uInt:
                ctx->stream.avail_out = c->bufferSize
                mod_deflate.c:1328:5: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_deflate.c: (in function register_hooks)
                mod_deflate.c:1335:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                mod_deflate.c:1337:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                mod_deflate.c:1339:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_inpu...
                mod_deflate.c:1354:5: Initializer block for deflate_filter_cmds[5] has 1 field,
                but command_rec has 6 fields: NULL
                mod_deflate.c:1357:10: Variable deflate_module redefined
                mod_deflate.c:52:10: Previous definition of deflate_module
                mod_limitsessconn.c: (in function lmt_is_number)
                mod_limitsessconn.c:78:12: Variable len initialized to type size_t, expects
                int: strlen(str)
                To allow arbitrary integral types to match long unsigned, use +longintegral.
                mod_limitsessconn.c: (in function limit_sessconn_init)
                mod_limitsessconn.c:280:2: Return value (type apr_status_t) ignored:
                ap_mpm_query(5, ...
                mod_limitsessconn.c:281:2: Return value (type apr_status_t) ignored:
                ap_mpm_query(4, ...
                mod_limitsessconn.c:282:2: Return value (type apr_status_t) ignored:
                ap_mpm_query(1, ...
                mod_limitsessconn.c:276:6: Variable i declared but not used
                mod_limitsessconn.c: (in function limit_sessconn_handler)
                mod_limitsessconn.c:352:6: Variable i declared but not used
                mod_limitsessconn.c:352:9: Variable j declared but not used
                mod_limitsessconn.c:353:16: Variable ws_record declared but not used
                mod_limitsessconn.c:406:2: Initializer block for cmds[2] has 1 field, but
                command_rec has 6 fields: NULL
                mod_limitsessconn.c:417:10: Variable limit_sessconn_module redefined
                mod_limitsessconn.c:34:10: Previous definition of limit_sessconn_module
                mod_limitsessconn.c:101:21: File static function limit_sessconn_sem_remove
                declared but not used
                A function is declared but not used. Use /*@unused@*/ in front of function
                header to suppress message. (Use -fcnuse to inhibit warning)
                mod_limitsessconn.c:107:1: Definition of limit_sessconn_sem_remove
                mod_line_edit.c: (in function interpolate_env)
                mod_line_edit.c:133:41: Function apr_pstrndup expects arg 3 to be apr_size_t
                gets int: end - (start + 2)
                mod_line_edit.c:135:43: Function apr_pstrndup expects arg 3 to be apr_size_t
                gets int: (start - str)
                mod_line_edit.c: (in function line_edit_filter)
                mod_line_edit.c:247:65: Function apr_array_make expects arg 3 to be int gets
                size_t: sizeof(rewriterule)
                mod_line_edit.c:365:19: Return value (type apr_status_t) ignored:
                (b)->type->split...
                mod_line_edit.c:382:22: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_line_edit.c:413:10: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_line_edit.c:460:19: Assignment of int to unsigned int:
                match = pmatch[0].rm_so
                mod_line_edit.c:462:19: Return value (type apr_status_t) ignored:
                (b)->type->split...
                mod_line_edit.c:464:42: Function  expects arg 2 to be apr_size_t gets int:
                pmatch[0].rm_eo - match
                mod_line_edit.c:464:19: Return value (type apr_status_t) ignored:
                (b1)->type->spli...
                mod_line_edit.c:480:19: Assignment of arbitrary unsigned integral type to
                unsigned int: match = ((unsigned int)subs - (unsigned int)bufp) /
                sizeof(char)
                To ignore type qualifiers in type comparisons use +ignorequals.
                mod_line_edit.c:483:19: Return value (type apr_status_t) ignored:
                (b)->type->split...
                mod_line_edit.c:485:19: Return value (type apr_status_t) ignored:
                (b1)->type->spli...
                mod_line_edit.c:514:7: Return value (type apr_status_t) ignored:
                (b)->type->setas...
                mod_line_edit.c: (in function line_edit_hooks)
                mod_line_edit.c:533:7: Function ap_register_output_filter_protocol expects arg
                5 to be unsigned int gets int: 0x1 | 0x2
                mod_line_edit.c:531:4: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                mod_line_edit.c: (in function line_edit_rewriterule)
                mod_line_edit.c:592:7: Assignment of int to unsigned int:
                rule->flags = ((flags && (strchr((char *)(flags), ('R')) != NULL)) ? (0x01)
                : 0) | ((flags && (strchr((char *)(flags), ('i')) != NULL)) ? (0x08) :
                0) | ((flags && (strchr((char *)(flags), ('m')) != NULL)) ? (0x10) :
                0) | ((flags && (strchr((char *)(flags), ('L')) != NULL)) ? (0x40) :
                0) | ((flags && (strchr((char *)(flags), ('V')) != NULL)) ? (0x20) : 0)
                mod_line_edit.c:619:7: Assignment of size_t to unsigned int:
                rule->length = strlen(from)
                To allow arbitrary integral types to match any integral type, use
                +matchanyintegral.
                mod_line_edit.c:632:4: Initializer block for line_edit_cmds[2] has 1 field, but
                command_rec has 6 fields: NULL
                mod_line_edit.c: (in function line_edit_cr_cfg)
                mod_line_edit.c:638:68: Function apr_array_make expects arg 3 to be int gets
                size_t: sizeof(rewriterule)
                mod_line_edit.c:660:10: Variable line_edit_module redefined
                mod_line_edit.c:95:10: Previous definition of line_edit_module
                mod_map_to_proxy.c:228:5: Initializer block for dir_cmds[1] has 1 field, but
                command_rec has 6 fields: NULL
                mod_map_to_proxy.c:241:10: Variable map_to_proxy_module redefined
                mod_map_to_proxy.c:51:10: Previous definition of map_to_proxy_module
                mod_map_to_proxy.c:80:12: File static function map_to_proxy_handler declared
                but not used
                mod_map_to_proxy.c:87:1: Definition of map_to_proxy_handler
                mod_post2get.c: (in function post2get_handler)
                mod_post2get.c:123:53: Function apr_array_make expects arg 3 to be int gets
                size_t: sizeof(char *)
                mod_post2get.c:171:18: Initializer block for dir_cmds[1] has 1 field, but
                command_rec has 6 fields: NULL
                mod_post2get.c:183:10: Variable post2get_module redefined
                mod_post2get.c:44:10: Previous definition of post2get_module
                mod_post2get.c:46:12: File static variable proxy_available declared but not
                used
                mod_proxy_css.c:31:9: Enum member LINEEND_UNSET defined more than once
                mod_line_edit.c:83:7: Previous definition of LINEEND_UNSET
                mod_proxy_css.c:32:9: Enum member LINEEND_ANY defined more than once
                mod_line_edit.c:84:7: Previous definition of LINEEND_ANY
                mod_proxy_css.c:33:9: Enum member LINEEND_UNIX defined more than once
                mod_line_edit.c:85:7: Previous definition of LINEEND_UNIX
                mod_proxy_css.c:34:9: Enum member LINEEND_MAC defined more than once
                mod_line_edit.c:86:7: Previous definition of LINEEND_MAC
                mod_proxy_css.c:35:9: Enum member LINEEND_DOS defined more than once
                mod_line_edit.c:87:7: Previous definition of LINEEND_DOS
                mod_proxy_css.c:36:9: Enum member LINEEND_CUSTOM defined more than once
                mod_line_edit.c:88:7: Previous definition of LINEEND_CUSTOM
                mod_proxy_css.c:37:9: Enum member LINEEND_NONE defined more than once
                mod_line_edit.c:89:7: Previous definition of LINEEND_NONE
                mod_proxy_css.c:38:6: Enum tag enum defined more than once
                mod_line_edit.c:90:5: Previous definition of enum
                mod_proxy_css.c: (in function proxy_css_filter)
                mod_proxy_css.c:220:25: Return value (type apr_status_t) ignored:
                (b)->type->split...
                mod_proxy_css.c:237:29: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_proxy_css.c:268:13: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_proxy_css.c:331:9: Return value (type apr_status_t) ignored:
                (b)->type->setas...
                mod_proxy_css.c:56:9: Variable i declared but not used
                mod_proxy_css.c:56:12: Variable j declared but not used
                mod_proxy_css.c:58:17: Variable bufp declared but not used
                mod_proxy_css.c: (in function proxy_css_hooks)
                mod_proxy_css.c:342:9: Function ap_register_output_filter_protocol expects arg
                5 to be unsigned int gets int: 0x1 | 0x2
                mod_proxy_css.c:340:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                mod_proxy_css.c:394:5: Initializer block for proxy_css_cmds[1] has 1 field, but
                command_rec has 6 fields: NULL
                mod_proxy_css.c:419:10: Variable proxy_css_module redefined
                mod_proxy_css.c:42:10: Previous definition of proxy_css_module
                mod_proxy_html.c: (in function consume_buffer)
                mod_proxy_html.c:134:18: Variable rv declared but not used
                mod_proxy_html.c:135:16: Variable insz declared but not used
                mod_proxy_html.c:136:11: Variable buf declared but not used
                mod_proxy_html.c:138:9: Variable len declared but not used
                mod_proxy_html.c: (in function AP_fwrite)
                mod_proxy_html.c:158:73: Function apr_brigade_write expects arg 5 to be
                apr_size_t gets int: bytes
                mod_proxy_html.c:158:5: Return value (type apr_status_t) ignored:
                apr_brigade_writ...
                mod_proxy_html.c:155:11: Variable buf declared but not used
                mod_proxy_html.c:156:18: Variable rv declared but not used
                mod_proxy_html.c:157:16: Variable insz declared but not used
                mod_proxy_html.c: (in function pcharacters)
                mod_proxy_html.c:177:84: Return value (type apr_status_t) ignored:
                apr_brigade_puts...
                mod_proxy_html.c:178:84: Return value (type apr_status_t) ignored:
                apr_brigade_puts...
                mod_proxy_html.c:179:84: Return value (type apr_status_t) ignored:
                apr_brigade_puts...
                mod_proxy_html.c:180:84: Return value (type apr_status_t) ignored:
                apr_brigade_puts...
                mod_proxy_html.c: (in function preserve)
                mod_proxy_html.c:200:62: Function apr_pool_cleanup_kill expects arg 3 to be
                [function (void *) returns apr_status_t] * gets void *: (void *)free
                mod_proxy_html.c:202:13: Function apr_pool_cleanup_register expects arg 3 to be
                [function (void *) returns apr_status_t] * gets void *: (void *)free
                mod_proxy_html.c: (in function psi_proxify_meta_refresh)
                mod_proxy_html.c:233:5: Assignment of size_t to int: len = strlen(s)
                mod_proxy_html.c:301:40: Function apr_pstrndup expects arg 3 to be apr_size_t
                gets int: url_e - url_b
                mod_proxy_html.c:306:40: Function apr_pstrndup expects arg 3 to be apr_size_t
                gets int: url_b - s
                mod_proxy_html.c: (in function dump_content)
                mod_proxy_html.c:327:30: Function AP_fwrite expects arg 3 to be int gets
                size_t: strlen(ctx->buf)
                mod_proxy_html.c:317:11: Variable found declared but not used
                mod_proxy_html.c:318:12: Variable s_from declared but not used
                mod_proxy_html.c:318:20: Variable s_to declared but not used
                mod_proxy_html.c:319:12: Variable match declared but not used
                mod_proxy_html.c:321:9: Variable nmatch declared but not used
                mod_proxy_html.c:322:19: Variable pmatch declared but not used
                mod_proxy_html.c:323:11: Variable subs declared but not used
                mod_proxy_html.c:324:12: Variable len declared but not used
                mod_proxy_html.c:324:17: Variable offs declared but not used
                mod_proxy_html.c: (in function pcomment)
                mod_proxy_html.c:347:5: Assignment of size_t to int: length = strlen(chars)
                mod_proxy_html.c:336:9: Variable le_found declared but not used
                mod_proxy_html.c:338:17: Variable res_str declared but not used
                mod_proxy_html.c: (in function pcdata)
                mod_proxy_html.c:391:50: Function apr_pstrndup expects arg 3 to be apr_size_t
                gets int: length
                mod_proxy_html.c:400:50: Function apr_pstrndup expects arg 3 to be apr_size_t
                gets int: length
                mod_proxy_html.c: (in function pendElement)
                mod_proxy_html.c:458:63: Function jsf expects arg 4 to be size_t gets int:
                le - chars
                mod_proxy_html.c:483:9: Return value (type apr_status_t) ignored:
                ap_fprintf(ctx->...
                mod_proxy_html.c: (in function pstartElement)
                mod_proxy_html.c:541:5: Return value (type apr_status_t) ignored:
                apr_brigade_putc...
                mod_proxy_html.c:542:5: Return value (type apr_status_t) ignored:
                apr_brigade_puts...
                mod_proxy_html.c:578:25: Assignment of xmlChar * to char *:
                *a = xmlCharStrdup(proxified_meta_content)
                mod_proxy_html.c:626:46: Function xmlStrdup expects arg 1 to be xmlChar * gets
                char *: "post"
                mod_proxy_html.c:626:29: Assignment of xmlChar * to char *:
                a[1] = xmlStrdup("post")
                mod_proxy_html.c:811:17: Return value (type apr_status_t) ignored:
                ap_fputstrs(ctx-...
                mod_proxy_html.c:817:17: Return value (type apr_status_t) ignored:
                ap_fputstrs(ctx-...
                mod_proxy_html.c:818:60: Function pcharacters expects arg 3 to be int gets
                size_t: strlen(ctx->buf)
                mod_proxy_html.c:819:17: Return value (type apr_status_t) ignored:
                apr_brigade_putc...
                mod_proxy_html.c:830:13: Return value (type apr_status_t) ignored:
                ap_fputstrs(ctx-...
                mod_proxy_html.c:841:13: Return value (type apr_status_t) ignored:
                ap_fputstrs(ctx-...
                mod_proxy_html.c:845:9: Return value (type apr_status_t) ignored:
                apr_brigade_puts...
                mod_proxy_html.c:847:9: Return value (type apr_status_t) ignored:
                apr_brigade_putc...
                mod_proxy_html.c:494:9: Variable num_match declared but not used
                mod_proxy_html.c:495:12: Variable offs declared but not used
                mod_proxy_html.c:495:18: Variable len declared but not used
                mod_proxy_html.c:496:11: Variable subs declared but not used
                mod_proxy_html.c:499:26: Variable match declared but not used
                mod_proxy_html.c:500:11: Variable found declared but not used
                mod_proxy_html.c:502:12: Variable nmatch declared but not used
                mod_proxy_html.c: (in function pprocessingInstruction)
                mod_proxy_html.c:858:9: Return value (type apr_status_t) ignored:
                ap_fputstrs(ctx-...
                mod_proxy_html.c:862:13: Return value (type apr_status_t) ignored:
                ap_fputstrs(ctx-...
                mod_proxy_html.c:865:9: Return value (type apr_status_t) ignored:
                apr_brigade_puts...
                mod_proxy_html.c: (in function pinternalSubset)
                mod_proxy_html.c:877:9: Return value (type apr_status_t) ignored:
                ap_fputstrs(ctx-...
                mod_proxy_html.c:881:13: Return value (type apr_status_t) ignored:
                ap_fprintf(ctx->...
                mod_proxy_html.c:885:17: Return value (type apr_status_t) ignored:
                ap_fprintf(ctx->...
                mod_proxy_html.c:889:9: Return value (type apr_status_t) ignored:
                apr_brigade_puts...
                mod_proxy_html.c: (in function pexternalSubset)
                mod_proxy_html.c:899:14: Variable ctx declared but not used
                mod_proxy_html.c: (in function check_filter_init)
                mod_proxy_html.c:910:16: Variable jsrrules declared but not used
                mod_proxy_html.c: (in function proxy_html_filter)
                mod_proxy_html.c:1009:17: Return value (type apr_status_t) ignored:
                ap_pass_brigade(...
                mod_proxy_html.c:1015:21: Return value (type apr_status_t) ignored:
                ap_fflush(ctxt->...
                mod_proxy_html.c:1032:59: Function xmlStrdup expects arg 1 to be xmlChar * gets
                char *: "UTF8"
                mod_proxy_html.c:1045:21: Function apr_pool_cleanup_register expects arg 3 to
                be [function (void *) returns apr_status_t] * gets void *:
                (void *)htmlFreeParserCtxt
                mod_proxy_html.c:1051:43: Function consume_buffer expects arg 3 to be int gets
                apr_size_t: bytes
                mod_proxy_html.c:1055:43: Function consume_buffer expects arg 3 to be int gets
                apr_size_t: bytes
                mod_proxy_html.c:1064:5: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_proxy_html.c:976:21: Variable enc declared but not used
                mod_proxy_html.c: (in function set_events)
                mod_proxy_html.c:1101:67: Function apr_array_make expects arg 3 to be int gets
                size_t: sizeof(tattr)
                mod_proxy_html.c: (in function set_skip_elements)
                mod_proxy_html.c:1113:73: Function apr_array_make expects arg 3 to be int gets
                size_t: sizeof(tattr)
                mod_proxy_html.c: (in function set_links)
                mod_proxy_html.c:1133:61: Function apr_array_make expects arg 3 to be int gets
                size_t: sizeof(tattr *)
                mod_proxy_html.c:1156:5: Initializer block for proxy_html_cmds[5] has 1 field,
                but command_rec has 6 fields: NULL
                mod_proxy_html.c: (in function proxy_html_hooks)
                mod_proxy_html.c:1179:9: Function ap_register_output_filter_protocol expects
                arg 5 to be unsigned int gets int: 0x1 | 0x2
                mod_proxy_html.c:1177:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                mod_proxy_html.c:1184:10: Variable proxy_html_module redefined
                mod_proxy_html.c:79:10: Previous definition of proxy_html_module
                mod_proxy_js.c:29:9: Enum member LINEEND_UNSET defined more than once
                mod_line_edit.c:83:7: Previous definition of LINEEND_UNSET
                mod_proxy_js.c:30:9: Enum member LINEEND_ANY defined more than once
                mod_line_edit.c:84:7: Previous definition of LINEEND_ANY
                mod_proxy_js.c:31:9: Enum member LINEEND_UNIX defined more than once
                mod_line_edit.c:85:7: Previous definition of LINEEND_UNIX
                mod_proxy_js.c:32:9: Enum member LINEEND_MAC defined more than once
                mod_line_edit.c:86:7: Previous definition of LINEEND_MAC
                mod_proxy_js.c:33:9: Enum member LINEEND_DOS defined more than once
                mod_line_edit.c:87:7: Previous definition of LINEEND_DOS
                mod_proxy_js.c:34:9: Enum member LINEEND_CUSTOM defined more than once
                mod_line_edit.c:88:7: Previous definition of LINEEND_CUSTOM
                mod_proxy_js.c:35:9: Enum member LINEEND_NONE defined more than once
                mod_line_edit.c:89:7: Previous definition of LINEEND_NONE
                mod_proxy_js.c:36:6: Enum tag enum defined more than once
                mod_line_edit.c:90:5: Previous definition of enum
                mod_proxy_js.c: (in function proxy_js_filter)
                mod_proxy_js.c:134:13: Return value (type apr_status_t) ignored:
                apr_brigade_dest...
                mod_proxy_js.c:226:25: Return value (type apr_status_t) ignored:
                (b)->type->split...
                mod_proxy_js.c:243:29: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_proxy_js.c:274:13: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_proxy_js.c:324:9: Return value (type apr_status_t) ignored:
                (b)->type->setas...
                mod_proxy_js.c:53:9: Variable i declared but not used
                mod_proxy_js.c:53:12: Variable j declared but not used
                mod_proxy_js.c:55:17: Variable bufp declared but not used
                mod_proxy_js.c:68:11: Variable base_url declared but not used
                mod_proxy_js.c: (in function proxy_js_hooks)
                mod_proxy_js.c:335:9: Function ap_register_output_filter_protocol expects arg 5
                to be unsigned int gets int: 0x1 | 0x2
                mod_proxy_js.c:333:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                mod_proxy_js.c:387:5: Initializer block for proxy_js_cmds[1] has 1 field, but
                command_rec has 6 fields: NULL
                mod_proxy_js.c:412:10: Variable proxy_js_module redefined
                mod_proxy_js.c:40:10: Previous definition of proxy_js_module
                mod_psiphon_auth.c: (in function del_chars)
                mod_psiphon_auth.c:75:20: Test expression for for is assignment expression:
                p = strchr(p, *r)
                The condition test is an assignment expression. Probably, you mean to use ==
                instead of =. If an assignment is intended, add an extra parentheses nesting
                (e.g., if ((a = b)) ...) to suppress this message. (Use -predassign to
                inhibit warning)
                mod_psiphon_auth.c:76:27: Function memmove expects arg 3 to be size_t gets int:
                e - p
                mod_psiphon_auth.c: (in function pa_bin2hex)
                mod_psiphon_auth.c:91:9: Buffer overflow possible with sprintf.  Recommend
                using snprintf instead: sprintf
                Use of function that may lead to buffer overflow. (Use -bufferoverflowhigh to
                inhibit warning)
                mod_psiphon_auth.c: (in function pa_set_psiphon_session)
                mod_psiphon_auth.c:143:48: Function apr_pstrndup expects arg 3 to be apr_size_t
                gets int: cookie_e - cookie
                mod_psiphon_auth.c: (in function pa_check_user)
                mod_psiphon_auth.c:217:13: Test expression for if is assignment expression:
                error = apr_dbd_select(dbd->driver, r->pool, dbd->handle, &res, query, 0)
                mod_psiphon_auth.c:264:13: Test expression for if is assignment expression:
                error = apr_dbd_query(dbd->driver, dbd->handle, &nrows, query)
                mod_psiphon_auth.c:307:5: Initializer block for dir_cmds[2] has 1 field, but
                command_rec has 6 fields: NULL
                mod_psiphon_auth.c:319:10: Variable psiphon_auth_module redefined
                mod_psiphon_auth.c:24:10: Previous definition of psiphon_auth_module
                mod_psiphon_db_to_cookie.c: (in function dbtc)
                mod_psiphon_db_to_cookie.c:103:5: Unrecognized identifier: gmtime_r
                Identifier used in code has not been declared. (Use -unrecog to inhibit
                warning)
                mod_psiphon_db_to_cookie.c:125:22: Unrecognized identifier: strcasestr
                mod_psiphon_db_to_cookie.c:166:34: Test expression for for is assignment
                expression: domain = strchr(++domain, '.')
                mod_psiphon_db_to_cookie.c:183:9: Test expression for if is assignment
                expression: error = apr_dbd_select(dbd->driver, r->pool, dbd->handle, &res,
                query, 0)
                mod_psiphon_db_to_cookie.c:57:17: Variable cookies declared but not used
                mod_psiphon_db_to_cookie.c:58:17: Variable cookie declared but not used
                mod_psiphon_db_to_cookie.c:59:17: Variable cookie_e declared but not used
                mod_psiphon_db_to_cookie.c:256:5: Initializer block for dir_cmds[1] has 1
                field, but command_rec has 6 fields: NULL
                mod_psiphon_db_to_cookie.c:266:10: Variable psiphon_db_to_cookie_module
                redefined
                mod_psiphon_db_to_cookie.c:29:10: Previous definition of
                psiphon_db_to_cookie_module
                mod_template.c:65:5: Initializer block for dir_cmds[1] has 1 field, but
                command_rec has 6 fields: NULL
                mod_template.c:76:10: Variable test_module redefined
                mod_template.c:13:10: Previous definition of test_module
                mod_test.c:18:10: Variable test_module redefined
                mod_template.c:13:10: Previous definition of test_module
                mod_test.c:23:3: Datatype struct_test_dir_config defined more than once
                mod_template.c:18:3: Previous definition of struct_test_dir_config
                mod_test.c: (in function str_end_with)
                mod_test.c:43:14: Variable l_diff initialized to type arbitrary unsigned
                integral type, expects int: strlen(str) - strlen(tail)
                mod_test.c:62:3: Datatype regs_v_t defined more than once
                utils/jsf.h:33:3: Previous definition of regs_v_t
                mod_test.c: (in function jsf_init1)
                mod_test.c:122:9: Test expression for if is assignment expression:
                path = strstr(path, "://")
                mod_test.c:139:9: Test expression for if is assignment expression:
                error = apr_dbd_select(dbd->driver, p, dbd->handle, &res, query, 1)
                mod_test.c:71:17: Variable regex declared but not used
                mod_test.c:73:11: Variable search declared but not used
                mod_test.c:74:9: Variable flags declared but not used
                mod_test.c:80:11: Variable c declared but not used
                mod_test.c:87:17: Variable proxy_str declared but not used
                mod_test.c: (in function test_hook)
                mod_test.c:200:10: Variable body declared but not used
                mod_test.c:202:17: Variable result declared but not used
                mod_test.c:251:5: Initializer block for dir_cmds[1] has 1 field, but
                command_rec has 6 fields: NULL
                mod_test.c:262:10: Variable test_module redefined
                mod_template.c:13:10: Previous definition of test_module
                mod_xml2enc.c: (in function interpolate_vars)
                mod_xml2enc.c:97:45: Function apr_pstrndup expects arg 3 to be apr_size_t gets
                int: start - str
                mod_xml2enc.c:100:52: Function apr_pstrndup expects arg 3 to be apr_size_t gets
                int: delim - start - 2
                mod_xml2enc.c:102:52: Function apr_pstrndup expects arg 3 to be apr_size_t gets
                int: end - start - 2
                mod_xml2enc.c:107:64: Function apr_pstrndup expects arg 3 to be apr_size_t gets
                int: end - delim - 1
                mod_xml2enc.c: (in function sniff_encoding)
                mod_xml2enc.c:152:17: Function apr_pstrndup expects arg 3 to be apr_size_t gets
                int: match[0].rm_eo - match[0].rm_so
                mod_xml2enc.c:156:21: Function apr_pstrndup expects arg 3 to be apr_size_t gets
                int: match[1].rm_eo - match[1].rm_so
                mod_xml2enc.c:127:17: Variable b declared but not used
                mod_xml2enc.c:129:18: Variable rv declared but not used
                mod_xml2enc.c: (in function xml2enc_filter_init)
                mod_xml2enc.c:209:22: Variable phf declared but not used
                mod_xml2enc.c:211:17: Variable charset_str declared but not used
                mod_xml2enc.c: (in function xml2enc_ffunc)
                mod_xml2enc.c:270:21: Return value (type apr_status_t) ignored:
                (b)->type->setas...
                mod_xml2enc.c:279:43: Function apr_palloc expects arg 2 to be apr_size_t gets
                long long: ctx->bblen + 1
                mod_xml2enc.c:280:9: Assignment of apr_off_t to apr_size_t:
                ctx->bytes = ctx->bblen
                mod_xml2enc.c:293:9: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_xml2enc.c:308:17: Return value (type apr_status_t) ignored:
                ap_pass_brigade(...
                mod_xml2enc.c:310:17: Return value (type apr_status_t) ignored:
                ap_fflush(f->nex...
                mod_xml2enc.c:336:25: Return value (type apr_status_t) ignored:
                (b)->type->setas...
                mod_xml2enc.c:341:48: Function apr_brigade_partition expects arg 2 to be
                apr_off_t gets apr_size_t: bytes
                mod_xml2enc.c:360:25: Operands of == have incompatible types (apr_size_t,
                apr_off_t): ctx->bytes == ctx->bblen
                mod_xml2enc.c:372:21: Assignment of apr_off_t to apr_size_t:
                ctx->bytes = ctx->bblen
                mod_xml2enc.c:380:91: Function apr_brigade_write expects arg 5 to be apr_size_t
                gets long long: ctx->bblen - ctx->bytes
                mod_xml2enc.c:380:21: Return value (type apr_status_t) ignored:
                apr_brigade_writ...
                mod_xml2enc.c:403:29: Return value (type apr_status_t) ignored:
                ap_fflush(f->nex...
                mod_xml2enc.c: (in function xml2enc_hooks)
                mod_xml2enc.c:423:53: Function ap_register_output_filter_protocol expects arg 5
                to be unsigned int gets int: 0x1 | 0x2
                mod_xml2enc.c:422:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                mod_xml2enc.c:449:44: Initializer block for xml2enc_cmds[4] has 1 field, but
                command_rec has 6 fields: NULL
                mod_xml2enc.c:470:10: Variable xml2enc_module redefined
                mod_xml2enc.c:17:10: Previous definition of xml2enc_module
                
