Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fix clang-tidy modernize-use-nullptr findings

Browse source
This commit is contained in:
Tim Wojtulewicz 2025-05-16 12:42:13 -07:00
parent a3078f3132
commit ee319fc1c5
45 changed files with 200 additions and 201 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/file_analysis/analyzer/pe/pe-analyzer.pac
View file

@ -31,7 +31,7 @@ zeek::TableValPtr characteristics_to_zeek(uint32_t c, uint8_t len)
if ( ((c >> i) & 0x1) == 1 )
{
auto ch = zeek::val_mgr->Count((1<<i)&mask);
char_set->Assign(std::move(ch), 0);
char_set->Assign(std::move(ch), nullptr);
}
}
@ -172,7 +172,7 @@ refine flow File += {
// Strip null characters from the end of the section name.
u_char* first_null = (u_char*) memchr(${h.name}.data(), 0, ${h.name}.length());
uint16 name_len;
if ( first_null == NULL )
if ( first_null == nullptr )
name_len = ${h.name}.length();
else
name_len = first_null - ${h.name}.data();

4
src/file_analysis/analyzer/x509/OCSP.cc
View file

@ -125,7 +125,7 @@ bool OCSP::EndOfFile() {
const unsigned char* ocsp_char = reinterpret_cast<const unsigned char*>(ocsp_data.data());
if ( request ) {
OCSP_REQUEST* req = d2i_OCSP_REQUEST(NULL, &ocsp_char, ocsp_data.size());
OCSP_REQUEST* req = d2i_OCSP_REQUEST(nullptr, &ocsp_char, ocsp_data.size());
if ( ! req ) {
reporter->Weird(GetFile(), "openssl_ocsp_request_parse_error");
@ -136,7 +136,7 @@ bool OCSP::EndOfFile() {
OCSP_REQUEST_free(req);
}
else {
OCSP_RESPONSE* resp = d2i_OCSP_RESPONSE(NULL, &ocsp_char, ocsp_data.size());
OCSP_RESPONSE* resp = d2i_OCSP_RESPONSE(nullptr, &ocsp_char, ocsp_data.size());
if ( ! resp ) {
reporter->Weird(GetFile(), "openssl_ocsp_response_parse_error");

