Using clang-tidy to start polishing the codebase.

Author: Castaglia

.clang-tidy

@@ -0,0 +1,50 @@
+Checks: '
+    *,
+    -altera-*,
+    -android-*,
+    bugprone-*,
+    -bugprone-branch-clone,
+    -bugprone-easily-swappable-parameters,
+    -bugprone-integer-division,
+    -bugprone-macro-parentheses,
+    -bugprone-narrowing-conversions,
+    cert-*,
+    -cert-err33-c,
+    -cert-err34-c,
+    -cert-msc30-c,
+    -cert-msc50-cpp,
+    clang-analyzer-*,
+    -clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,
+    -clang-analyzer-valist.Uninitialized,
+    -concurrency-mt-unsafe,
+    -cppcoreguidelines-avoid-magic-numbers,
+    -cppcoreguidelines-avoid-non-const-global-variables,
+    -cppcoreguidelines-init-variables,
+    -cppcoreguidelines-narrowing-conversions,
+    -google-readability-casting,
+    -hicpp-signed-bitwise,
+    llvm-*,
+    -llvm-include-order,
+    -llvmlibc-restrict-system-libc-headers,
+    misc-*,
+    -misc-redundant-expression,
+    -misc-unused-parameters,
+    modernize-*,
+    -modernize-avoid-c-arrays,
+    -modernize-deprecated-headers,
+    -modernize-loop-convert,
+    -modernize-use-auto,
+    -modernize-use-nullptr,
+    -modernize-use-trailing-return-type,
+    -modernize-use-using,
+    performance-*,
+    portability-*,
+    readability-*,
+    -readability-function-cognitive-complexity,
+    -readability-function-size,
+    -readability-identifier-length,
+    -readability-implicit-bool-conversion,
+    -readability-inconsistent-declaration-parameter-name,
+    -readability-isolate-declaration,
+    -readability-magic-numbers,
+    -readability-simplify-boolean-expr'

include/proxy/ssh/cipher.h

@@ -28,6 +28,7 @@
 #include "mod_proxy.h"
 
 #if defined(PR_USE_OPENSSL)
+#include <openssl/evp.h>
 
 int proxy_ssh_cipher_init(void);
 int proxy_ssh_cipher_free(void);

include/proxy/ssh/mac.h

@@ -1,6 +1,6 @@
 /*
  * ProFTPD - mod_proxy SSH MAC API
- * Copyright (c) 2021-2022 TJ Saunders
+ * Copyright (c) 2021-2025 TJ Saunders
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -29,6 +29,7 @@
 #include "proxy/ssh/packet.h"
 
 #if defined(PR_USE_OPENSSL)
+#include <openssl/evp.h>
 
 int proxy_ssh_mac_init(void);
 int proxy_ssh_mac_free(void);

lib/proxy/db.c

@@ -1,6 +1,6 @@
 /*
  * ProFTPD - mod_proxy database implementation
- * Copyright (c) 2015-2024 TJ Saunders
+ * Copyright (c) 2015-2025 TJ Saunders
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -108,6 +108,9 @@ static void db_sql(void *user_data, sqlite3 *db, const char *info,
       pr_trace_msg(trace_channel, 1, "(sqlite3): closed database: %s",
         sqlite3_db_filename(db, "main"));
       break;
+
+    default:
+      break;
   }
 }
 #endif /* SQLITE_CONFIG_SQLLOG */

lib/proxy/ftp/msg.c

@@ -1,6 +1,6 @@
 /*
  * ProFTPD - mod_proxy FTP message routines
- * Copyright (c) 2013-2021 TJ Saunders
+ * Copyright (c) 2013-2025 TJ Saunders
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -444,6 +444,9 @@ const pr_netaddr_t *proxy_ftp_msg_parse_ext_addr(pool *p, const char *msg,
 