                Finished checking --- 263 code warnings
                }}}
                
                /mod_proxy/transform:
                
                {{{
                Splint 3.1.1 --- 28 Apr 2003
                
                transform/mod_transform.c: (in function transform_run)
                transform/mod_transform.c:99:49: Function xsltParseStylesheetFile expects arg 1
                to be xmlChar * gets char *: notes->xslt
                Types are incompatible. (Use -type to inhibit warning)
                transform/mod_transform.c:107:49: Function xsltParseStylesheetFile expects arg
                1 to be xmlChar * gets char *: dconf->xslt
                transform/mod_transform.c:113:49: Function xsltParseStylesheetFile expects arg
                1 to be xmlChar * gets char *: dconf->default_xslt
                transform/mod_transform.c:127:9: Return value (type xmlParserInputBufferCreateFi
                lenameFunc) ignored: xmlParserInputBu...
                Result returned by function call is not used. If this is intended, can cast
                result to (void) to eliminate message. (Use -retvalother to inhibit warning)
                transform/mod_transform.c:136:9: Return value (type xmlParserInputBufferCreateFi
                lenameFunc) ignored: xmlParserInputBu...
                transform/mod_transform.c:160:45: Function apr_pstrdup expects arg 2 to be char
                * gets xmlChar *: transform->mediaType
                transform/mod_transform.c:164:21: Function strcmp expects arg 1 to be char *
                gets xmlChar *: transform->method
                transform/mod_transform.c:180:5: Assignment of int to size_t:
                length = xsltSaveResultTo(output, result, transform)
                To allow arbitrary integral types to match long unsigned, use +longintegral.
                transform/mod_transform.c:182:37: Function ap_set_content_length expects arg 2
                to be apr_off_t gets size_t: length
                transform/mod_transform.c:189:5: Return value (type xmlParserInputBufferCreateFi
                lenameFunc) ignored: xmlParserInputBu...
                transform/mod_transform.c:191:5: Return value (type apr_status_t) ignored:
                ap_pass_brigade(...
                transform/mod_transform.c: (in function transform_filter)
                transform/mod_transform.c:238:42: Function xmlParseChunk expects arg 3 to be
                int gets apr_size_t: bytes
                transform/mod_transform.c:241:68: Function xmlCreatePushParserCtxt expects arg
                4 to be int gets apr_size_t: bytes
                transform/mod_transform.c:247:5: Return value (type apr_status_t) ignored:
                apr_brigade_dest...
                transform/mod_transform.c: (in function transform_post_config)
                transform/mod_transform.c:422:14: Variable cfg declared but not used
                A variable is declared but never used. Use /*@unused@*/ in front of
                declaration to suppress message. (Use -varuse to inhibit warning)
                transform/mod_transform.c: (in function transform_hooks)
                transform/mod_transform.c:436:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                transform/mod_transform.c:438:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                transform/mod_transform.c:454:5: Initializer block for transform_cmds[3] has 1
                field, but command_rec has 6 fields: NULL
                Initializer does not set every field in the structure. (Use -fullinitblock to
                inhibit warning)
                transform/transform_cache.c: (in function transform_cache_add)
                transform/transform_cache.c:47:54: Function xsltParseStylesheetFile expects arg
                1 to be xmlChar * gets char *: path
                transform/transform_io.c: (in function transform_xmlio_output_write)
                transform/transform_io.c:44:77: Function apr_brigade_write expects arg 5 to be
                apr_size_t gets int: len
                transform/transform_io.c:44:9: Return value (type apr_status_t) ignored:
                apr_brigade_writ...
                transform/transform_io.c: (in function ex_apr_uri_resolve_relative)
                transform/transform_io.c:107:9: Assignment of int to size_t:
                baselen = base_end - basepath + 1
                transform/transform_io.c: (in function find_relative_uri)
                transform/transform_io.c:150:13: Return value (type apr_status_t) ignored:
                apr_uri_parse(f-...
                transform/transform_io.c:153:13: Return value (type apr_status_t) ignored:
                ex_apr_uri_resol...
                transform/transform_io.c: (in function transform_xmlio_input_read)
                transform/transform_io.c:179:5: Assignment of int to apr_size_t: slen = len
                transform/transform_io.c:196:47: Function apr_brigade_partition expects arg 2
                to be apr_off_t gets apr_size_t: slen
                transform/transform_io.c:213:12: Return value type apr_size_t does not match
                declared type int: slen
                transform/transform_io.c: (in function transform_input_from_subrequest)
                transform/transform_io.c:233:5: Return value (type apr_status_t) ignored:
                apr_pool_create_...
                transform/transform_io.c:249:5: Return value (type ap_filter_t *) ignored:
                ap_add_output_fi...
                transform/transform_io.c:29:21: File static function io_pass_failure declared
                but not used
                A function is declared but not used. Use /*@unused@*/ in front of function
                header to suppress message. (Use -fcnuse to inhibit warning)
                transform/transform_io.c:35:1: Definition of io_pass_failure
                