38
src/file_analysis/analyzer/x509/X509.cc
View file

@ -65,7 +65,7 @@ bool X509::EndOfFile() {
// ok, now we can try to parse the certificate with openssl. Should
// be rather straightforward...
::X509* ssl_cert = d2i_X509(NULL, &cert_char, cert_data.size());
::X509* ssl_cert = d2i_X509(nullptr, &cert_char, cert_data.size());
if ( ! ssl_cert ) {
reporter->Weird(GetFile(), "x509_cert_parse_error");
return false;
@ -155,7 +155,7 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val, file_analysis::File* f) {
// if the string is longer than 255, that will be our null-termination,
// otherwise i2t does null-terminate.
ASN1_OBJECT* algorithm;
X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(ssl_cert));
X509_PUBKEY_get0_param(&algorithm, nullptr, nullptr, nullptr, X509_get_X509_PUBKEY(ssl_cert));
if ( ! i2t_ASN1_OBJECT(buf, 255, algorithm) )
buf[0] = 0;
@ -165,7 +165,7 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val, file_analysis::File* f) {
i2a_ASN1_OBJECT(bio, ssl_cert->sig_alg->algorithm);
#else
const ASN1_OBJECT* alg;
X509_ALGOR_get0(&alg, NULL, NULL, X509_get0_tbs_sigalg(ssl_cert));
X509_ALGOR_get0(&alg, nullptr, nullptr, X509_get0_tbs_sigalg(ssl_cert));
i2a_ASN1_OBJECT(bio, alg);
#endif
len = BIO_gets(bio, buf, sizeof(buf));
@ -180,13 +180,13 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val, file_analysis::File* f) {
if ( OBJ_obj2nid(algorithm) == NID_md5WithRSAEncryption ) {
ASN1_OBJECT* copy = OBJ_dup(algorithm); // the next line will destroy the original algorithm.
X509_PUBKEY_set0_param(X509_get_X509_PUBKEY(ssl_cert), OBJ_nid2obj(NID_rsaEncryption), 0, NULL, NULL, 0);
X509_PUBKEY_set0_param(X509_get_X509_PUBKEY(ssl_cert), OBJ_nid2obj(NID_rsaEncryption), 0, nullptr, nullptr, 0);
algorithm = copy;
// we do not have to worry about freeing algorithm in that case - since it will be
// re-assigned using set0_param and the cert will take ownership.
}
else
algorithm = 0;
algorithm = nullptr;
if ( ! i2t_ASN1_OBJECT(buf, 255, OBJ_nid2obj(X509_get_signature_nid(ssl_cert))) )
buf[0] = 0;
@ -195,7 +195,7 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val, file_analysis::File* f) {
// Things we can do when we have the key...
EVP_PKEY* pkey = X509_extract_key(ssl_cert);
if ( pkey != NULL ) {
if ( pkey != nullptr ) {
if ( EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA )
pX509Cert->Assign(9, "dsa");
@ -204,7 +204,7 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val, file_analysis::File* f) {
#if OPENSSL_VERSION_NUMBER < 0x30000000L
const BIGNUM* e = nullptr;
RSA_get0_key(EVP_PKEY_get0_RSA(pkey), NULL, &e, NULL);
RSA_get0_key(EVP_PKEY_get0_RSA(pkey), nullptr, &e, nullptr);
#else
BIGNUM* e = nullptr;
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, &e);
@ -216,10 +216,10 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val, file_analysis::File* f) {
BN_free(e);
e = nullptr;
#endif
if ( exponent != NULL ) {
if ( exponent != nullptr ) {
pX509Cert->Assign(11, exponent);
OPENSSL_free(exponent);
exponent = NULL;
exponent = nullptr;
}