         break;
       }
+
+      default:
+        break;
     }
 
     /* Advance past the address portion of the argument. */

lib/proxy/ftp/sess.c

@@ -1,6 +1,6 @@
 /*
  * ProFTPD - mod_proxy FTP session routines
- * Copyright (c) 2013-2023 TJ Saunders
+ * Copyright (c) 2013-2025 TJ Saunders
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -574,6 +574,9 @@ int proxy_ftp_sess_send_pbsz_prot(pool *p,
         send_prot = TRUE;
       }
       break;
+
+    default:
+      break;
   }
 
   if (send_prot == TRUE) {

lib/proxy/reverse.c

@@ -1,6 +1,6 @@
 /*
  * ProFTPD - mod_proxy reverse proxy implementation
- * Copyright (c) 2012-2022 TJ Saunders
+ * Copyright (c) 2012-2025 TJ Saunders
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -1584,26 +1584,33 @@ int proxy_reverse_connect_get_policy_id(const char *policy) {
 
   if (strcasecmp(policy, "Random") == 0) {
     return PROXY_REVERSE_CONNECT_POLICY_RANDOM;
+  }
 
-  } else if (strcasecmp(policy, "RoundRobin") == 0) {
+  if (strcasecmp(policy, "RoundRobin") == 0) {
     return PROXY_REVERSE_CONNECT_POLICY_ROUND_ROBIN;
+  }
 
-  } else if (strcasecmp(policy, "Shuffle") == 0) {
+  if (strcasecmp(policy, "Shuffle") == 0) {
     return PROXY_REVERSE_CONNECT_POLICY_SHUFFLE;
+  }
 
-  } else if (strcasecmp(policy, "LeastConns") == 0) {
+  if (strcasecmp(policy, "LeastConns") == 0) {
     return PROXY_REVERSE_CONNECT_POLICY_LEAST_CONNS;
+  }
 
-  } else if (strcasecmp(policy, "PerUser") == 0) {
+  if (strcasecmp(policy, "PerUser") == 0) {
     return PROXY_REVERSE_CONNECT_POLICY_PER_USER;
+  }
 
-  } else if (strcasecmp(policy, "PerGroup") == 0) {
+  if (strcasecmp(policy, "PerGroup") == 0) {
     return PROXY_REVERSE_CONNECT_POLICY_PER_GROUP;
+  }
 
-  } else if (strcasecmp(policy, "PerHost") == 0) {
+  if (strcasecmp(policy, "PerHost") == 0) {
     return PROXY_REVERSE_CONNECT_POLICY_PER_HOST;
+  }
 
-  } else if (strcasecmp(policy, "LeastResponseTime") == 0) {
+  if (strcasecmp(policy, "LeastResponseTime") == 0) {
     return PROXY_REVERSE_CONNECT_POLICY_LEAST_RESPONSE_TIME;
   }
 

lib/proxy/ssh.c

@@ -1,6 +1,6 @@
 /*
  * ProFTPD - mod_proxy SSH implementation
- * Copyright (c) 2021-2022 TJ Saunders
+ * Copyright (c) 2021-2025 TJ Saunders
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -70,7 +70,7 @@ static const char *trace_channel = "proxy.ssh";
 
 static unsigned long ssh_opts = 0UL;
 
-static void ssh_ssh2_read_poll_ev(const void *, void *);
+static void ssh_ssh2_read_poll_ev(const void *event_data, void *user_data);
 
 static int ssh_get_server_version(pool *p,
     const struct proxy_session *proxy_sess) {

lib/proxy/ssh/agent.c

@@ -1,6 +1,6 @@
 /*
  * ProFTPD - mod_proxy SSH agent support
- * Copyright (c) 2021-2023 TJ Saunders
+ * Copyright (c) 2021-2025 TJ Saunders
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -69,6 +69,9 @@ static int agent_failure(char resp_status) {
     case PROXY_SSHCOM_AGENT_FAILURE:
       failed = TRUE;
       break;
+
+    default:
+      break;
   }
 
   return failed;

lib/proxy/ssh/cipher.c

@@ -98,7 +98,7 @@ static unsigned int write_cipher_idx = 0;
 
 static const char *trace_channel = "proxy.ssh.cipher";
 