                Finished checking --- 30 code warnings
                
                /mod_proxy/proxy
                
                Splint 3.1.1 --- 28 Apr 2003
                
                proxy/mod_proxy_http.c:707:12: Comment starts inside comment
                A comment open sequence (/*) appears within a comment.  This usually means an
                earlier comment was not closed. (Use -nestcomment to inhibit warning)
                proxy/mod_proxy_http.c:714:12: Comment starts inside comment
                proxy/mod_proxy.c: (in function set_worker_param)
                proxy/mod_proxy.c:90:47: Unrecognized identifier: INT64_C
                Identifier used in code has not been declared. (Use -unrecog to inhibit
                warning)
                proxy/mod_proxy.c:150:9: Assignment of long int to apr_size_t:
                worker->io_buffer_size = ((s > 8192) ? s : 8192)
                To allow arbitrary integral types to match long unsigned, use +longintegral.
                proxy/mod_proxy.c:158:9: Assignment of int to apr_size_t:
                worker->recv_buffer_size = ival
                proxy/mod_proxy.c: (in function proxy_handler)
                proxy/mod_proxy.c:748:41: Function apr_pstrndup expects arg 3 to be apr_size_t
                gets int: p - uri
                proxy/mod_proxy.c:793:33: Function strncasecmp expects arg 3 to be int gets
                size_t: strlen(ents[i].scheme)
                proxy/mod_proxy.c: (in function create_proxy_config)
                proxy/mod_proxy.c:886:70: Function apr_array_make expects arg 3 to be int gets
                size_t: sizeof(ap_conf_vector_t *)
                proxy/mod_proxy.c:887:69: Function apr_array_make expects arg 3 to be int gets
                size_t: sizeof(struct proxy_remote)
                proxy/mod_proxy.c:888:68: Function apr_array_make expects arg 3 to be int gets
                size_t: sizeof(struct proxy_alias)
                proxy/mod_proxy.c:889:72: Function apr_array_make expects arg 3 to be int gets
                size_t: sizeof(struct noproxy_entry)
                proxy/mod_proxy.c:890:70: Function apr_array_make expects arg 3 to be int gets
                size_t: sizeof(struct dirconn_entry)
                proxy/mod_proxy.c:891:67: Function apr_array_make expects arg 3 to be int gets
                size_t: sizeof(int)
                proxy/mod_proxy.c:892:62: Function apr_array_make expects arg 3 to be int gets
                size_t: sizeof(proxy_worker)
                proxy/mod_proxy.c:893:66: Function apr_array_make expects arg 3 to be int gets
                size_t: sizeof(proxy_balancer)
                proxy/mod_proxy.c: (in function create_proxy_dir_config)
                proxy/mod_proxy.c:970:70: Function apr_array_make expects arg 3 to be int gets
                size_t: sizeof(struct proxy_alias)
                proxy/mod_proxy.c:971:74: Function apr_array_make expects arg 3 to be int gets
                size_t: sizeof(struct proxy_alias)
                proxy/mod_proxy.c:972:76: Function apr_array_make expects arg 3 to be int gets
                size_t: sizeof(struct proxy_alias)
                proxy/mod_proxy.c: (in function add_proxy)
                proxy/mod_proxy.c:1036:33: Format argument 1 to sscanf (%u) expects unsigned
                int * gets int *: &port
                To ignore signs in type comparisons use +ignoresigns
                proxy/mod_proxy.c:1036:29: Corresponding format code
                proxy/mod_proxy.c:1058:9: Assignment of apr_port_t to int:
                port = apr_uri_port_of_scheme(scheme)
                Types are incompatible. (Use -type to inhibit warning)
                proxy/mod_proxy.c:1065:5: Assignment of int to apr_port_t: new->port = port
                proxy/mod_proxy.c: (in function set_recv_buffer_size)
                proxy/mod_proxy.c:1432:5: Assignment of int to apr_size_t:
                psf->recv_buffer_size = s
                proxy/mod_proxy.c: (in function set_io_buffer_size)
                proxy/mod_proxy.c:1444:5: Assignment of long int to apr_size_t:
                psf->io_buffer_size = ((s > 8192) ? s : 8192)
                proxy/mod_proxy.c: (in function proxysection)
                proxy/mod_proxy.c:1728:44: Function ap_check_cmd_context expects arg 2 to be
                unsigned int gets int: (0x04 | 0x08 | 0x10) | 0x02
                proxy/mod_proxy.c:1741:38: Function apr_pstrndup expects arg 3 to be apr_size_t
                gets int: endp - arg
                proxy/mod_proxy.c:1913:19: Initializer block for proxy_cmds[26] has 1 field,
                but command_rec has 6 fields: NULL
                Initializer does not set every field in the structure. (Use -fullinitblock to
                inhibit warning)
                proxy/mod_proxy.c: (in function ap_proxy_ssl_enable)
                proxy/mod_proxy.c:1928:20: Call to non-function (type apr_OFN_ssl_proxy_enable_t
                *): proxy_ssl_enable
                proxy/mod_proxy.c: (in function ap_proxy_ssl_disable)
                proxy/mod_proxy.c:1937:16: Call to non-function (type apr_OFN_ssl_engine_disable
                _t *): proxy_ssl_disable
                proxy/mod_proxy.c: (in function ap_proxy_conn_is_https)
                proxy/mod_proxy.c:1946:16: Call to non-function (type apr_OFN_ssl_is_https_t
                *): proxy_is_https
                proxy/mod_proxy.c: (in function ap_proxy_ssl_val)
                proxy/mod_proxy.c:1958:30: Call to non-function (type apr_OFN_ssl_var_lookup_t
                *): proxy_ssl_val
                proxy/mod_proxy.c: (in function proxy_post_config)
                proxy/mod_proxy.c:1968:54: Cast from non-function pointer type
                (apr_OFN_ssl_proxy_enable_t *) to function pointer (apr_opt_fn_t *):
                (apr_OFN_ssl_proxy_enable_t *)apr_dynamic_fn_retrieve("ssl_proxy_enable")
                A pointer to a function is cast to (or used as) a pointer to void (or vice
                versa). (Use -castfcnptr to inhibit warning)
                proxy/mod_proxy.c:1969:57: Cast from non-function pointer type
                (apr_OFN_ssl_engine_disable_t *) to function pointer (apr_opt_fn_t *):
                (apr_OFN_ssl_engine_disable_t *)apr_dynamic_fn_retrieve("ssl_engine_disable"
                )
                proxy/mod_proxy.c:1970:48: Cast from non-function pointer type
                (apr_OFN_ssl_is_https_t *) to function pointer (apr_opt_fn_t *):
                (apr_OFN_ssl_is_https_t *)apr_dynamic_fn_retrieve("ssl_is_https")
                proxy/mod_proxy.c:1971:49: Cast from non-function pointer type
                (apr_OFN_ssl_var_lookup_t *) to function pointer (apr_opt_fn_t *):
                (apr_OFN_ssl_var_lookup_t *)apr_dynamic_fn_retrieve("ssl_var_lookup")
                proxy/mod_proxy.c: (in function child_init)
                proxy/mod_proxy.c:2074:13: Return value (type apr_status_t) ignored:
                ap_proxy_initial...
                Result returned by function call is not used. If this is intended, can cast
                result to (void) to eliminate message. (Use -retvalother to inhibit warning)
                proxy/mod_proxy.c:2080:13: Return value (type apr_status_t) ignored:
                ap_proxy_initial...
                proxy/mod_proxy.c:2092:13: Return value (type apr_status_t) ignored:
                ap_proxy_initial...
                proxy/mod_proxy.c: (in function register_hooks)
                proxy/mod_proxy.c:2129:54: Variable apu__opt initialized to type [function
                (void) returns int], expects apr_OFN_ap_proxy_lb_workers_t *:
                ap_proxy_lb_workers
                proxy/mod_proxy.c:2129:139: Cast from non-function pointer type (apr_opt_fn_t
                *) to function pointer (apr_OFN_ap_proxy_lb_workers_t *):
                (apr_opt_fn_t *)apu__opt
                proxy/mod_proxy.c: (in function proxy_hook_scheme_handler)
                proxy/mod_proxy.c:2168:359: Function apr_array_make expects arg 3 to be int
                gets size_t: sizeof(proxy_LINK_scheme_handler_t)
                proxy/mod_proxy.c: (in function proxy_run_scheme_handler)
                proxy/mod_proxy.c:2172:321: Call to non-function (type proxy_HOOK_scheme_handler
                _t *): pHook[n].pFunc
                proxy/mod_proxy.c: (in function proxy_hook_canon_handler)
                proxy/mod_proxy.c:2174:353: Function apr_array_make expects arg 3 to be int
                gets size_t: sizeof(proxy_LINK_canon_handler_t)
                proxy/mod_proxy.c: (in function proxy_run_canon_handler)
                proxy/mod_proxy.c:2175:322: Call to non-function (type proxy_HOOK_canon_handler_
                t *): pHook[n].pFunc
                proxy/mod_proxy.c: (in function proxy_hook_pre_request)
                proxy/mod_proxy.c:2177:341: Function apr_array_make expects arg 3 to be int
                gets size_t: sizeof(proxy_LINK_pre_request_t)
                proxy/mod_proxy.c: (in function proxy_run_pre_request)
                proxy/mod_proxy.c:2182:296: Call to non-function (type proxy_HOOK_pre_request_t
                *): pHook[n].pFunc
                proxy/mod_proxy.c: (in function proxy_hook_post_request)
                proxy/mod_proxy.c:2184:347: Function apr_array_make expects arg 3 to be int
                gets size_t: sizeof(proxy_LINK_post_request_t)
                proxy/mod_proxy.c: (in function proxy_run_post_request)
                proxy/mod_proxy.c:2188:315: Call to non-function (type proxy_HOOK_post_request_t
                *): pHook[n].pFunc
                proxy/mod_proxy.c: (in function proxy_run_fixups)
                proxy/mod_proxy.c:2192:141: Call to non-function (type proxy_HOOK_fixups_t *):
                (pHook[n].pFunc)
                proxy/mod_proxy.c: (in function proxy_run_request_status)
                proxy/mod_proxy.c:2195:149: Call to non-function (type proxy_HOOK_request_status
                _t *): (pHook[n].pFunc)
                proxy/mod_proxy_connect.c: (in function proxy_connect_handler)
                proxy/mod_proxy_connect.c:136:9: Assignment of apr_port_t to int:
                connectport = proxyport
                proxy/mod_proxy_connect.c:141:9: Assignment of apr_port_t to int:
                connectport = uri.port
                proxy/mod_proxy_connect.c:164:35: Function allowed_port expects arg 2 to be int
                gets apr_port_t: uri.port
                proxy/mod_proxy_connect.c:230:9: Assignment of int to apr_size_t:
                nbytes = apr_snprintf(buffer, sizeof((buffer)), "CONNECT %s HTTP/1.0"
                "\015\012", r->uri)
                proxy/mod_proxy_connect.c:232:9: Return value (type apr_status_t) ignored:
                apr_socket_send(...
                proxy/mod_proxy_connect.c:233:9: Assignment of int to apr_size_t:
                nbytes = apr_snprintf(buffer, sizeof((buffer)), "Proxy-agent:
                %s" "\015\012" "\015\012", ap_get_server_banner())
                proxy/mod_proxy_connect.c:235:9: Return value (type apr_status_t) ignored:
                apr_socket_send(...
                proxy/mod_proxy_connect.c:240:9: Assignment of int to apr_size_t:
                nbytes = apr_snprintf(buffer, sizeof((buffer)), "HTTP/1.0 200 Connection
                Established" "\015\012")
                proxy/mod_proxy_connect.c:243:9: Return value (type apr_status_t) ignored:
                apr_socket_send(...
                proxy/mod_proxy_connect.c:244:9: Assignment of int to apr_size_t:
                nbytes = apr_snprintf(buffer, sizeof((buffer)), "Proxy-agent:
                %s" "\015\012" "\015\012", ap_get_server_banner())
                proxy/mod_proxy_connect.c:247:9: Return value (type apr_status_t) ignored:
                apr_socket_send(...
                proxy/mod_proxy_connect.c:271:9: Return value (type apr_status_t) ignored:
                apr_socket_close...
                proxy/mod_proxy_connect.c:283:5: Return value (type apr_status_t) ignored:
                apr_pollset_add(...
                proxy/mod_proxy_connect.c:287:5: Return value (type apr_status_t) ignored:
                apr_pollset_add(...
                proxy/mod_proxy_connect.c:291:13: Return value (type apr_status_t) ignored:
                apr_socket_close...
                proxy/mod_proxy_connect.c:388:5: Return value (type apr_status_t) ignored:
                apr_socket_close...
                proxy/mod_proxy_connect.c:399:10: Variable proxy_connect_module redefined
                A function or variable is redefined. One of the declarations should use
                extern. (Use -redef to inhibit warning)
                proxy/mod_proxy_connect.c:24:10: Previous definition of proxy_connect_module
                proxy/mod_proxy_ftp.c: (in function proxy_ftp_canon)
                proxy/mod_proxy_ftp.c:179:44: Function ap_proxy_canonenc expects arg 3 to be
                int gets size_t: strlen(strp)
                proxy/mod_proxy_ftp.c:187:38: Function ap_proxy_canonenc expects arg 3 to be
                int gets size_t: strlen(url)
                proxy/mod_proxy_ftp.c:195:50: Function ap_proxy_canonenc expects arg 3 to be
                int gets size_t: strlen(r->args)
                proxy/mod_proxy_ftp.c:201:50: Function ap_proxy_canonenc expects arg 3 to be
                int gets size_t: strlen(r->args)
                proxy/mod_proxy_ftp.c: (in function ftp_getrc_msg)
                proxy/mod_proxy_ftp.c:257:40: Function apr_cpystrn expects arg 3 to be
                apr_size_t gets int: me - mb
                proxy/mod_proxy_ftp.c:266:75: Function apr_cpystrn expects arg 3 to be
                apr_size_t gets int: me - mb
                proxy/mod_proxy_ftp.c: (in function proxy_send_dir_filter)
                proxy/mod_proxy_ftp.c:365:9: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_ftp.c:404:21: Assignment of int to apr_size_t:
                len = pos - response + 1
                proxy/mod_proxy_ftp.c:405:42: Function  expects arg 2 to be apr_size_t gets
                int: pos - response + 1
                proxy/mod_proxy_ftp.c:405:21: Return value (type apr_status_t) ignored:
                (e)->type->split...
                proxy/mod_proxy_ftp.c:415:13: Return value (type char *) ignored:
                apr_cpystrn(ctx-...
                proxy/mod_proxy_ftp.c:511:74: Function apr_pstrndup expects arg 3 to be
                apr_size_t gets int: re_result[2].rm_eo - re_result[2].rm_so
                proxy/mod_proxy_ftp.c:513:81: Function apr_pstrndup expects arg 3 to be
                apr_size_t gets int: re_result[2].rm_so
                proxy/mod_proxy_ftp.c:530:712: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:534:9: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_ftp.c:544:709: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:544:709: Warning:
                reference base limit exceeded for *out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:544:709: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:544:709: Warning:
                reference base limit exceeded for *out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:544:709: Warning:
                reference base limit exceeded for out->list. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:544:709: Warning:
                reference base limit exceeded for out->list.next. This either means there
                is a variable with at least 25 indirections from this reference, or there
                is a bug in Splint.
                proxy/mod_proxy_ftp.c:544:897: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:545:498: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:545:712: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:545:712: Warning:
                reference base limit exceeded for *out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:545:712: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:545:712: Warning:
                reference base limit exceeded for *out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:545:712: Warning:
                reference base limit exceeded for out->list. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:545:712: Warning:
                reference base limit exceeded for out->list.next. This either means there
                is a variable with at least 25 indirections from this reference, or there
                is a bug in Splint.
                proxy/mod_proxy_ftp.c:545:712: Warning:
                reference base limit exceeded for out->list.next.link. This either means
                there is a variable with at least 25 indirections from this reference, or
                there is a bug in Splint.
                proxy/mod_proxy_ftp.c:545:712: Warning:
                reference base limit exceeded for out->list.next. This either means there
                is a variable with at least 25 indirections from this reference, or there
                is a bug in Splint.
                proxy/mod_proxy_ftp.c:545:712: Warning:
                reference base limit exceeded for out->list.next.link. This either means
                there is a variable with at least 25 indirections from this reference, or
                there is a bug in Splint.
                proxy/mod_proxy_ftp.c:545:712: Warning:
                reference base limit exceeded for out->list.next.link.prev. This either
                means there is a variable with at least 25 indirections from this
                reference, or there is a bug in Splint.
                proxy/mod_proxy_ftp.c:545:712: Warning:
                reference base limit exceeded for *(out->list.next.link.prev). This either
                means there is a variable with at least 25 indirections from this
                reference, or there is a bug in Splint.
                proxy/mod_proxy_ftp.c:545:900: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:545:900: Warning:
                reference base limit exceeded for *out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:545:900: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:545:900: Warning:
                reference base limit exceeded for *out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:545:900: Warning:
                reference base limit exceeded for out->list. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:545:900: Warning:
                reference base limit exceeded for out->list.next. This either means there
                is a variable with at least 25 indirections from this reference, or there
                is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:496: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:496: Warning:
                reference base limit exceeded for *out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:496: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:496: Warning:
                reference base limit exceeded for *out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:496: Warning:
                reference base limit exceeded for out->list. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:496: Warning:
                reference base limit exceeded for ap__b. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:496: Warning:
                reference base limit exceeded for out->list.next. This either means there
                is a variable with at least 25 indirections from this reference, or there
                is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for *out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for *out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for out->list. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for out->list.next. This either means there
                is a variable with at least 25 indirections from this reference, or there
                is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for out->list.next.link. This either means
                there is a variable with at least 25 indirections from this reference, or
                there is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for out->list.next. This either means there
                is a variable with at least 25 indirections from this reference, or there
                is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for out->list.next.link. This either means
                there is a variable with at least 25 indirections from this reference, or
                there is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for out->list.next.link.prev. This either
                means there is a variable with at least 25 indirections from this
                reference, or there is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for *(out->list.next.link.prev). This either
                means there is a variable with at least 25 indirections from this
                reference, or there is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for out->list.next.link.prev->link. This
                either means there is a variable with at least 25 indirections from this
                reference, or there is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for *(out->list.next.link.prev). This either
                means there is a variable with at least 25 indirections from this
                reference, or there is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for out->list.next.link.prev->link. This
                either means there is a variable with at least 25 indirections from this
                reference, or there is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for ap__b. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:898: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:898: Warning:
                reference base limit exceeded for *out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:898: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:898: Warning:
                reference base limit exceeded for *out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:898: Warning:
                reference base limit exceeded for out->list. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:898: Warning:
                reference base limit exceeded for out->list.next. This either means there
                is a variable with at least 25 indirections from this reference, or there
                is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:898: Warning:
                reference base limit exceeded for out->list.next.link. This either means
                there is a variable with at least 25 indirections from this reference, or
                there is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:898: Warning:
                reference base limit exceeded for out->list.next. This either means there
                is a variable with at least 25 indirections from this reference, or there
                is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:898: Warning:
                reference base limit exceeded for out->list.next.link. This either means
                there is a variable with at least 25 indirections from this reference, or
                there is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:898: Warning:
                reference base limit exceeded for ap__b. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:550:9: Return value (type apr_status_t) ignored:
                apr_brigade_dest...
                proxy/mod_proxy_ftp.c:304:18: Variable n declared but not used
                A variable is declared but never used. Use /*@unused@*/ in front of
                declaration to suppress message. (Use -varuse to inhibit warning)
                proxy/mod_proxy_ftp.c: (in function proxy_ftp_command)
                proxy/mod_proxy_ftp.c:573:9: Return value (type apr_status_t) ignored:
                ap_pass_brigade(...
                proxy/mod_proxy_ftp.c:576:9: Return value (type char *) ignored:
                apr_cpystrn(mess...
                proxy/mod_proxy_ftp.c:586:54: Function ftp_getrc_msg expects arg 4 to be int
                gets size_t: sizeof(message)
                proxy/mod_proxy_ftp.c: (in function ftp_set_TYPE)
                proxy/mod_proxy_ftp.c:631:34: Body of if statement is empty
                If statement has no body. (Use -ifempty to inhibit warning)
                proxy/mod_proxy_ftp.c: (in function ftp_proxyerror)
                proxy/mod_proxy_ftp.c:710:5: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c: (in function proxy_ftp_handler)
                proxy/mod_proxy_ftp.c:937:9: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:944:13: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:993:13: Assignment of long int to time_t:
                secs = atol(secs_str)
                proxy/mod_proxy_ftp.c:1019:9: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1029:13: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1053:13: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1182:17: Assignment of int to apr_port_t:
                data_port = atoi(pstr + 3)
                proxy/mod_proxy_ftp.c:1191:21: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1198:53: Function apr_socket_opt_set expects arg 3 to be
                apr_int32_t gets apr_size_t: conf->recv_buffer_size
                proxy/mod_proxy_ftp.c:1211:17: Return value (type apr_status_t) ignored:
                apr_socket_addr_...
                proxy/mod_proxy_ftp.c:1212:17: Return value (type apr_status_t) ignored:
                apr_sockaddr_ip_...
                proxy/mod_proxy_ftp.c:1213:17: Return value (type apr_status_t) ignored:
                apr_sockaddr_inf...
                proxy/mod_proxy_ftp.c:1227:17: Return value (type apr_status_t) ignored:
                apr_socket_close...
                proxy/mod_proxy_ftp.c:1274:39: Format argument 1 to sscanf (%d) expects int *
                gets unsigned int *: &h3
                proxy/mod_proxy_ftp.c:1274:20: Corresponding format code
                proxy/mod_proxy_ftp.c:1274:44: Format argument 2 to sscanf (%d) expects int *
                gets unsigned int *: &h2
                proxy/mod_proxy_ftp.c:1274:23: Corresponding format code
                proxy/mod_proxy_ftp.c:1274:49: Format argument 3 to sscanf (%d) expects int *
                gets unsigned int *: &h1
                proxy/mod_proxy_ftp.c:1274:26: Corresponding format code
                proxy/mod_proxy_ftp.c:1274:54: Format argument 4 to sscanf (%d) expects int *
                gets unsigned int *: &h0
                proxy/mod_proxy_ftp.c:1274:29: Corresponding format code
                proxy/mod_proxy_ftp.c:1274:59: Format argument 5 to sscanf (%d) expects int *
                gets unsigned int *: &p1
                proxy/mod_proxy_ftp.c:1274:32: Corresponding format code
                proxy/mod_proxy_ftp.c:1274:64: Format argument 6 to sscanf (%d) expects int *
                gets unsigned int *: &p0
                proxy/mod_proxy_ftp.c:1274:35: Corresponding format code
                proxy/mod_proxy_ftp.c:1277:39: Variable pasvport initialized to type unsigned
                int, expects apr_port_t: (p1 << 8) + p0
                proxy/mod_proxy_ftp.c:1285:21: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1292:53: Function apr_socket_opt_set expects arg 3 to be
                apr_int32_t gets apr_size_t: conf->recv_buffer_size
                proxy/mod_proxy_ftp.c:1305:17: Return value (type apr_status_t) ignored:
                apr_sockaddr_inf...
                proxy/mod_proxy_ftp.c:1319:17: Return value (type apr_status_t) ignored:
                apr_socket_close...
                proxy/mod_proxy_ftp.c:1335:13: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1338:9: Return value (type apr_status_t) ignored:
                apr_socket_addr_...
                proxy/mod_proxy_ftp.c:1340:9: Return value (type apr_status_t) ignored:
                apr_sockaddr_ip_...
                proxy/mod_proxy_ftp.c:1347:13: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1352:9: Return value (type apr_status_t) ignored:
                apr_sockaddr_inf...
                proxy/mod_proxy_ftp.c:1357:13: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1365:13: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1372:48: Format argument 1 to sscanf (%d) expects int *
                gets unsigned int *: &h3
                proxy/mod_proxy_ftp.c:1372:35: Corresponding format code
                proxy/mod_proxy_ftp.c:1372:53: Format argument 2 to sscanf (%d) expects int *
                gets unsigned int *: &h2
                proxy/mod_proxy_ftp.c:1372:38: Corresponding format code
                proxy/mod_proxy_ftp.c:1372:58: Format argument 3 to sscanf (%d) expects int *
                gets unsigned int *: &h1
                proxy/mod_proxy_ftp.c:1372:41: Corresponding format code
                proxy/mod_proxy_ftp.c:1372:63: Format argument 4 to sscanf (%d) expects int *
                gets unsigned int *: &h0
                proxy/mod_proxy_ftp.c:1372:44: Corresponding format code
                proxy/mod_proxy_ftp.c:1550:17: Unrecognized identifier: timegm
                proxy/mod_proxy_ftp.c:1647:5: Return value (type apr_status_t) ignored:
                apr_rfc822_date(...
                proxy/mod_proxy_ftp.c:1677:9: Return value (type apr_status_t) ignored:
                apr_rfc822_date(...
                proxy/mod_proxy_ftp.c:1711:17: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1727:9: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1738:9: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1767:9: Return value (type ap_filter_t *) ignored:
                ap_add_output_fi...
                proxy/mod_proxy_ftp.c:1783:31: Function ap_get_brigade expects arg 5 to be
                apr_off_t gets apr_size_t: conf->io_buffer_size
                proxy/mod_proxy_ftp.c:1795:17: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_ftp.c:1807:17: Return value (type apr_status_t) ignored:
                apr_socket_close...
                proxy/mod_proxy_ftp.c:1829:13: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_ftp.c:1842:9: Return value (type apr_status_t) ignored:
                apr_socket_close...
                proxy/mod_proxy_ftp.c:1849:5: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_ftp.c:1865:5: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1867:5: Return value (type apr_status_t) ignored:
                apr_brigade_dest...
                proxy/mod_proxy_ftp.c: (in function ap_proxy_ftp_register_hook)
                proxy/mod_proxy_ftp.c:1877:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                proxy/mod_proxy_ftp.c:1881:10: Variable proxy_ftp_module redefined
                proxy/mod_proxy_ftp.c:47:10: Previous definition of proxy_ftp_module
                proxy/mod_proxy_http.c: (in function proxy_http_canon)
                proxy/mod_proxy_http.c:83:44: Function ap_proxy_canonenc expects arg 3 to be
                int gets size_t: strlen(url)
                proxy/mod_proxy_http.c: (in function pass_brigade)
                proxy/mod_proxy_http.c:181:5: Return value (type apr_status_t) ignored:
                apr_brigade_leng...
                proxy/mod_proxy_http.c:191:5: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_http.c: (in function stream_reqbody_chunked)
                proxy/mod_proxy_http.c:228:9: Return value (type apr_status_t) ignored:
                apr_brigade_leng...
                proxy/mod_proxy_http.c:230:9: Assignment of int to apr_size_t:
                hdr_len = apr_snprintf(chunk_hdr, sizeof((chunk_hdr)), "%" "llx"
                "\015\012", (apr_uint64_t)bytes)
                proxy/mod_proxy_http.c: (in function stream_reqbody_cl)
                proxy/mod_proxy_http.c:345:9: Return value (type apr_status_t) ignored:
                apr_brigade_leng...
                proxy/mod_proxy_http.c: (in function spool_reqbody_cl)
                proxy/mod_proxy_http.c:460:9: Return value (type apr_status_t) ignored:
                apr_brigade_leng...
                proxy/mod_proxy_http.c:474:17: Return value (type apr_status_t) ignored:
                apr_filepath_mer...
                proxy/mod_proxy_http.c:491:17: Return value (type apr_status_t) ignored:
                (e)->type->read(...
                proxy/mod_proxy_http.c:507:13: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_http.c:558:17: Return value (type apr_status_t) ignored:
                (e)->type->copy(...
                proxy/mod_proxy_http.c: (in function ap_proxy_http_request)
                proxy/mod_proxy_http.c:880:9: Return value (type apr_status_t) ignored:
                apr_brigade_leng...
                proxy/mod_proxy_http.c: (in function ap_proxygetline)
                proxy/mod_proxy_http.c:1216:37: Function ap_rgetline_core expects arg 2 to be
                apr_size_t gets int: (n)
                proxy/mod_proxy_http.c:1217:5: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_http.c: (in function allowed_type)
                proxy/mod_proxy_http.c:1275:9: Test expression for if is assignment expression:
                error = apr_dbd_select(dbd->driver, r->pool, dbd->handle, &res, query, 1)
                The condition test is an assignment expression. Probably, you mean to use ==
                instead of =. If an assignment is intended, add an extra parentheses nesting
                (e.g., if ((a = b)) ...) to suppress this message. (Use -predassign to
                inhibit warning)
                proxy/mod_proxy_http.c:1245:18: Variable rv declared but not used
                proxy/mod_proxy_http.c:1247:20: Variable row declared but not used
                proxy/mod_proxy_http.c:1251:9: Variable dummy_int declared but not used
                proxy/mod_proxy_http.c: (in function ap_proxy_http_process_response)
                proxy/mod_proxy_http.c:1327:9: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_http.c:1329:52: Function ap_proxygetline expects arg 3 to be
                int gets size_t: sizeof((buffer))
                proxy/mod_proxy_http.c:1332:56: Function ap_proxygetline expects arg 3 to be
                int gets size_t: sizeof((buffer))
                proxy/mod_proxy_http.c:1350:51: Format argument 1 to sscanf (%u) expects
                unsigned int * gets int *: &major
                proxy/mod_proxy_http.c:1350:44: Corresponding format code
                proxy/mod_proxy_http.c:1350:59: Format argument 2 to sscanf (%u) expects
                unsigned int * gets int *: &minor
                proxy/mod_proxy_http.c:1350:47: Corresponding format code
                proxy/mod_proxy_http.c:1357:45: Operands of >= have incompatible types (int,
                arbitrary unsigned integral type): len >= sizeof((buffer)) - 1
                To allow arbitrary integral types to match any integral type, use
                +matchanyintegral.
                proxy/mod_proxy_http.c:1386:26: Function apr_table_do expects arg 1 to be
                apr_table_do_callback_fn_t * gets [function (void *, char *, char *)
                returns int]: addit_dammit
                proxy/mod_proxy_http.c:1390:56: Function ap_proxy_read_headers expects arg 4 to
                be int gets size_t: sizeof((buffer))
                proxy/mod_proxy_http.c:1422:26: Function apr_table_do expects arg 1 to be
                apr_table_do_callback_fn_t * gets [function (void *, char *, char *)
                returns int]: addit_dammit
                proxy/mod_proxy_http.c:1533:20: Likely parse error:
                syntactic comment token spans multiple lines:   FIXME:
                Code cannot be parsed.  For help on parse errors, see splint -help
                parseerrors. (Use -syntax to inhibit warning)
                proxy/mod_proxy_http.c:1533:20: Likely parse error:
                syntactic comment token spans multiple lines:   FIXME:
                * At this point in response processing of a 0.9 response,
                proxy/mod_proxy_http.c:1533:20: Likely parse error:
                syntactic comment token spans multiple lines:   FIXME:
                * At this point in response processing of a 0.9 response,
                * we don't know yet whether data is binary or not.
                proxy/mod_proxy_http.c:1533:20: Likely parse error:
                syntactic comment token spans multiple lines:   FIXME:
                * At this point in response processing of a 0.9 response,
                * we don't know yet whether data is binary or not.
                * mod_charset_lite will get control later on, so it cannot
                proxy/mod_proxy_http.c:1533:20: Likely parse error:
                syntactic comment token spans multiple lines:   FIXME:
                * At this point in response processing of a 0.9 response,