}
#ifndef OPENSSL_NO_EC
@ -232,7 +232,7 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val, file_analysis::File* f) {
// set key algorithm back. We do not have to free the value that we created because (I
// think) it comes out of a static array from OpenSSL memory.
if ( algorithm )
X509_PUBKEY_set0_param(X509_get_X509_PUBKEY(ssl_cert), algorithm, 0, NULL, NULL, 0);
X509_PUBKEY_set0_param(X509_get_X509_PUBKEY(ssl_cert), algorithm, 0, nullptr, nullptr, 0);
unsigned int length = KeyLength(pkey);
if ( length > 0 )
@ -259,9 +259,9 @@ X509_STORE* X509::GetRootStore(TableVal* root_certs) {
StringVal* sv = val->AsStringVal();
assert(sv);
const uint8_t* data = sv->Bytes();
::X509* x = d2i_X509(NULL, &data, sv->Len());
::X509* x = d2i_X509(nullptr, &data, sv->Len());
if ( ! x ) {
emit_builtin_error(util::fmt("Root CA error: %s", ERR_error_string(ERR_get_error(), NULL)));
emit_builtin_error(util::fmt("Root CA error: %s", ERR_error_string(ERR_get_error(), nullptr)));
return nullptr;
}
@ -443,7 +443,7 @@ StringValPtr X509::KeyCurve(EVP_PKEY* key) {
#if OPENSSL_VERSION_NUMBER < 0x30000000L
const EC_GROUP* group;
int nid;
if ( (group = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(key))) == NULL )
if ( (group = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(key))) == nullptr )
// I guess we could not parse this
return nullptr;
@ -468,13 +468,13 @@ StringValPtr X509::KeyCurve(EVP_PKEY* key) {
}
unsigned int X509::KeyLength(EVP_PKEY* key) {
assert(key != NULL);
assert(key != nullptr);
switch ( EVP_PKEY_base_id(key) ) {
case EVP_PKEY_RSA: {
#if OPENSSL_VERSION_NUMBER < 0x30000000L
const BIGNUM* n = nullptr;
RSA_get0_key(EVP_PKEY_get0_RSA(key), &n, NULL, NULL);
RSA_get0_key(EVP_PKEY_get0_RSA(key), &n, nullptr, nullptr);
return BN_num_bits(n);
#else
BIGNUM* n = nullptr;
@ -488,7 +488,7 @@ unsigned int X509::KeyLength(EVP_PKEY* key) {
case EVP_PKEY_DSA: {
#if OPENSSL_VERSION_NUMBER < 0x30000000L
const BIGNUM* p;
DSA_get0_pqg(EVP_PKEY_get0_DSA(key), &p, NULL, NULL);
DSA_get0_pqg(EVP_PKEY_get0_DSA(key), &p, nullptr, nullptr);
return BN_num_bits(p);
#else
BIGNUM* p = nullptr;
@ -516,7 +516,7 @@ unsigned int X509::KeyLength(EVP_PKEY* key) {
return 0;
}
if ( ! EC_GROUP_get_order(group, ec_order, NULL) ) {
if ( ! EC_GROUP_get_order(group, ec_order, nullptr) ) {
// could not get ec-group-order
BN_free(ec_order);
return 0;
@ -539,7 +539,7 @@ unsigned int X509::KeyLength(EVP_PKEY* key) {
X509Val::X509Val(::X509* arg_certificate) : OpaqueVal(x509_opaque_type) { certificate = arg_certificate; }
X509Val::X509Val() : OpaqueVal(x509_opaque_type) { certificate = 0; }
X509Val::X509Val() : OpaqueVal(x509_opaque_type) { certificate = nullptr; }
X509Val::~X509Val() {
if ( certificate )
@ -578,7 +578,7 @@ bool X509Val::DoUnserializeData(BrokerDataView data) {
auto s = data.ToString();
auto opensslbuf = reinterpret_cast<const unsigned char*>(s.data());
certificate = d2i_X509(NULL, &opensslbuf, s.size());
certificate = d2i_X509(nullptr, &opensslbuf, s.size());
return certificate != nullptr;
}