-static void clear_cipher(struct proxy_ssh_cipher *);
+static void clear_cipher(struct proxy_ssh_cipher *cipher);
 
 static unsigned int get_next_read_index(void) {
   if (read_cipher_idx == 1) {

lib/proxy/ssh/kex.c

@@ -1,6 +1,6 @@
 /*
  * ProFTPD - mod_proxy SSH key exchange (kex)
- * Copyright (c) 2021-2023 TJ Saunders
+ * Copyright (c) 2021-2025 TJ Saunders
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -298,8 +298,9 @@ static const char *kex_server_version = NULL;
 static unsigned char kex_digest_buf[EVP_MAX_MD_SIZE];
 
 /* Necessary prototypes. */
-static struct proxy_ssh_packet *read_kex_packet(pool *, struct proxy_ssh_kex *,
-  conn_t *, int, char *, unsigned int, ...);
+static struct proxy_ssh_packet *read_kex_packet(pool *p,
+  struct proxy_ssh_kex *kex, conn_t *conn, int disconnect_code,
+  char *found_msg_type, unsigned int ntypes, ...);
 
 static const char *trace_channel = "proxy.ssh.kex";
 
@@ -1562,7 +1563,8 @@ static const char *get_preferred_name(pool *p, const char *names) {
   register unsigned int i;
 
   /* Advance to the first comma, or NUL. */
-  for (i = 0; names[i] && names[i] != ','; i++);
+  for (i = 0; names[i] && names[i] != ','; i++) {
+  }
 
   if (names[i] == ',' ||
       names[i] == '\0') {
@@ -4858,41 +4860,48 @@ static int run_kex(struct proxy_ssh_kex *kex, conn_t *conn) {
       strcmp(algo, "diffie-hellman-group16-sha512") == 0 ||
       strcmp(algo, "diffie-hellman-group18-sha512") == 0) {
     return handle_kex_dh(kex, conn);
+  }
 
-  } else if (strcmp(algo, "diffie-hellman-group-exchange-sha1") == 0) {
+  if (strcmp(algo, "diffie-hellman-group-exchange-sha1") == 0) {
     return handle_kex_dh_gex(kex, conn);
+  }
 
-  } else if (strcmp(algo, "rsa1024-sha1") == 0) {
+  if (strcmp(algo, "rsa1024-sha1") == 0) {
     return handle_kex_rsa(kex, conn);
+  }
 
 #if ((OPENSSL_VERSION_NUMBER > 0x000907000L && defined(OPENSSL_FIPS)) || \
      (OPENSSL_VERSION_NUMBER > 0x000908000L)) && \
      defined(HAVE_SHA256_OPENSSL)
-  } else if (strcmp(algo, "diffie-hellman-group-exchange-sha256") == 0) {
+  if (strcmp(algo, "diffie-hellman-group-exchange-sha256") == 0) {
     return handle_kex_dh_gex(kex, conn);
+  }
 
-  } else if (strcmp(algo, "rsa2048-sha256") == 0) {
+  if (strcmp(algo, "rsa2048-sha256") == 0) {
     return handle_kex_rsa(kex, conn);
+  }
 #endif
 
 #if defined(PR_USE_OPENSSL_ECC)
-  } else if (strcmp(algo, "ecdh-sha2-nistp256") == 0 ||
-             strcmp(algo, "ecdh-sha2-nistp384") == 0 ||
-             strcmp(algo, "ecdh-sha2-nistp521") == 0) {
+  if (strcmp(algo, "ecdh-sha2-nistp256") == 0 ||
+      strcmp(algo, "ecdh-sha2-nistp384") == 0 ||
+      strcmp(algo, "ecdh-sha2-nistp521") == 0) {
     return handle_kex_ecdh(kex, conn);
+  }
 #endif /* PR_USE_OPENSSL_ECC */
 