                * we don't know yet whether data is binary or not.
                * mod_charset_lite will get control later on, so it cannot
                * decide on the conversion of this buffer full of data.
                proxy/mod_proxy_http.c:1533:20: Likely parse error:
                syntactic comment token spans multiple lines:   FIXME:
                * At this point in response processing of a 0.9 response,
                * we don't know yet whether data is binary or not.
                * mod_charset_lite will get control later on, so it cannot
                * decide on the conversion of this buffer full of data.
                * However, chances are that we are not really talking to
                an
                proxy/mod_proxy_http.c:1533:20: Likely parse error:
                syntactic comment token spans multiple lines:   FIXME:
                * At this point in response processing of a 0.9 response,
                * we don't know yet whether data is binary or not.
                * mod_charset_lite will get control later on, so it cannot
                * decide on the conversion of this buffer full of data.
                * However, chances are that we are not really talking to
                an
                * HTTP/0.9 server, but to some different protocol,
                therefore
                proxy/mod_proxy_http.c:1533:20: Likely parse error:
                syntactic comment token spans multiple lines:   FIXME:
                * At this point in response processing of a 0.9 response,
                * we don't know yet whether data is binary or not.
                * mod_charset_lite will get control later on, so it cannot
                * decide on the conversion of this buffer full of data.
                * However, chances are that we are not really talking to
                an
                * HTTP/0.9 server, but to some different protocol,
                therefore
                * the best guess IMHO is to always treat the buffer as
                "text/x":
                proxy/mod_proxy_http.c:1533:20: Semantic comment unrecognized:   FIXME:
                Word after a stylized comment marker does not correspond to a stylized
                comment. (Use -unrecogcomments to inhibit warning)
                proxy/mod_proxy_http.c:1545:48: Function apr_bucket_heap_create expects arg 2
                to be apr_size_t gets apr_ssize_t: cntr
                proxy/mod_proxy_http.c:1582:41: Function ap_get_brigade expects arg 5 to be
                apr_off_t gets apr_size_t: conf->io_buffer_size
                proxy/mod_proxy_http.c:1596:25: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_http.c:1611:25: Return value (type apr_status_t) ignored:
                ap_pass_brigade(...
                proxy/mod_proxy_http.c:1619:21: Return value (type apr_status_t) ignored:
                apr_brigade_leng...
                proxy/mod_proxy_http.c:1630:25: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_http.c:1649:21: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_http.c:1669:13: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_http.c: (in function proxy_http_handler)
                proxy/mod_proxy_http.c:1754:41: Function apr_pstrndup expects arg 3 to be
                apr_size_t gets int: u - url
                proxy/mod_proxy_http.c:1803:55: Function ap_proxy_determine_connection expects
                arg 11 to be int gets size_t: sizeof((server_portstr))
                proxy/mod_proxy_http.c:1839:9: Return value (type apr_status_t) ignored:
                ap_proxy_http_cl...
                proxy/mod_proxy_http.c:1850:10: Variable proxy_http_module redefined
                proxy/mod_proxy_http.c:21:10: Previous definition of proxy_http_module
                proxy/proxy_util.c: (in function proxy_run_create_req)
                proxy/proxy_util.c:49:144: Call to non-function (type proxy_HOOK_create_req_t
                *): (pHook[n].pFunc)
                proxy/proxy_util.c: (in function ap_proxy_canonenc)
                proxy/proxy_util.c:197:23: Function apr_palloc expects arg 2 to be apr_size_t
                gets int: 3 * len + 1
                proxy/proxy_util.c: (in function ap_proxy_canon_netloc)
                proxy/proxy_util.c:278:55: Function ap_proxy_canonenc expects arg 3 to be int
                gets size_t: strlen(strp + 1)
                proxy/proxy_util.c:284:43: Function ap_proxy_canonenc expects arg 3 to be int
                gets size_t: strlen(user)
                proxy/proxy_util.c: (in function ap_proxy_liststr)
                proxy/proxy_util.c:380:5: Assignment of size_t to int: len = strlen(val)
                proxy/proxy_util.c:391:13: Assignment of size_t to int: i = strlen(list)
                proxy/proxy_util.c: (in function ap_proxy_removestr)
                proxy/proxy_util.c:417:5: Assignment of size_t to int: len = strlen(val)
                proxy/proxy_util.c:428:13: Assignment of size_t to int: i = strlen(list)
                proxy/proxy_util.c:439:76: Function apr_pstrndup expects arg 3 to be apr_size_t
                gets int: i
                proxy/proxy_util.c:442:48: Function apr_pstrndup expects arg 3 to be apr_size_t
                gets int: i
                proxy/proxy_util.c: (in function ap_proxy_hex2sec)
                proxy/proxy_util.c:471:9: Operands of == have incompatible types (unsigned int,
                int): j == 0xffffffff
                proxy/proxy_util.c:475:16: Return value type unsigned int does not match
                declared type int: j
                proxy/proxy_util.c: (in function ap_proxy_sec2hex)
                proxy/proxy_util.c:485:22: Variable j initialized to type int, expects unsigned
                int: t
                proxy/proxy_util.c:488:9: Assignment of unsigned int to int: ch = j & 0xF
                proxy/proxy_util.c: (in function ap_proxy_is_ipaddr)
                proxy/proxy_util.c:605:36: Function htonl expects arg 1 to be in_addr_t gets
                long int: ip_addr[i] << (24 - 8 * i)
                proxy/proxy_util.c:651:31: Function htonl expects arg 1 to be in_addr_t gets
                long int: ((unsigned int)0xffffffff) << (32 - bits)
                proxy/proxy_util.c: (in function proxy_match_ipaddr)
                proxy/proxy_util.c:687:34: Function htonl expects arg 1 to be in_addr_t gets
                int: ip_addr[i] << (24 - 8 * i)
                proxy/proxy_util.c: (in function ap_proxy_is_domainname)
                proxy/proxy_util.c:785:10: Assignment of arbitrary unsigned integral type to
                int: i = strlen(addr) - 1
                proxy/proxy_util.c: (in function proxy_match_domainname)
                proxy/proxy_util.c:797:17: Variable d_len initialized to type size_t, expects
                int: strlen(This->name)
                proxy/proxy_util.c:803:5: Assignment of size_t to int: h_len = strlen(host)
                proxy/proxy_util.c: (in function ap_proxy_is_hostname)
                proxy/proxy_util.c:838:10: Assignment of arbitrary unsigned integral type to
                int: i = strlen(host) - 1
                proxy/proxy_util.c: (in function proxy_match_hostname)
                proxy/proxy_util.c:858:5: Assignment of size_t to int: h2_len = strlen(host2)
                proxy/proxy_util.c:859:5: Assignment of size_t to int: h1_len = strlen(host)
                proxy/proxy_util.c: (in function ap_proxy_checkproxyblock)
                proxy/proxy_util.c:920:17: Return value (type apr_status_t) ignored:
                apr_sockaddr_ip_...
                proxy/proxy_util.c:921:17: Return value (type apr_status_t) ignored:
                apr_sockaddr_ip_...
                proxy/proxy_util.c: (in function ap_proxy_pre_http_request)
                proxy/proxy_util.c:940:5: Return value (type ap_filter_t *) ignored:
                ap_add_input_fil...
                proxy/proxy_util.c: (in function ap_proxy_cookie_reverse_map)
                proxy/proxy_util.c:1105:9: Assignment of int to size_t: poffs = pathp - str
                proxy/proxy_util.c:1107:22: Conditional clauses are not of same type:
                (pathe - pathp) (int), strlen(pathp) (size_t)
                proxy/proxy_util.c:1114:17: Assignment of arbitrary unsigned integral type to
                int: pdiff = strlen(newpath) - l1
                proxy/proxy_util.c:1122:9: Assignment of int to size_t: doffs = domainp - str
                proxy/proxy_util.c:1124:24: Conditional clauses are not of same type:
                (domaine - domainp) (int), strlen(domainp) (size_t)
                proxy/proxy_util.c:1129:63: Function strncasecmp expects arg 3 to be int gets
                size_t: l2
                proxy/proxy_util.c:1131:17: Assignment of arbitrary unsigned integral type to
                int: ddiff = strlen(newdomain) - l1
                proxy/proxy_util.c:1145:49: Function memcpy expects arg 3 to be size_t gets
                int: domainp - pathe
                proxy/proxy_util.c:1152:51: Function memcpy expects arg 3 to be size_t gets
                int: pathp - domaine
                proxy/proxy_util.c: (in function ap_proxy_add_balancer)
                proxy/proxy_util.c:1235:70: Function apr_array_make expects arg 3 to be int
                gets size_t: sizeof(proxy_worker)
                proxy/proxy_util.c: (in function ap_proxy_get_worker)
                proxy/proxy_util.c:1268:5: Assignment of size_t to int:
                url_length = strlen(url)
                proxy/proxy_util.c:1282:9: Assignment of size_t to int:
                min_match = strlen(url_copy)
                proxy/proxy_util.c:1287:9: Assignment of size_t to int:
                min_match = strlen(url_copy)
                proxy/proxy_util.c:1299:16: Assignment of size_t to int:
                worker_name_length = strlen(worker->name)
                proxy/proxy_util.c:1302:48: Function strncmp expects arg 3 to be size_t gets
                int: worker_name_length
                proxy/proxy_util.c: (in function conn_pool_cleanup)
                proxy/proxy_util.c:1317:9: Return value (type apr_status_t) ignored:
                apr_reslist_dest...
                proxy/proxy_util.c: (in function init_conn_pool)
                proxy/proxy_util.c:1334:5: Return value (type apr_status_t) ignored:
                apr_pool_create_...
                proxy/proxy_util.c: (in function ap_proxy_connect_to_backend)
                proxy/proxy_util.c:1512:38: Function apr_socket_opt_set expects arg 3 to be
                apr_int32_t gets apr_size_t: conf->recv_buffer_size
                proxy/proxy_util.c:1528:13: Return value (type apr_status_t) ignored:
                apr_socket_timeo...
                proxy/proxy_util.c:1531:14: Return value (type apr_status_t) ignored:
                apr_socket_timeo...
                proxy/proxy_util.c:1543:13: Return value (type apr_status_t) ignored:
                apr_socket_close...
                proxy/proxy_util.c: (in function connection_cleanup)
                proxy/proxy_util.c:1593:9: Return value (type apr_status_t) ignored:
                apr_reslist_rele...
                proxy/proxy_util.c: (in function connection_constructor)
                proxy/proxy_util.c:1618:5: Return value (type apr_status_t) ignored:
                apr_pool_create_...
                proxy/proxy_util.c: (in function ap_proxy_initialize_worker)
                proxy/proxy_util.c:1741:5: Return value (type apr_status_t) ignored:
                ap_mpm_query(6, ...
                proxy/proxy_util.c: (in function ap_proxy_acquire_connection)
                proxy/proxy_util.c:1849:13: Return value (type apr_status_t) ignored:
                connection_const...
                proxy/proxy_util.c: (in function ap_proxy_release_connection)
                proxy/proxy_util.c:1890:5: Return value (type apr_status_t) ignored:
                connection_clean...
                proxy/proxy_util.c: (in function ap_proxy_determine_connection)
                proxy/proxy_util.c:1963:13: Return value (type apr_status_t) ignored:
                apr_socket_close...
                proxy/proxy_util.c:2010:9: Assignment of apr_port_t to int:
                server_port = ap_get_server_port(r)
                proxy/proxy_util.c:2011:14: Operands of == have incompatible types (int,
                apr_port_t): (server_port) == ap_run_default_port(r)
                proxy/proxy_util.c:2015:42: Function apr_snprintf expects arg 2 to be
                apr_size_t gets int: server_portstr_size
                proxy/proxy_util.c: (in function is_socket_connected)
                proxy/proxy_util.c:2084:5: Return value (type apr_status_t) ignored:
                apr_socket_timeo...
                proxy/proxy_util.c:2086:5: Return value (type apr_status_t) ignored:
                apr_socket_timeo...
                proxy/proxy_util.c:2089:5: Return value (type apr_status_t) ignored:
                apr_socket_timeo...
                proxy/proxy_util.c: (in function ap_proxy_connect_backend)
                proxy/proxy_util.c:2119:13: Return value (type apr_status_t) ignored:
                apr_socket_close...
                proxy/proxy_util.c:2148:38: Function apr_socket_opt_set expects arg 3 to be
                apr_int32_t gets apr_size_t: worker->recv_buffer_size
                proxy/proxy_util.c:2164:13: Return value (type apr_status_t) ignored:
                apr_socket_timeo...
                proxy/proxy_util.c:2167:13: Return value (type apr_status_t) ignored:
                apr_socket_timeo...
                proxy/proxy_util.c:2170:14: Return value (type apr_status_t) ignored:
                apr_socket_timeo...
                proxy/proxy_util.c:2190:13: Return value (type apr_status_t) ignored:
                apr_socket_close...
                proxy/proxy_util.c: (in function ap_proxy_connection_create)
                proxy/proxy_util.c:2251:9: Return value (type apr_status_t) ignored:
                apr_socket_close...
                proxy/proxy_util.c:2287:5: Return value (type apr_status_t) ignored:
                apr_socket_timeo...
                proxy/proxy_util.c:2297:5: Return value (type apr_status_t) ignored:
                apr_socket_timeo...
                proxy/proxy_util.c: (in function ymdhms_to_seconds)
                proxy/proxy_util.c:2381:9: Assignment of long int to unsigned int:
                ret = (day - 32075) + 1461L * (year + 4800L + (mon - 14) / 12) / 4 + 367 *
                (mon - 2 - (mon - 14) / 12 * 12) / 12 - 3 * ((year + 4900L + (mon - 14) /
                12) / 100) / 4 - 2440588
                proxy/proxy_util.c:2384:9: Assignment of int to unsigned int:
                ret = 24 * ret + hour
                proxy/proxy_util.c:2385:9: Assignment of int to unsigned int:
                ret = 60 * ret + minute
                proxy/proxy_util.c:2386:9: Assignment of int to unsigned int:
                ret = 60 * ret + second
                proxy/proxy_util.c: (in function ctdb_get_date)
                proxy/proxy_util.c:2637:77: Function strncasecmp expects arg 3 to be int gets
                size_t: strlen(known_zones[i].tzName)
                proxy/proxy_util.c:2649:29: Operands of > have incompatible types (int,
                time_t): offset > result
                proxy/proxy_util.c: (in function ctdb_valid_domain)
                proxy/proxy_util.c:2723:6: Unrecognized identifier: MatchTail
                proxy/proxy_util.c:2793:14: Operands of < have incompatible types (int,
                arbitrary unsigned integral type): i < (sizeof((known_toplevel_domains)) /
                sizeof(((known_toplevel_domains)[0])))
                proxy/proxy_util.c:2808:14: Variable dlen initialized to type size_t, expects
                int: strlen(sCookieDomain)
                proxy/proxy_util.c:2809:14: Variable hlen initialized to type size_t, expects
                int: strlen(Host)
                proxy/proxy_util.c: (in function MatchTail)
                proxy/proxy_util.c:2826:7: Assignment of size_t to int: i = strlen(sString)
                proxy/proxy_util.c:2826:29: Assignment of size_t to int: j = strlen(sTail)
                proxy/proxy_util.c:2834:7: Assignment of size_t to int: i = strlen(sString)
                proxy/proxy_util.c:2834:29: Assignment of size_t to int: j = strlen(sTail)
                proxy/proxy_util.c: (in function ap_proxy_cookie_to_db)
                proxy/proxy_util.c:2891:5: Unrecognized identifier: gmtime_r
                proxy/proxy_util.c:2913:22: Unrecognized identifier: strcasestr
                proxy/proxy_util.c:2948:33: Test expression for for is assignment expression:
                pb = strchr(pb, ';')
                proxy/proxy_util.c:2975:40: Function apr_pstrndup expects arg 3 to be
                apr_size_t gets int: pe - pb
                proxy/proxy_util.c:2995:38: Function apr_pstrndup expects arg 3 to be
                apr_size_t gets int: pe - pb
                proxy/proxy_util.c:3013:48: Function apr_pstrndup expects arg 3 to be
                apr_size_t gets int: pe - pb
                proxy/proxy_util.c:3024:9: Test expression for if is assignment expression:
                pb = ap_strcasestr(str, ";secure;")
                proxy/proxy_util.c:3046:38: Function apr_pstrndup expects arg 3 to be
                apr_size_t gets int: pb - pe
                proxy/proxy_util.c:3054:39: Function apr_pstrndup expects arg 3 to be
                apr_size_t gets int: pe - pb
                proxy/proxy_util.c:3084:9: Test expression for if is assignment expression:
                error = apr_dbd_query(dbd->driver, dbd->handle, &dummy_int, query)
                proxy/proxy_util.c:3088:13: Test expression for if is assignment expression:
                error = apr_dbd_query(dbd->driver, dbd->handle, &dummy_int, query_delete)
                proxy/proxy_util.c:3093:13: Test expression for if is assignment expression:
                error = apr_dbd_query(dbd->driver, dbd->handle, &dummy_int, query)
                proxy/proxy_util.c:2854:18: Variable rv declared but not used
                proxy/proxy_util.c:2855:24: Variable res declared but not used
                proxy/proxy_util.c:2856:20: Variable row declared but not used
                proxy/proxy_util.c:2875:12: Variable len declared but not used
                