2
src/file_analysis/analyzer/x509/X509Common.cc
View file

@ -180,7 +180,7 @@ void X509Common::ParseSignedCertificateTimestamps(X509_EXTENSION* ext) {
unsigned char* ext_val_second_pointer = ext_val_copy;
memcpy(ext_val_copy, ext_val->data, ext_val->length);
ASN1_OCTET_STRING* inner = d2i_ASN1_OCTET_STRING(NULL, (const unsigned char**)&ext_val_copy, ext_val->length);
ASN1_OCTET_STRING* inner = d2i_ASN1_OCTET_STRING(nullptr, (const unsigned char**)&ext_val_copy, ext_val->length);
if ( ! inner ) {
OPENSSL_free(ext_val_second_pointer);
reporter->Error("X509::ParseSignedCertificateTimestamps could not parse inner octet string");

44
src/file_analysis/analyzer/x509/functions.bif
View file

@ -31,8 +31,8 @@ STACK_OF(X509)* x509_get_untrusted_stack(zeek::VectorVal* certs_vec)
if ( ! untrusted_certs )
{
zeek::emit_builtin_error(zeek::util::fmt("Untrusted certificate stack initialization error: %s",
ERR_error_string(ERR_get_error(),NULL)));
return 0;
ERR_error_string(ERR_get_error(), nullptr)));
return nullptr;
}
for ( int i = 1; i < (int) certs_vec->Size(); ++i ) // start at 1 - 0 is host cert
@ -48,7 +48,7 @@ STACK_OF(X509)* x509_get_untrusted_stack(zeek::VectorVal* certs_vec)
{
sk_X509_free(untrusted_certs);
zeek::emit_builtin_error("No certificate in opaque in stack");
return 0;
return nullptr;
}
sk_X509_push(untrusted_certs, x);
@ -73,10 +73,10 @@ X509* x509_get_ocsp_signer(const STACK_OF(X509)* certs,
else if ( resp_id->type == V_OCSP_RESPID_KEY )
key = resp_id->value.byKey;
else
return 0;
return nullptr;
#else
if ( ! OCSP_resp_get0_id(basic_resp, &key, &name) )
return 0;
return nullptr;
#endif
if ( name )
@ -85,7 +85,7 @@ X509* x509_get_ocsp_signer(const STACK_OF(X509)* certs,
// Just like OpenSSL, we just support SHA-1 lookups and bail out otherwise.
if ( key->length != SHA_DIGEST_LENGTH )
return 0;
return nullptr;
unsigned char* key_hash = key->data;
@ -93,7 +93,7 @@ X509* x509_get_ocsp_signer(const STACK_OF(X509)* certs,
{
unsigned char digest[SHA_DIGEST_LENGTH];
X509* cert = sk_X509_value(certs, i);
if ( ! X509_pubkey_digest(cert, EVP_sha1(), digest, NULL) )
if ( ! X509_pubkey_digest(cert, EVP_sha1(), digest, nullptr) )
// digest failed for this certificate, try with next
continue;
@ -102,7 +102,7 @@ X509* x509_get_ocsp_signer(const STACK_OF(X509)* certs,
return cert;
}
return 0;
return nullptr;
}
// Convert hash algorithm registry numbers to the OpenSSL EVP_MD.
@ -304,21 +304,21 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_c
// from here, always goto cleanup. Initialize all other required variables...
time_t vtime = (time_t) verify_time;
OCSP_BASICRESP *basic = 0;
OCSP_SINGLERESP *single = 0;
X509_STORE_CTX *csc = 0;
OCSP_CERTID *certid = 0;
OCSP_BASICRESP *basic = nullptr;
OCSP_SINGLERESP *single = nullptr;
X509_STORE_CTX *csc = nullptr;
OCSP_CERTID *certid = nullptr;
stack_st_X509* ocsp_certs = nullptr;
int status = -1;
int out = -1;
int result = -1;
X509* issuer_certificate = 0;
X509* signer = 0;
X509* issuer_certificate = nullptr;
X509* signer = nullptr;
ASN1_GENERALIZEDTIME* thisUpdate = nullptr;
ASN1_GENERALIZEDTIME* nextUpdate = nullptr;
int type = -1;
OCSP_RESPONSE *resp = d2i_OCSP_RESPONSE(NULL, &start, ocsp_reply->Len());
OCSP_RESPONSE *resp = d2i_OCSP_RESPONSE(nullptr, &start, ocsp_reply->Len());
if ( ! resp )
{
@ -348,7 +348,7 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_c
// the lookup.
// Yay.
issuer_certificate = 0;
issuer_certificate = nullptr;
for ( int i = 0; i < sk_X509_num(untrusted_certs); i++)
{
OCSP_basic_add1_cert(basic, sk_X509_value(untrusted_certs, i));
@ -404,10 +404,10 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_c
// We pass OCSP_NOVERIFY to let OCSP_basic_verify skip the chain verification.
// With that, it only verifies the signature of the basic response and we are responsible
// for the chain ourselves. We have to do that since we cannot get OCSP_basic_verify to use our timestamp.
out = OCSP_basic_verify(basic, NULL, ctx, OCSP_NOVERIFY);
out = OCSP_basic_verify(basic, nullptr, ctx, OCSP_NOVERIFY);
if ( out < 1 )
{
rval = x509_result_record(out, ERR_error_string(ERR_get_error(),NULL));
rval = x509_result_record(out, ERR_error_string(ERR_get_error(), nullptr));
goto x509_ocsp_cleanup;
}
@ -421,7 +421,7 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_c
// into accepting.
if ( issuer_certificate )
certid = OCSP_cert_to_id(NULL, cert, issuer_certificate);
certid = OCSP_cert_to_id(nullptr, cert, issuer_certificate);
else
{
// issuer not in list sent by server, check store
@ -434,7 +434,7 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_c
goto x509_ocsp_cleanup;
}
certid = OCSP_cert_to_id(NULL, cert,X509_OBJECT_get0_X509( obj));
certid = OCSP_cert_to_id(nullptr, cert,X509_OBJECT_get0_X509( obj));
X509_OBJECT_free(obj);
}
@ -457,7 +457,7 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_c
return x509_result_record(-1, "OCSP reply is not for host certificate");
// next - check freshness of proof...
type = OCSP_single_get0_status(single, NULL, NULL, &thisUpdate, &nextUpdate);
type = OCSP_single_get0_status(single, nullptr, nullptr, &thisUpdate, &nextUpdate);
if ( type == -1 )
{
@ -774,7 +774,7 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa
goto sct_verify_err;
}
if ( ! EVP_DigestVerifyInit(mdctx, NULL, hash, NULL, key) )
if ( ! EVP_DigestVerifyInit(mdctx, nullptr, hash, nullptr, key) )
{
errstr = "Could not init signature verification";
goto sct_verify_err;