 #if defined(PR_USE_SODIUM) && defined(HAVE_SHA256_OPENSSL)
-  } else if (strcmp(algo, "curve25519-sha256") == 0 ||
-             strcmp(algo, "[email protected]") == 0) {
+  if (strcmp(algo, "curve25519-sha256") == 0 ||
+      strcmp(algo, "[email protected]") == 0) {
     return handle_kex_curve25519(kex, conn);
+  }
 #endif /* PR_USE_SODIUM and HAVE_SHA256_OPENSSL */
 
 #if defined(HAVE_X448_OPENSSL) && defined(HAVE_SHA512_OPENSSL)
-  } else if (strcmp(algo, "curve448-sha512") == 0) {
+  if (strcmp(algo, "curve448-sha512") == 0) {
     return handle_kex_curve448(kex, conn);
-#endif /* HAVE_X448_OPENSSL and HAVE_SHA512_OPENSSL */
   }
+#endif /* HAVE_X448_OPENSSL and HAVE_SHA512_OPENSSL */
 
   (void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION,
     "unsupported key exchange algorithm '%s'", algo);

lib/proxy/ssh/keys.c

@@ -262,8 +262,6 @@ static void prepare_provider_fds(int stdout_fd, int stderr_fd) {
     pr_signals_handle();
     (void) close(i);
   }
-
-  return;
 }
 
 static void prepare_provider_pipes(int *stdout_pipe, int *stderr_pipe) {
@@ -2891,6 +2889,9 @@ static int handle_hostkey(pool *p, EVP_PKEY *pkey,
           }
 
           break;
+
+        default:
+          break;
       }
 
       break;
@@ -4631,6 +4632,9 @@ static const unsigned char *ecdsa_sign_data(pool *p, const unsigned char *data,
     case NID_secp521r1:
       proxy_ssh_msg_write_string(&buf, &buflen, "ecdsa-sha2-nistp521");
       break;
+
+    default:
+      break;
   }
 
   proxy_ssh_msg_write_data(&buf, &buflen, sig_ptr, (sig_bufsz - sig_buflen),
@@ -4880,6 +4884,9 @@ int proxy_ssh_keys_verify_pubkey_type(pool *p, unsigned char *pubkey_data,
           case NID_secp521r1:
             res = (pubkey_type == PROXY_SSH_KEY_ECDSA_521);
             break;
+
+          default:
+            break;
         }
       }
       break;

lib/proxy/ssh/mac.c

@@ -90,7 +90,7 @@ static size_t mac_blockszs[2] = { 0, 0 };
 static unsigned int read_mac_idx = 0;
 static unsigned int write_mac_idx = 0;
 
-static void clear_mac(struct proxy_ssh_mac *);
+static void clear_mac(struct proxy_ssh_mac *mac);
 
 static unsigned int get_next_read_index(void) {
   if (read_mac_idx == 1) {

lib/proxy/ssh/packet.c

@@ -605,8 +605,6 @@ static void read_packet_discard(conn_t *conn) {
     flags = PROXY_SSH_PACKET_READ_FL_PESSIMISTIC;
     proxy_ssh_packet_conn_read(conn, buf, buflen, flags);
   }
-
-  return;
 }
 
 static int read_packet_len(conn_t *conn, struct proxy_ssh_packet *pkt,
@@ -1004,6 +1002,9 @@ const char *proxy_ssh_packet_get_msg_type_desc(unsigned char msg_type) {
 
     case PROXY_SSH_MSG_CHANNEL_FAILURE:
       return "SSH_MSG_CHANNEL_FAILURE";
+
+    default:
+      break;
   }
 
   return "(unknown)";