                Finished checking --- 285 code warnings
                }}}
                
                /mod_proxy/utils (excluding css_scanner.c which splint would not parse)
                
                {{{
                Splint 3.1.1 --- 28 Apr 2003
                
                utils/cr.c: (in function bin2hex)
                utils/cr.c:17:21: Operands of < have incompatible types (int, size_t): i < l
                To allow arbitrary integral types to match long unsigned, use +longintegral.
                utils/cr.c: (in function hex2bin)
                utils/cr.c:46:17: Operands of < have incompatible types (int, arbitrary
                unsigned integral type): i < strlen(s) / 2
                To allow arbitrary integral types to match any integral type, use
                +matchanyintegral.
                utils/cr.c: (in function is_hex_string)
                utils/cr.c:63:17: Operands of < have incompatible types (int, size_t): i < len
                utils/cr.c: (in function string_crypt)
                utils/cr.c:110:9: Operands of != have incompatible types (size_t, int):
                strlen(hex_key) != (2 * KEY_SIZE)
                utils/cr.c:129:28: Function memcpy expects arg 3 to be size_t gets int:
                BLOCK_SIZE
                utils/cr.c: (in function string_decrypt)
                utils/cr.c:176:9: Operands of != have incompatible types (size_t, int):
                strlen(hex_key) != (2 * KEY_SIZE)
                utils/cr.c:190:9: Operands of != have incompatible types (size_t, int):
                key_bin_len != KEY_SIZE
                utils/cr.c:196:9: Operands of < have incompatible types (size_t, int):
                ciphertext_len < (2 * BLOCK_SIZE)
                utils/cr.c:216:24: Operands of > have incompatible types (unsigned char, int):
                pad > BLOCK_SIZE
                To ignore signs in type comparisons use +ignoresigns
                utils/jsf.c: (in function str_end_with)
                utils/jsf.c:4:18: Variable l_diff initialized to type arbitrary unsigned
                integral type, expects int: strlen(str) - strlen(tail)
                utils/jsf.c: (in function jsf_init)
                utils/jsf.c:46:9: Test expression for if is assignment expression:
                c = strrchr(domain, '/')
                The condition test is an assignment expression. Probably, you mean to use ==
                instead of =. If an assignment is intended, add an extra parentheses nesting
                (e.g., if ((a = b)) ...) to suppress this message. (Use -predassign to
                inhibit warning)
                utils/jsf.c:63:9: Test expression for if is assignment expression:
                path = strstr(path, "://")
                utils/jsf.c:81:9: Test expression for if is assignment expression:
                error = apr_dbd_select(dbd->driver, p, dbd->handle, &res, query, 1)
                utils/jsf.c: (in function jsf)
                utils/jsf.c:185:25: Arrow access of non-pointer (ap_regmatch_t [10]):
                regmatch->rm_eo
                Types are incompatible. (Use -type to inhibit warning)
                utils/jsf.c:194:54: Arrow access of non-pointer (ap_regmatch_t [10]):
                regmatch->rm_so
                utils/jsf.c:198:26: Arrow access of non-pointer (ap_regmatch_t [10]):
                regmatch->rm_eo
                utils/psiphon_url.c: (in function psi_url_encode)
                utils/psiphon_url.c:38:5: Assignment of size_t to int: len = strlen(str)
                utils/psiphon_url.c:56:39: Function apr_palloc expects arg 2 to be apr_size_t
                gets int: p - str + unacceptable + unacceptable + 1
                utils/psiphon_url.c:60:27: Variable a initialized to type char, expects
                unsigned char: *p
                utils/psiphon_url.c: (in function psi_url_decode)
                utils/psiphon_url.c:75:11: Variable hex declared but not used
                A variable is declared but never used. Use /*@unused@*/ in front of
                declaration to suppress message. (Use -varuse to inhibit warning)
                utils/psiphon_url.c: (in function psi_merge_url)
                utils/psiphon_url.c:127:5: Assignment of size_t to int:
                linklength = strlen(url)
                utils/psiphon_url.c:144:38: Function apr_palloc expects arg 2 to be apr_size_t
                gets int: baselength + linklength + 1
                utils/psiphon_url.c:146:29: Function memcpy expects arg 3 to be size_t gets
                int: baselength
                utils/psiphon_url.c:147:41: Function memcpy expects arg 3 to be size_t gets
                int: linklength
                utils/psiphon_url.c:164:38: Function apr_palloc expects arg 2 to be apr_size_t
                gets int: baselength + linklength + 1
                utils/psiphon_url.c:165:29: Function memcpy expects arg 3 to be size_t gets
                int: baselength
                utils/psiphon_url.c:166:41: Function memcpy expects arg 3 to be size_t gets
                int: linklength
                utils/psiphon_url.c:184:48: Function memchr expects arg 3 to be size_t gets
                int: end - base
                utils/psiphon_url.c:194:38: Function apr_palloc expects arg 2 to be apr_size_t
                gets int: span + linklength + 1
                utils/psiphon_url.c:196:33: Function memcpy expects arg 3 to be size_t gets
                int: span
                utils/psiphon_url.c:197:35: Function memcpy expects arg 3 to be size_t gets
                int: linklength
                utils/psiphon_url.c:217:55: Function memchr expects arg 3 to be size_t gets
                int: end - pos
                utils/psiphon_url.c:252:38: Function apr_palloc expects arg 2 to be apr_size_t
                gets int: span + linklength + 1
                utils/psiphon_url.c:255:33: Function memcpy expects arg 3 to be size_t gets
                int: span
                utils/psiphon_url.c:257:35: Function memcpy expects arg 3 to be size_t gets
                int: linklength
                utils/psiphon_url.c:294:38: Function apr_palloc expects arg 2 to be apr_size_t
                gets int: span + linklength + 1
                utils/psiphon_url.c:297:33: Function memcpy expects arg 3 to be size_t gets
                int: span
                utils/psiphon_url.c:302:35: Function memcpy expects arg 3 to be size_t gets
                int: linklength
                utils/psiphon_url.c: (in function psi_proxify_url)
                utils/psiphon_url.c:354:5: Assignment of size_t to int: len = strlen(url)
                utils/psiphon_url.c: (in function encrypt_url)
                utils/psiphon_url.c:507:36: Function psi_strndup expects arg 2 to be size_t
                gets int: to_enc_e - to_enc_b
                utils/stringbuf.c: (in function stringbuf_resize)
                utils/stringbuf.c:8:16: Return value type size_t does not match declared type
                int: len
                utils/stringbuf.c:23:51: Function apr_pool_cleanup_kill expects arg 3 to be
                [function (void *) returns apr_status_t] * gets void *: (void *)free
                utils/stringbuf.c:25:35: Function apr_pool_cleanup_register expects arg 3 to be
                [function (void *) returns apr_status_t] * gets void *: (void *)free
                utils/stringbuf.c:28:12: Return value type size_t does not match declared type
                int: len
                utils/stringbuf.c: (in function stringbuf_append)
                utils/stringbuf.c:39:12: Return value type size_t does not match declared type
                int: len
                
                Finished checking --- 45 code warnings

Revision history for this message

root (n-root-psiphon-ca) wrote on 2009-06-15:

[] has contacted Coverity to request access to their Prevent scanning application.

Here's another possibility: http://www.ibm.com/developerworks/downloads/r/rsar/?S_TACT=105AGX15&S_CMP=LP

We should also run Splint 3.1.2. But it's complaining about parsing errors:

~/splint-3.1.2/bin/splint *.c -I./utils -I/usr/local/include/libxml2 -I/usr/local/apache2/include -larchpath ~/splint-3.1.2/lib -lclimportdir ~/splint-3.1.2/import -D"off64_t=long long" +posixlib -weak -gnuextensions
Splint 3.1.2 --- 15 Jun 2009

                /usr/include/sys/syslog.h:200:66: Parse Error:
                Inconsistent function parameter syntax: __gnuc_va_list :
                <any>. (For help on parse errors, see splint -help parseerrors.)
                *** Cannot continue.

To suppress the low risk errors we reviewed in 3.1.1, try a scan with these switches: +matchanyintegral, +ignoresigns, +varuse (these aren't necessarily harmless though)

Revision history for this message

root (n-root-psiphon-ca) wrote on 2009-06-15:

Download full text (57.2 KiB)

Splint 3.1.2 --- 15 Jun 2009

                mod_bluebar.c: (in function bluebar_filter)
                mod_bluebar.c:89:10: Unrecognized identifier: strncasecmp
                Identifier used in code has not been declared. (Use -unrecog to inhibit
                warning)
                mod_bluebar.c:118:5: Return value (type ap_filter_t *) ignored:
                ap_add_output_fi...
                Result returned by function call is not used. If this is intended, can cast
                result to (void) to eliminate message. (Use -retvalother to inhibit warning)
                mod_bluebar.c:132:17: Return value (type apr_status_t) ignored:
                ap_pass_brigade(...
                mod_bluebar.c:134:13: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_bluebar.c:147:5: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_bluebar.c: (in function bluebar_store_filter)
                mod_bluebar.c:160:9: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_bluebar.c:174:5: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_bluebar.c:183:5: Initializer block for bluebar_cmds[1] has 1 field, but
                command_rec has 6 fields: NULL
                Initializer does not set every field in the structure. (Use -fullinitblock to
                inhibit warning)
                mod_bluebar.c: (in function bluebar_register_hook)
                mod_bluebar.c:188:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                mod_bluebar.c:191:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                mod_deflate.c: (in function check_gzip)
                mod_deflate.c:109:14: Unrecognized identifier: strcasecmp
                mod_deflate.c: (in function deflate_out_filter)
                mod_deflate.c:695:9: Return value (type apr_status_t) ignored:
                (e)->type->read(...
                mod_deflate.c:734:5: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_deflate.c: (in function deflate_in_filter)
                mod_deflate.c:835:9: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_deflate.c:884:13: Return value (type apr_status_t) ignored:
                (bkt)->type->rea...
                mod_deflate.c:962:9: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_deflate.c:987:9: Return value (type apr_status_t) ignored:
                apr_brigade_part...
                mod_deflate.c: (in function inflate_out_filter)
                mod_deflate.c:1190:9: Return value (type apr_status_t) ignored:
                (e)->type->read(...
                mod_deflate.c:1328:5: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_deflate.c: (in function register_hooks)
                mod_deflate.c:1335:5: Return value (type ap_filter_rec_t *) ignored:
...

Splint 3.1.2 --- 15 Jun 2009
                
                mod_bluebar.c: (in function bluebar_filter)
                mod_bluebar.c:89:10: Unrecognized identifier: strncasecmp
                Identifier used in code has not been declared. (Use -unrecog to inhibit
                warning)
                mod_bluebar.c:118:5: Return value (type ap_filter_t *) ignored:
                ap_add_output_fi...
                Result returned by function call is not used. If this is intended, can cast
                result to (void) to eliminate message. (Use -retvalother to inhibit warning)
                mod_bluebar.c:132:17: Return value (type apr_status_t) ignored:
                ap_pass_brigade(...
                mod_bluebar.c:134:13: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_bluebar.c:147:5: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_bluebar.c: (in function bluebar_store_filter)
                mod_bluebar.c:160:9: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_bluebar.c:174:5: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_bluebar.c:183:5: Initializer block for bluebar_cmds[1] has 1 field, but
                command_rec has 6 fields: NULL
                Initializer does not set every field in the structure. (Use -fullinitblock to
                inhibit warning)
                mod_bluebar.c: (in function bluebar_register_hook)
                mod_bluebar.c:188:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                mod_bluebar.c:191:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                mod_deflate.c: (in function check_gzip)
                mod_deflate.c:109:14: Unrecognized identifier: strcasecmp
                mod_deflate.c: (in function deflate_out_filter)
                mod_deflate.c:695:9: Return value (type apr_status_t) ignored:
                (e)->type->read(...
                mod_deflate.c:734:5: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_deflate.c: (in function deflate_in_filter)
                mod_deflate.c:835:9: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_deflate.c:884:13: Return value (type apr_status_t) ignored:
                (bkt)->type->rea...
                mod_deflate.c:962:9: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_deflate.c:987:9: Return value (type apr_status_t) ignored:
                apr_brigade_part...
                mod_deflate.c: (in function inflate_out_filter)
                mod_deflate.c:1190:9: Return value (type apr_status_t) ignored:
                (e)->type->read(...
                mod_deflate.c:1328:5: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_deflate.c: (in function register_hooks)
                mod_deflate.c:1335:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                mod_deflate.c:1337:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                mod_deflate.c:1339:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_inpu...
                mod_deflate.c:1354:5: Initializer block for deflate_filter_cmds[5] has 1 field,
                but command_rec has 6 fields: NULL
                mod_limitsessconn.c: (in function limit_sessconn_init)
                mod_limitsessconn.c:280:2: Return value (type apr_status_t) ignored:
                ap_mpm_query(5, ...
                mod_limitsessconn.c:281:2: Return value (type apr_status_t) ignored:
                ap_mpm_query(4, ...
                mod_limitsessconn.c:282:2: Return value (type apr_status_t) ignored:
                ap_mpm_query(1, ...
                mod_limitsessconn.c:406:2: Initializer block for cmds[2] has 1 field, but
                command_rec has 6 fields: NULL
                mod_line_edit.c: (in function line_edit_filter)
                mod_line_edit.c:365:19: Return value (type apr_status_t) ignored:
                (b)->type->split...
                mod_line_edit.c:382:22: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_line_edit.c:413:10: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_line_edit.c:462:19: Return value (type apr_status_t) ignored:
                (b)->type->split...
                mod_line_edit.c:464:19: Return value (type apr_status_t) ignored:
                (b1)->type->spli...
                mod_line_edit.c:483:19: Return value (type apr_status_t) ignored:
                (b)->type->split...
                mod_line_edit.c:485:19: Return value (type apr_status_t) ignored:
                (b1)->type->spli...
                mod_line_edit.c:514:7: Return value (type apr_status_t) ignored:
                (b)->type->setas...
                mod_line_edit.c: (in function line_edit_hooks)
                mod_line_edit.c:531:4: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                mod_line_edit.c:632:4: Initializer block for line_edit_cmds[2] has 1 field, but
                command_rec has 6 fields: NULL
                mod_map_to_proxy.c:228:5: Initializer block for dir_cmds[1] has 1 field, but
                command_rec has 6 fields: NULL
                mod_post2get.c:171:18: Initializer block for dir_cmds[1] has 1 field, but
                command_rec has 6 fields: NULL
                mod_proxy_css.c: (in function proxy_css_filter)
                mod_proxy_css.c:220:25: Return value (type apr_status_t) ignored:
                (b)->type->split...
                mod_proxy_css.c:237:29: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_proxy_css.c:268:13: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_proxy_css.c:331:9: Return value (type apr_status_t) ignored:
                (b)->type->setas...
                mod_proxy_css.c: (in function proxy_css_hooks)
                mod_proxy_css.c:340:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                mod_proxy_css.c:394:5: Initializer block for proxy_css_cmds[1] has 1 field, but
                command_rec has 6 fields: NULL
                mod_proxy_html.c: (in function AP_fwrite)
                mod_proxy_html.c:158:5: Return value (type apr_status_t) ignored:
                apr_brigade_writ...
                mod_proxy_html.c: (in function pcharacters)
                mod_proxy_html.c:177:84: Return value (type apr_status_t) ignored:
                apr_brigade_puts...
                mod_proxy_html.c:178:84: Return value (type apr_status_t) ignored:
                apr_brigade_puts...
                mod_proxy_html.c:179:84: Return value (type apr_status_t) ignored:
                apr_brigade_puts...
                mod_proxy_html.c:180:84: Return value (type apr_status_t) ignored:
                apr_brigade_puts...
                mod_proxy_html.c: (in function preserve)
                mod_proxy_html.c:200:62: Function apr_pool_cleanup_kill expects arg 3 to be
                [function (void *) returns apr_status_t] * gets void *: (void *)free
                Types are incompatible. (Use -type to inhibit warning)
                mod_proxy_html.c:202:13: Function apr_pool_cleanup_register expects arg 3 to be
                [function (void *) returns apr_status_t] * gets void *: (void *)free
                mod_proxy_html.c: (in function pendElement)
                mod_proxy_html.c:483:9: Return value (type apr_status_t) ignored:
                ap_fprintf(ctx->...
                mod_proxy_html.c: (in function pstartElement)
                mod_proxy_html.c:541:5: Return value (type apr_status_t) ignored:
                apr_brigade_putc...
                mod_proxy_html.c:542:5: Return value (type apr_status_t) ignored:
                apr_brigade_puts...
                mod_proxy_html.c:811:17: Return value (type apr_status_t) ignored:
                ap_fputstrs(ctx-...
                mod_proxy_html.c:817:17: Return value (type apr_status_t) ignored:
                ap_fputstrs(ctx-...
                mod_proxy_html.c:819:17: Return value (type apr_status_t) ignored:
                apr_brigade_putc...
                mod_proxy_html.c:830:13: Return value (type apr_status_t) ignored:
                ap_fputstrs(ctx-...
                mod_proxy_html.c:841:13: Return value (type apr_status_t) ignored:
                ap_fputstrs(ctx-...
                mod_proxy_html.c:845:9: Return value (type apr_status_t) ignored:
                apr_brigade_puts...
                mod_proxy_html.c:847:9: Return value (type apr_status_t) ignored:
                apr_brigade_putc...
                mod_proxy_html.c: (in function pprocessingInstruction)
                mod_proxy_html.c:858:9: Return value (type apr_status_t) ignored:
                ap_fputstrs(ctx-...
                mod_proxy_html.c:862:13: Return value (type apr_status_t) ignored:
                ap_fputstrs(ctx-...
                mod_proxy_html.c:865:9: Return value (type apr_status_t) ignored:
                apr_brigade_puts...
                mod_proxy_html.c: (in function pinternalSubset)
                mod_proxy_html.c:877:9: Return value (type apr_status_t) ignored:
                ap_fputstrs(ctx-...
                mod_proxy_html.c:881:13: Return value (type apr_status_t) ignored:
                ap_fprintf(ctx->...
                mod_proxy_html.c:885:17: Return value (type apr_status_t) ignored:
                ap_fprintf(ctx->...
                mod_proxy_html.c:889:9: Return value (type apr_status_t) ignored:
                apr_brigade_puts...
                mod_proxy_html.c: (in function proxy_html_filter)
                mod_proxy_html.c:1009:17: Return value (type apr_status_t) ignored:
                ap_pass_brigade(...
                mod_proxy_html.c:1015:21: Return value (type apr_status_t) ignored:
                ap_fflush(ctxt->...
                mod_proxy_html.c:1045:21: Function apr_pool_cleanup_register expects arg 3 to
                be [function (void *) returns apr_status_t] * gets void *:
                (void *)htmlFreeParserCtxt
                mod_proxy_html.c:1064:5: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_proxy_html.c:1156:5: Initializer block for proxy_html_cmds[5] has 1 field,
                but command_rec has 6 fields: NULL
                mod_proxy_html.c: (in function proxy_html_hooks)
                mod_proxy_html.c:1177:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                mod_proxy_js.c: (in function proxy_js_filter)
                mod_proxy_js.c:134:13: Return value (type apr_status_t) ignored:
                apr_brigade_dest...
                mod_proxy_js.c:226:25: Return value (type apr_status_t) ignored:
                (b)->type->split...
                mod_proxy_js.c:243:29: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_proxy_js.c:274:13: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_proxy_js.c:324:9: Return value (type apr_status_t) ignored:
                (b)->type->setas...
                mod_proxy_js.c: (in function proxy_js_hooks)
                mod_proxy_js.c:333:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                mod_proxy_js.c:387:5: Initializer block for proxy_js_cmds[1] has 1 field, but
                command_rec has 6 fields: NULL
                mod_psiphon_auth.c: (in function pa_bin2hex)
                mod_psiphon_auth.c:91:9: Buffer overflow possible with sprintf.  Recommend
                using snprintf instead: sprintf
                Use of function that may lead to buffer overflow. (Use -bufferoverflowhigh to
                inhibit warning)
                mod_psiphon_auth.c:307:5: Initializer block for dir_cmds[2] has 1 field, but
                command_rec has 6 fields: NULL
                mod_psiphon_db_to_cookie.c: (in function dbtc)
                mod_psiphon_db_to_cookie.c:103:5: Unrecognized identifier: gmtime_r
                mod_psiphon_db_to_cookie.c:125:22: Unrecognized identifier: strcasestr
                mod_psiphon_db_to_cookie.c:256:5: Initializer block for dir_cmds[1] has 1
                field, but command_rec has 6 fields: NULL
                mod_template.c:65:5: Initializer block for dir_cmds[1] has 1 field, but
                command_rec has 6 fields: NULL
                mod_test.c:251:5: Initializer block for dir_cmds[1] has 1 field, but
                command_rec has 6 fields: NULL
                mod_xml2enc.c: (in function xml2enc_ffunc)
                mod_xml2enc.c:270:21: Return value (type apr_status_t) ignored:
                (b)->type->setas...
                mod_xml2enc.c:293:9: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                mod_xml2enc.c:308:17: Return value (type apr_status_t) ignored:
                ap_pass_brigade(...
                mod_xml2enc.c:310:17: Return value (type apr_status_t) ignored:
                ap_fflush(f->nex...
                mod_xml2enc.c:336:25: Return value (type apr_status_t) ignored:
                (b)->type->setas...
                mod_xml2enc.c:380:21: Return value (type apr_status_t) ignored:
                apr_brigade_writ...
                mod_xml2enc.c:403:29: Return value (type apr_status_t) ignored:
                ap_fflush(f->nex...
                mod_xml2enc.c: (in function xml2enc_hooks)
                mod_xml2enc.c:422:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                mod_xml2enc.c:449:44: Initializer block for xml2enc_cmds[4] has 1 field, but
                command_rec has 6 fields: NULL
                
                Finished checking --- 98 code warnings
                }}}
                
                /mod_proxy/util (skipping css_scanner.c)
                
                {{{
                Splint 3.1.2 --- 15 Jun 2009
                
                utils/jsf.c: (in function str_end_with)
                utils/jsf.c:6:29: Unrecognized identifier: strcasecmp
                Identifier used in code has not been declared. (Use -unrecog to inhibit
                warning)
                utils/jsf.c: (in function jsf)
                utils/jsf.c:185:25: Arrow access of non-pointer (ap_regmatch_t [10]):
                regmatch->rm_eo
                Types are incompatible. (Use -type to inhibit warning)
                utils/jsf.c:194:54: Arrow access of non-pointer (ap_regmatch_t [10]):
                regmatch->rm_so
                utils/jsf.c:198:26: Arrow access of non-pointer (ap_regmatch_t [10]):
                regmatch->rm_eo
                utils/stringbuf.c: (in function stringbuf_resize)
                utils/stringbuf.c:23:51: Function apr_pool_cleanup_kill expects arg 3 to be
                [function (void *) returns apr_status_t] * gets void *: (void *)free
                utils/stringbuf.c:25:35: Function apr_pool_cleanup_register expects arg 3 to be
                [function (void *) returns apr_status_t] * gets void *: (void *)free
                
                Finished checking --- 6 code warnings
                }}}
                
                /mod_proxy/proxy
                
                {{{
                Splint 3.1.2 --- 15 Jun 2009
                
                proxy/mod_proxy_http.c:707:12: Comment starts inside comment
                A comment open sequence (/*) appears within a comment.  This usually means an
                earlier comment was not closed. (Use -nestcomment to inhibit warning)
                proxy/mod_proxy_http.c:714:12: Comment starts inside comment
                proxy/mod_proxy.c: (in function set_worker_param)
                proxy/mod_proxy.c:74:10: Unrecognized identifier: strcasecmp
                Identifier used in code has not been declared. (Use -unrecog to inhibit
                warning)
                proxy/mod_proxy.c:90:47: Unrecognized identifier: INT64_C
                proxy/mod_proxy.c: (in function proxy_handler)
                proxy/mod_proxy.c:792:21: Unrecognized identifier: strncasecmp
                proxy/mod_proxy.c:1913:19: Initializer block for proxy_cmds[26] has 1 field,
                but command_rec has 6 fields: NULL
                Initializer does not set every field in the structure. (Use -fullinitblock to
                inhibit warning)
                proxy/mod_proxy.c: (in function ap_proxy_ssl_enable)
                proxy/mod_proxy.c:1928:20: Call to non-function (type apr_OFN_ssl_proxy_enable_t
                *): proxy_ssl_enable
                Types are incompatible. (Use -type to inhibit warning)
                proxy/mod_proxy.c: (in function ap_proxy_ssl_disable)
                proxy/mod_proxy.c:1937:16: Call to non-function (type apr_OFN_ssl_engine_disable
                _t *): proxy_ssl_disable
                proxy/mod_proxy.c: (in function ap_proxy_conn_is_https)
                proxy/mod_proxy.c:1946:16: Call to non-function (type apr_OFN_ssl_is_https_t
                *): proxy_is_https
                proxy/mod_proxy.c: (in function ap_proxy_ssl_val)
                proxy/mod_proxy.c:1958:30: Call to non-function (type apr_OFN_ssl_var_lookup_t
                *): proxy_ssl_val
                proxy/mod_proxy.c: (in function proxy_post_config)
                proxy/mod_proxy.c:1968:54: Cast from non-function pointer type
                (apr_OFN_ssl_proxy_enable_t *) to function pointer (apr_opt_fn_t *):
                (apr_OFN_ssl_proxy_enable_t *)apr_dynamic_fn_retrieve("ssl_proxy_enable")
                A pointer to a function is cast to (or used as) a pointer to void (or vice
                versa). (Use -castfcnptr to inhibit warning)
                proxy/mod_proxy.c:1969:57: Cast from non-function pointer type
                (apr_OFN_ssl_engine_disable_t *) to function pointer (apr_opt_fn_t *):
                (apr_OFN_ssl_engine_disable_t *)apr_dynamic_fn_retrieve("ssl_engine_disable"
                )
                proxy/mod_proxy.c:1970:48: Cast from non-function pointer type
                (apr_OFN_ssl_is_https_t *) to function pointer (apr_opt_fn_t *):
                (apr_OFN_ssl_is_https_t *)apr_dynamic_fn_retrieve("ssl_is_https")
                proxy/mod_proxy.c:1971:49: Cast from non-function pointer type
                (apr_OFN_ssl_var_lookup_t *) to function pointer (apr_opt_fn_t *):
                (apr_OFN_ssl_var_lookup_t *)apr_dynamic_fn_retrieve("ssl_var_lookup")
                proxy/mod_proxy.c: (in function child_init)
                proxy/mod_proxy.c:2074:13: Return value (type apr_status_t) ignored:
                ap_proxy_initial...
                Result returned by function call is not used. If this is intended, can cast
                result to (void) to eliminate message. (Use -retvalother to inhibit warning)
                proxy/mod_proxy.c:2080:13: Return value (type apr_status_t) ignored:
                ap_proxy_initial...
                proxy/mod_proxy.c:2092:13: Return value (type apr_status_t) ignored:
                ap_proxy_initial...
                proxy/mod_proxy.c: (in function register_hooks)
                proxy/mod_proxy.c:2129:54: Variable apu__opt initialized to type [function
                (void) returns int], expects apr_OFN_ap_proxy_lb_workers_t *:
                ap_proxy_lb_workers
                proxy/mod_proxy.c:2129:139: Cast from non-function pointer type (apr_opt_fn_t
                *) to function pointer (apr_OFN_ap_proxy_lb_workers_t *):
                (apr_opt_fn_t *)apu__opt
                proxy/mod_proxy.c: (in function proxy_run_scheme_handler)
                proxy/mod_proxy.c:2172:321: Call to non-function (type proxy_HOOK_scheme_handler
                _t *): pHook[n].pFunc
                proxy/mod_proxy.c: (in function proxy_run_canon_handler)
                proxy/mod_proxy.c:2175:322: Call to non-function (type proxy_HOOK_canon_handler_
                t *): pHook[n].pFunc
                proxy/mod_proxy.c: (in function proxy_run_pre_request)
                proxy/mod_proxy.c:2182:296: Call to non-function (type proxy_HOOK_pre_request_t
                *): pHook[n].pFunc
                proxy/mod_proxy.c: (in function proxy_run_post_request)
                proxy/mod_proxy.c:2188:315: Call to non-function (type proxy_HOOK_post_request_t
                *): pHook[n].pFunc
                proxy/mod_proxy.c: (in function proxy_run_fixups)
                proxy/mod_proxy.c:2192:141: Call to non-function (type proxy_HOOK_fixups_t *):
                (pHook[n].pFunc)
                proxy/mod_proxy.c: (in function proxy_run_request_status)
                proxy/mod_proxy.c:2195:149: Call to non-function (type proxy_HOOK_request_status
                _t *): (pHook[n].pFunc)
                proxy/mod_proxy_connect.c: (in function proxy_connect_handler)
                proxy/mod_proxy_connect.c:232:9: Return value (type apr_status_t) ignored:
                apr_socket_send(...
                proxy/mod_proxy_connect.c:235:9: Return value (type apr_status_t) ignored:
                apr_socket_send(...
                proxy/mod_proxy_connect.c:243:9: Return value (type apr_status_t) ignored:
                apr_socket_send(...
                proxy/mod_proxy_connect.c:247:9: Return value (type apr_status_t) ignored:
                apr_socket_send(...
                proxy/mod_proxy_connect.c:271:9: Return value (type apr_status_t) ignored:
                apr_socket_close...
                proxy/mod_proxy_connect.c:283:5: Return value (type apr_status_t) ignored:
                apr_pollset_add(...
                proxy/mod_proxy_connect.c:287:5: Return value (type apr_status_t) ignored:
                apr_pollset_add(...
                proxy/mod_proxy_connect.c:291:13: Return value (type apr_status_t) ignored:
                apr_socket_close...
                proxy/mod_proxy_connect.c:388:5: Return value (type apr_status_t) ignored:
                apr_socket_close...
                proxy/mod_proxy_ftp.c: (in function proxy_send_dir_filter)
                proxy/mod_proxy_ftp.c:365:9: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_ftp.c:405:21: Return value (type apr_status_t) ignored:
                (e)->type->split...
                proxy/mod_proxy_ftp.c:415:13: Return value (type char *) ignored:
                apr_cpystrn(ctx-...
                proxy/mod_proxy_ftp.c:530:712: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:534:9: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_ftp.c:544:709: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:544:709: Warning:
                reference base limit exceeded for *out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:544:709: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:544:709: Warning:
                reference base limit exceeded for *out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:544:709: Warning:
                reference base limit exceeded for out->list. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:544:709: Warning:
                reference base limit exceeded for out->list.next. This either means there
                is a variable with at least 25 indirections from this reference, or there
                is a bug in Splint.
                proxy/mod_proxy_ftp.c:544:897: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:545:498: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:545:712: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:545:712: Warning:
                reference base limit exceeded for *out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:545:712: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:545:712: Warning:
                reference base limit exceeded for *out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:545:712: Warning:
                reference base limit exceeded for out->list. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:545:712: Warning:
                reference base limit exceeded for out->list.next. This either means there
                is a variable with at least 25 indirections from this reference, or there
                is a bug in Splint.
                proxy/mod_proxy_ftp.c:545:712: Warning:
                reference base limit exceeded for out->list.next.link. This either means
                there is a variable with at least 25 indirections from this reference, or
                there is a bug in Splint.
                proxy/mod_proxy_ftp.c:545:712: Warning:
                reference base limit exceeded for out->list.next. This either means there
                is a variable with at least 25 indirections from this reference, or there
                is a bug in Splint.
                proxy/mod_proxy_ftp.c:545:712: Warning:
                reference base limit exceeded for out->list.next.link. This either means
                there is a variable with at least 25 indirections from this reference, or
                there is a bug in Splint.
                proxy/mod_proxy_ftp.c:545:712: Warning:
                reference base limit exceeded for out->list.next.link.prev. This either
                means there is a variable with at least 25 indirections from this
                reference, or there is a bug in Splint.
                proxy/mod_proxy_ftp.c:545:712: Warning:
                reference base limit exceeded for *(out->list.next.link.prev). This either
                means there is a variable with at least 25 indirections from this
                reference, or there is a bug in Splint.
                proxy/mod_proxy_ftp.c:545:900: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:545:900: Warning:
                reference base limit exceeded for *out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:545:900: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:545:900: Warning:
                reference base limit exceeded for *out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:545:900: Warning:
                reference base limit exceeded for out->list. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:545:900: Warning:
                reference base limit exceeded for out->list.next. This either means there
                is a variable with at least 25 indirections from this reference, or there
                is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:496: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:496: Warning:
                reference base limit exceeded for *out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:496: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:496: Warning:
                reference base limit exceeded for *out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:496: Warning:
                reference base limit exceeded for out->list. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:496: Warning:
                reference base limit exceeded for ap__b. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:496: Warning:
                reference base limit exceeded for out->list.next. This either means there
                is a variable with at least 25 indirections from this reference, or there
                is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for *out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for *out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for out->list. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for out->list.next. This either means there
                is a variable with at least 25 indirections from this reference, or there
                is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for out->list.next.link. This either means
                there is a variable with at least 25 indirections from this reference, or
                there is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for out->list.next. This either means there
                is a variable with at least 25 indirections from this reference, or there
                is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for out->list.next.link. This either means
                there is a variable with at least 25 indirections from this reference, or
                there is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for out->list.next.link.prev. This either
                means there is a variable with at least 25 indirections from this
                reference, or there is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for *(out->list.next.link.prev). This either
                means there is a variable with at least 25 indirections from this
                reference, or there is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for out->list.next.link.prev->link. This
                either means there is a variable with at least 25 indirections from this
                reference, or there is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for *(out->list.next.link.prev). This either
                means there is a variable with at least 25 indirections from this
                reference, or there is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for out->list.next.link.prev->link. This
                either means there is a variable with at least 25 indirections from this
                reference, or there is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:710: Warning:
                reference base limit exceeded for ap__b. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:898: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:898: Warning:
                reference base limit exceeded for *out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:898: Warning:
                reference base limit exceeded for out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:898: Warning:
                reference base limit exceeded for *out. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:898: Warning:
                reference base limit exceeded for out->list. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:546:898: Warning:
                reference base limit exceeded for out->list.next. This either means there
                is a variable with at least 25 indirections from this reference, or there
                is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:898: Warning:
                reference base limit exceeded for out->list.next.link. This either means
                there is a variable with at least 25 indirections from this reference, or
                there is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:898: Warning:
                reference base limit exceeded for out->list.next. This either means there
                is a variable with at least 25 indirections from this reference, or there
                is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:898: Warning:
                reference base limit exceeded for out->list.next.link. This either means
                there is a variable with at least 25 indirections from this reference, or
                there is a bug in Splint.
                proxy/mod_proxy_ftp.c:546:898: Warning:
                reference base limit exceeded for ap__b. This either means there is a
                variable with at least 25 indirections from this reference, or there is a
                bug in Splint.
                proxy/mod_proxy_ftp.c:550:9: Return value (type apr_status_t) ignored:
                apr_brigade_dest...
                proxy/mod_proxy_ftp.c: (in function proxy_ftp_command)
                proxy/mod_proxy_ftp.c:573:9: Return value (type apr_status_t) ignored:
                ap_pass_brigade(...
                proxy/mod_proxy_ftp.c:576:9: Return value (type char *) ignored:
                apr_cpystrn(mess...
                proxy/mod_proxy_ftp.c: (in function ftp_set_TYPE)
                proxy/mod_proxy_ftp.c:631:34: Body of if statement is empty
                If statement has no body. (Use -ifempty to inhibit warning)
                proxy/mod_proxy_ftp.c: (in function ftp_proxyerror)
                proxy/mod_proxy_ftp.c:710:5: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c: (in function proxy_ftp_handler)
                proxy/mod_proxy_ftp.c:937:9: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:944:13: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1019:9: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1029:13: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1053:13: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1191:21: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1211:17: Return value (type apr_status_t) ignored:
                apr_socket_addr_...
                proxy/mod_proxy_ftp.c:1212:17: Return value (type apr_status_t) ignored:
                apr_sockaddr_ip_...
                proxy/mod_proxy_ftp.c:1213:17: Return value (type apr_status_t) ignored:
                apr_sockaddr_inf...
                proxy/mod_proxy_ftp.c:1227:17: Return value (type apr_status_t) ignored:
                apr_socket_close...
                proxy/mod_proxy_ftp.c:1285:21: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1305:17: Return value (type apr_status_t) ignored:
                apr_sockaddr_inf...
                proxy/mod_proxy_ftp.c:1319:17: Return value (type apr_status_t) ignored:
                apr_socket_close...
                proxy/mod_proxy_ftp.c:1335:13: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1338:9: Return value (type apr_status_t) ignored:
                apr_socket_addr_...
                proxy/mod_proxy_ftp.c:1340:9: Return value (type apr_status_t) ignored:
                apr_sockaddr_ip_...
                proxy/mod_proxy_ftp.c:1347:13: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1352:9: Return value (type apr_status_t) ignored:
                apr_sockaddr_inf...
                proxy/mod_proxy_ftp.c:1357:13: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1365:13: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1550:17: Unrecognized identifier: timegm
                proxy/mod_proxy_ftp.c:1647:5: Return value (type apr_status_t) ignored:
                apr_rfc822_date(...
                proxy/mod_proxy_ftp.c:1677:9: Return value (type apr_status_t) ignored:
                apr_rfc822_date(...
                proxy/mod_proxy_ftp.c:1711:17: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1727:9: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1738:9: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1767:9: Return value (type ap_filter_t *) ignored:
                ap_add_output_fi...
                proxy/mod_proxy_ftp.c:1795:17: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_ftp.c:1807:17: Return value (type apr_status_t) ignored:
                apr_socket_close...
                proxy/mod_proxy_ftp.c:1829:13: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_ftp.c:1842:9: Return value (type apr_status_t) ignored:
                apr_socket_close...
                proxy/mod_proxy_ftp.c:1849:5: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_ftp.c:1865:5: Return value (type apr_status_t) ignored:
                proxy_ftp_cleanu...
                proxy/mod_proxy_ftp.c:1867:5: Return value (type apr_status_t) ignored:
                apr_brigade_dest...
                proxy/mod_proxy_ftp.c: (in function ap_proxy_ftp_register_hook)
                proxy/mod_proxy_ftp.c:1877:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                proxy/mod_proxy_http.c: (in function pass_brigade)
                proxy/mod_proxy_http.c:181:5: Return value (type apr_status_t) ignored:
                apr_brigade_leng...
                proxy/mod_proxy_http.c:191:5: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_http.c: (in function stream_reqbody_chunked)
                proxy/mod_proxy_http.c:228:9: Return value (type apr_status_t) ignored:
                apr_brigade_leng...
                proxy/mod_proxy_http.c: (in function stream_reqbody_cl)
                proxy/mod_proxy_http.c:345:9: Return value (type apr_status_t) ignored:
                apr_brigade_leng...
                proxy/mod_proxy_http.c: (in function spool_reqbody_cl)
                proxy/mod_proxy_http.c:460:9: Return value (type apr_status_t) ignored:
                apr_brigade_leng...
                proxy/mod_proxy_http.c:474:17: Return value (type apr_status_t) ignored:
                apr_filepath_mer...
                proxy/mod_proxy_http.c:491:17: Return value (type apr_status_t) ignored:
                (e)->type->read(...
                proxy/mod_proxy_http.c:507:13: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_http.c:558:17: Return value (type apr_status_t) ignored:
                (e)->type->copy(...
                proxy/mod_proxy_http.c: (in function ap_proxy_http_request)
                proxy/mod_proxy_http.c:880:9: Return value (type apr_status_t) ignored:
                apr_brigade_leng...
                proxy/mod_proxy_http.c: (in function ap_proxygetline)
                proxy/mod_proxy_http.c:1217:5: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_http.c: (in function ap_proxy_http_process_response)
                proxy/mod_proxy_http.c:1327:9: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_http.c:1386:26: Function apr_table_do expects arg 1 to be
                apr_table_do_callback_fn_t * gets [function (void *, char *, char *)
                returns int]: addit_dammit
                proxy/mod_proxy_http.c:1422:26: Function apr_table_do expects arg 1 to be
                apr_table_do_callback_fn_t * gets [function (void *, char *, char *)
                returns int]: addit_dammit
                proxy/mod_proxy_http.c:1533:20: Likely parse error:
                syntactic comment token spans multiple lines:   FIXME:
                Code cannot be parsed.  For help on parse errors, see splint -help
                parseerrors. (Use -syntax to inhibit warning)
                proxy/mod_proxy_http.c:1533:20: Likely parse error:
                syntactic comment token spans multiple lines:   FIXME:
                * At this point in response processing of a 0.9 response,
                proxy/mod_proxy_http.c:1533:20: Likely parse error:
                syntactic comment token spans multiple lines:   FIXME:
                * At this point in response processing of a 0.9 response,
                * we don't know yet whether data is binary or not.
                proxy/mod_proxy_http.c:1533:20: Likely parse error:
                syntactic comment token spans multiple lines:   FIXME:
                * At this point in response processing of a 0.9 response,
                * we don't know yet whether data is binary or not.
                * mod_charset_lite will get control later on, so it cannot
                proxy/mod_proxy_http.c:1533:20: Likely parse error:
                syntactic comment token spans multiple lines:   FIXME:
                * At this point in response processing of a 0.9 response,
                * we don't know yet whether data is binary or not.
                * mod_charset_lite will get control later on, so it cannot
                * decide on the conversion of this buffer full of data.
                proxy/mod_proxy_http.c:1533:20: Likely parse error:
                syntactic comment token spans multiple lines:   FIXME:
                * At this point in response processing of a 0.9 response,
                * we don't know yet whether data is binary or not.
                * mod_charset_lite will get control later on, so it cannot
                * decide on the conversion of this buffer full of data.
                * However, chances are that we are not really talking to
                an
                proxy/mod_proxy_http.c:1533:20: Likely parse error:
                syntactic comment token spans multiple lines:   FIXME:
                * At this point in response processing of a 0.9 response,
                * we don't know yet whether data is binary or not.
                * mod_charset_lite will get control later on, so it cannot
                * decide on the conversion of this buffer full of data.
                * However, chances are that we are not really talking to
                an
                * HTTP/0.9 server, but to some different protocol,
                therefore
                proxy/mod_proxy_http.c:1533:20: Likely parse error:
                syntactic comment token spans multiple lines:   FIXME:
                * At this point in response processing of a 0.9 response,
                * we don't know yet whether data is binary or not.
                * mod_charset_lite will get control later on, so it cannot
                * decide on the conversion of this buffer full of data.
                * However, chances are that we are not really talking to
                an
                * HTTP/0.9 server, but to some different protocol,
                therefore
                * the best guess IMHO is to always treat the buffer as
                "text/x":
                proxy/mod_proxy_http.c:1533:20: Semantic comment unrecognized:   FIXME:
                Word after a stylized comment marker does not correspond to a stylized
                comment. (Use -unrecogcomments to inhibit warning)
                proxy/mod_proxy_http.c:1596:25: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_http.c:1611:25: Return value (type apr_status_t) ignored:
                ap_pass_brigade(...
                proxy/mod_proxy_http.c:1619:21: Return value (type apr_status_t) ignored:
                apr_brigade_leng...
                proxy/mod_proxy_http.c:1630:25: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_http.c:1649:21: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_http.c:1669:13: Return value (type apr_status_t) ignored:
                apr_brigade_clea...
                proxy/mod_proxy_http.c: (in function proxy_http_handler)
                proxy/mod_proxy_http.c:1839:9: Return value (type apr_status_t) ignored:
                ap_proxy_http_cl...
                proxy/proxy_util.c: (in function proxy_run_create_req)
                proxy/proxy_util.c:49:144: Call to non-function (type proxy_HOOK_create_req_t
                *): (pHook[n].pFunc)
                proxy/proxy_util.c: (in function ap_proxy_checkproxyblock)
                proxy/proxy_util.c:920:17: Return value (type apr_status_t) ignored:
                apr_sockaddr_ip_...
                proxy/proxy_util.c:921:17: Return value (type apr_status_t) ignored:
                apr_sockaddr_ip_...
                proxy/proxy_util.c: (in function ap_proxy_pre_http_request)
                proxy/proxy_util.c:940:5: Return value (type ap_filter_t *) ignored:
                ap_add_input_fil...
                proxy/proxy_util.c: (in function conn_pool_cleanup)
                proxy/proxy_util.c:1317:9: Return value (type apr_status_t) ignored:
                apr_reslist_dest...
                proxy/proxy_util.c: (in function init_conn_pool)
                proxy/proxy_util.c:1334:5: Return value (type apr_status_t) ignored:
                apr_pool_create_...
                proxy/proxy_util.c: (in function ap_proxy_connect_to_backend)
                proxy/proxy_util.c:1528:13: Return value (type apr_status_t) ignored:
                apr_socket_timeo...
                proxy/proxy_util.c:1531:14: Return value (type apr_status_t) ignored:
                apr_socket_timeo...
                proxy/proxy_util.c:1543:13: Return value (type apr_status_t) ignored:
                apr_socket_close...
                proxy/proxy_util.c: (in function connection_cleanup)
                proxy/proxy_util.c:1593:9: Return value (type apr_status_t) ignored:
                apr_reslist_rele...
                proxy/proxy_util.c: (in function connection_constructor)
                proxy/proxy_util.c:1618:5: Return value (type apr_status_t) ignored:
                apr_pool_create_...
                proxy/proxy_util.c: (in function ap_proxy_initialize_worker)
                proxy/proxy_util.c:1741:5: Return value (type apr_status_t) ignored:
                ap_mpm_query(6, ...
                proxy/proxy_util.c: (in function ap_proxy_acquire_connection)
                proxy/proxy_util.c:1849:13: Return value (type apr_status_t) ignored:
                connection_const...
                proxy/proxy_util.c: (in function ap_proxy_release_connection)
                proxy/proxy_util.c:1890:5: Return value (type apr_status_t) ignored:
                connection_clean...
                proxy/proxy_util.c: (in function ap_proxy_determine_connection)
                proxy/proxy_util.c:1963:13: Return value (type apr_status_t) ignored:
                apr_socket_close...
                proxy/proxy_util.c: (in function ap_proxy_connect_backend)
                proxy/proxy_util.c:2119:13: Return value (type apr_status_t) ignored:
                apr_socket_close...
                proxy/proxy_util.c:2164:13: Return value (type apr_status_t) ignored:
                apr_socket_timeo...
                proxy/proxy_util.c:2167:13: Return value (type apr_status_t) ignored:
                apr_socket_timeo...
                proxy/proxy_util.c:2170:14: Return value (type apr_status_t) ignored:
                apr_socket_timeo...
                proxy/proxy_util.c:2190:13: Return value (type apr_status_t) ignored:
                apr_socket_close...
                proxy/proxy_util.c: (in function ap_proxy_connection_create)
                proxy/proxy_util.c:2251:9: Return value (type apr_status_t) ignored:
                apr_socket_close...
                proxy/proxy_util.c:2287:5: Return value (type apr_status_t) ignored:
                apr_socket_timeo...
                proxy/proxy_util.c:2297:5: Return value (type apr_status_t) ignored:
                apr_socket_timeo...
                proxy/proxy_util.c: (in function ctdb_valid_domain)
                proxy/proxy_util.c:2723:6: Unrecognized identifier: MatchTail
                proxy/proxy_util.c: (in function ap_proxy_cookie_to_db)
                proxy/proxy_util.c:2891:5: Unrecognized identifier: gmtime_r
                proxy/proxy_util.c:2913:22: Unrecognized identifier: strcasestr
                
                Finished checking --- 134 code warnings
                }}}
                
                /mod_proxy/transform
                
                {{{
                Splint 3.1.2 --- 15 Jun 2009
                
                transform/mod_transform.c: (in function transform_run)
                transform/mod_transform.c:127:9: Return value (type xmlParserInputBufferCreateFi
                lenameFunc) ignored: xmlParserInputBu...
                Result returned by function call is not used. If this is intended, can cast
                result to (void) to eliminate message. (Use -retvalother to inhibit warning)
                transform/mod_transform.c:136:9: Return value (type xmlParserInputBufferCreateFi
                lenameFunc) ignored: xmlParserInputBu...
                transform/mod_transform.c:189:5: Return value (type xmlParserInputBufferCreateFi
                lenameFunc) ignored: xmlParserInputBu...
                transform/mod_transform.c:191:5: Return value (type apr_status_t) ignored:
                ap_pass_brigade(...
                transform/mod_transform.c: (in function transform_filter)
                transform/mod_transform.c:247:5: Return value (type apr_status_t) ignored:
                apr_brigade_dest...
                transform/mod_transform.c: (in function add_opts)
                transform/mod_transform.c:370:14: Unrecognized identifier: strcasecmp
                Identifier used in code has not been declared. (Use -unrecog to inhibit
                warning)
                transform/mod_transform.c: (in function transform_hooks)
                transform/mod_transform.c:436:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                transform/mod_transform.c:438:5: Return value (type ap_filter_rec_t *) ignored:
                ap_register_outp...
                transform/mod_transform.c:454:5: Initializer block for transform_cmds[3] has 1
                field, but command_rec has 6 fields: NULL
                Initializer does not set every field in the structure. (Use -fullinitblock to
                inhibit warning)
                transform/transform_io.c: (in function transform_xmlio_output_write)
                transform/transform_io.c:44:9: Return value (type apr_status_t) ignored:
                apr_brigade_writ...
                transform/transform_io.c: (in function find_relative_uri)
                transform/transform_io.c:150:13: Return value (type apr_status_t) ignored:
                apr_uri_parse(f-...
                transform/transform_io.c:153:13: Return value (type apr_status_t) ignored:
                ex_apr_uri_resol...
                transform/transform_io.c: (in function transform_input_from_subrequest)
                transform/transform_io.c:233:5: Return value (type apr_status_t) ignored:
                apr_pool_create_...
                transform/transform_io.c:249:5: Return value (type ap_filter_t *) ignored:
                ap_add_output_fi...
                
                Finished checking --- 14 code warnings

Revision history for this message

root (n-root-psiphon-ca) wrote on 2009-06-24:

Here are comments from manual code review of mod_headers:

                ---------- Forwarded message ----------
                Date: Fri, Jun 19, 2009 at 4:09 PM
                Subject: mod_header review

Here are my comments:

psiphon_headers_utils.c

                * What's the source of the util functions? If from well-regarded open
                source project, then maybe I don't need to dig into all the time calc
                and parsing stuff and can assume it's ok (which I did). But then we
                need to put proper attribution and copyright notices, etc.

mod_psiphon_headers.c

                * Query logic around line 579 and on is weird. In the query =
                query_delete case, it looks like SQL DELETE will be attempted 3 times
                in the case of a low-level database error. Should check for "rows
                affected" separately from database error checks. Also, may be better
                to do UPDATE instead of DELETE/INSERT.

                * There's a lot of low level string manipulation in this code. I
                can't be certain it's all free from buffer overflow type issues. More
                use of string library routines (can we use C++ here?) would be nice in
                the future.

* apr_dbd_escape may not be as secure as parameterized queries (as is
the case in PHP)

* Add limit for domain depth (a.b.c.d.....com) to 10 or so? Line 256.

                * Comment explaining magic limit of 20 cookies. Comments explaining
                domain logic in line 256, path logic in line 299. More comments would
                be good in general. Link to any relevant specs or discussions (e.g.,
                http://en.wikipedia.org/wiki/HTTP_cookie). Showing how an example is
                processed (e.g., a.b.c.org/x/y/z) would be helpful.

                * As we just discussed, line 269 "query = apr_pstrcat(r->pool, query,
                " order by id desc", NULL);" should actually order by len(domain) or
                something to ensure that the hash table logic around line 279 respects
                the correct precedence rules for cookies with same key, different
                domain level.

Here are comments from manual code review of mod_headers:
                
                
                
                
                ---------- Forwarded message ----------
                Date: Fri, Jun 19, 2009 at 4:09 PM
                Subject: mod_header review
                
                
                Here are my comments:
                
                psiphon_headers_utils.c
                
                * What's the source of the util functions?  If from well-regarded open
                source project, then maybe I don't need to dig into all the time calc
                and parsing stuff and can assume it's ok (which I did).  But then we
                need to put proper attribution and copyright notices, etc.
                
                mod_psiphon_headers.c
                
                * Query logic around line 579 and on is weird.  In the query =
                query_delete case, it looks like SQL DELETE will be attempted 3 times
                in the case of a low-level database error.  Should check for "rows
                affected" separately from database error checks.  Also, may be better
                to do UPDATE instead of DELETE/INSERT.
                
                * There's a lot of low level string manipulation in this code.  I
                can't be certain it's all free from buffer overflow type issues.  More
                use of string library routines (can we use C++ here?) would be nice in
                the future.
                
                * apr_dbd_escape may not be as secure as parameterized queries (as is
                the case in PHP)
                
                * Add limit for domain depth (a.b.c.d.....com) to 10 or so?  Line 256.
                
                * Comment explaining magic limit of 20 cookies.  Comments explaining
                domain logic in line 256, path logic in line 299.  More comments would
                be good in general.  Link to any relevant specs or discussions (e.g.,
                http://en.wikipedia.org/wiki/HTTP_cookie).  Showing how an example is
                processed (e.g., a.b.c.org/x/y/z) would be helpful.
                
                * As we just discussed, line 269 "query = apr_pstrcat(r->pool, query,
                " order by id desc", NULL);" should actually order by len(domain) or
                something to ensure that the hash table logic around line 279 respects
                the correct precedence rules for cookies with same key, different
                domain level.

Revision history for this message

root (n-root-psiphon-ca) wrote on 2009-06-24:

Moving out of Open Source, as we've done what we intend to do for review in advance of that release. Still waiting to hear from Coverity about running their tool... should contact them again after open source release, as we'd then qualify directly under the terms of their Scan project: http://scan.coverity.com/devfaq.html

Adam P (adam+) on 2009-10-28

Changed in psiphon:
status:	In Progress → New

Adam P (adam+) on 2009-10-29

Changed in psiphon:
status:	New → Confirmed

Rod (rod-psiphon) on 2009-11-24

visibility:

private → public

Rod (rod-psiphon) on 2010-05-06

tags:

added: category3

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.