r14399@tombo: nickm | 2008-02-22 14:09:38 -0500

 More 64-to-32 fixes. Partial backport candidate. still not done.


svn:r13680

src/common/crypto.c

@@ -715,7 +715,7 @@ crypto_pk_public_checksig(crypto_pk_env_t *env, char *to,
  */
 int
 crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const char *data,
-                                 int datalen, const char *sig, int siglen)
+                                 size_t datalen, const char *sig, size_t siglen)
 {
   char digest[DIGEST_LEN];
   char *buf;
@@ -935,12 +935,12 @@ crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env,
  * Return -1 on error, or the number of characters used on success.
  */
 int
-crypto_pk_asn1_encode(crypto_pk_env_t *pk, char *dest, int dest_len)
+crypto_pk_asn1_encode(crypto_pk_env_t *pk, char *dest, size_t dest_len)
 {
   int len;
   unsigned char *buf, *cp;
   len = i2d_RSAPublicKey(pk->key, NULL);
-  if (len < 0 || len > dest_len)
+  if (len < 0 || (size_t)len > dest_len)
     return -1;
   cp = buf = tor_malloc(len+1);
   len = i2d_RSAPublicKey(pk->key, &cp);

src/common/crypto.h

@@ -97,7 +97,7 @@ int crypto_pk_private_decrypt(crypto_pk_env_t *env, char *to,
 int crypto_pk_public_checksig(crypto_pk_env_t *env, char *to,
                               const char *from, size_t fromlen);
 int crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const char *data,
-                                     int datalen, const char *sig, int siglen);
+                               size_t datalen, const char *sig, size_t siglen);
 int crypto_pk_private_sign(crypto_pk_env_t *env, char *to,
                            const char *from, size_t fromlen);
 int crypto_pk_private_sign_digest(crypto_pk_env_t *env, char *to,
@@ -109,7 +109,7 @@ int crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env, char *to,
                                      const char *from, size_t fromlen,
                                      int padding, int warnOnFailure);
 
-int crypto_pk_asn1_encode(crypto_pk_env_t *pk, char *dest, int dest_len);
+int crypto_pk_asn1_encode(crypto_pk_env_t *pk, char *dest, size_t dest_len);
 crypto_pk_env_t *crypto_pk_asn1_decode(const char *str, size_t len);
 int crypto_pk_get_digest(crypto_pk_env_t *pk, char *digest_out);
 int crypto_pk_get_fingerprint(crypto_pk_env_t *pk, char *fp_out,int add_space);

src/or/connection.c

@@ -2561,10 +2561,10 @@ alloc_http_authenticator(const char *authenticator)
 {
   /* an authenticator in Basic authentication
    * is just the string "username:password" */
-  const int authenticator_length = strlen(authenticator);
+  const size_t authenticator_length = strlen(authenticator);
   /* The base64_encode function needs a minimum buffer length
    * of 66 bytes. */
-  const int base64_authenticator_length = (authenticator_length/48+1)*66;
+  const size_t base64_authenticator_length = (authenticator_length/48+1)*66;
   char *base64_authenticator = tor_malloc(base64_authenticator_length);
   if (base64_encode(base64_authenticator, base64_authenticator_length,
                     authenticator, authenticator_length) < 0) {

src/or/connection_edge.c

@@ -364,7 +364,7 @@ connection_ap_expire_beginning(void)
     /* if it's an internal linked connection, don't yell its status. */
     severity = (!conn->_base.addr && !conn->_base.port)
       ? LOG_INFO : LOG_NOTICE;
-    seconds_idle = now - conn->_base.timestamp_lastread;
+    seconds_idle = (int)( now - conn->_base.timestamp_lastread );
 
     if (AP_CONN_STATE_IS_UNATTACHED(conn->_base.state)) {
       if (seconds_idle >= options->SocksTimeout) {
@@ -1004,7 +1004,7 @@ parse_virtual_addr_network(const char *val, int validate_only,
   if (validate_only)
     return 0;
 
-  virtual_addr_network = addr & (0xfffffffful << (32-bits));
+  virtual_addr_network = (uint32_t)( addr & (0xfffffffful << (32-bits)) );
   virtual_addr_netmask_bits = bits;
 
   if (addr_mask_cmp_bits(next_virtual_addr, addr, bits))
@@ -1938,7 +1938,7 @@ connection_ap_handshake_send_begin(edge_connection_t *ap_conn)
                (circ->_base.purpose == CIRCUIT_PURPOSE_C_GENERAL) ?
                  ap_conn->socks_request->address : "",
                ap_conn->socks_request->port);
-  payload_len = strlen(payload)+1;
+  payload_len = (int)strlen(payload)+1;
 
   log_debug(LD_APP,
             "Sending relay cell to begin stream %d.", ap_conn->stream_id);
@@ -1995,7 +1995,7 @@ connection_ap_handshake_send_resolve(edge_connection_t *ap_conn)
 
   if (command == SOCKS_COMMAND_RESOLVE) {
     string_addr = ap_conn->socks_request->address;
-    payload_len = strlen(string_addr)+1;
+    payload_len = (int)strlen(string_addr)+1;
     tor_assert(payload_len <= RELAY_PAYLOAD_SIZE);
   } else {
     struct in_addr in;
@@ -2029,7 +2029,7 @@ connection_ap_handshake_send_resolve(edge_connection_t *ap_conn)
                    (int)(uint8_t)((a>>24)&0xff));
     }
     string_addr = inaddr_buf;
-    payload_len = strlen(inaddr_buf)+1;
+    payload_len = (int)strlen(inaddr_buf)+1;
     tor_assert(payload_len <= RELAY_PAYLOAD_SIZE);
   }
 

src/or/connection_or.c

@@ -288,7 +288,7 @@ connection_or_flushed_some(or_connection_t *conn)
   /* If we're under the low water mark, add cells until we're just over the
    * high water mark. */
   if (datalen < OR_CONN_LOWWATER) {
-    int n = (OR_CONN_HIGHWATER - datalen + CELL_NETWORK_SIZE-1)
+    ssize_t n = (OR_CONN_HIGHWATER - datalen + CELL_NETWORK_SIZE-1)
       / CELL_NETWORK_SIZE;
     while (conn->active_circuits && n > 0) {
       int flushed = connection_or_flush_from_first_active_circuit(conn, 1);
@@ -1023,7 +1023,7 @@ connection_or_send_destroy(uint16_t circ_id, or_connection_t *conn, int reason)
 static const uint16_t or_protocol_versions[] = { 1, 2 };
 /** Number of versions in <b>or_protocol_versions</b>. */
 static const int n_or_protocol_versions =
-  sizeof(or_protocol_versions)/sizeof(uint16_t);
+  (int)( sizeof(or_protocol_versions)/sizeof(uint16_t) );
 
 /** Return true iff <b>v</b> is a link protocol version that this Tor
  * implementation believes it can support. */
@@ -1074,7 +1074,7 @@ connection_or_send_netinfo(or_connection_t *conn)
   cell.command = CELL_NETINFO;
 
   /* Their address. */
-  set_uint32(cell.payload, htonl(now));
+  set_uint32(cell.payload, htonl((uint32_t)now));
   cell.payload[4] = RESOLVED_TYPE_IPV4;
   cell.payload[5] = 4;
   set_uint32(cell.payload+6, htonl(conn->_base.addr));

src/or/control.c

@@ -398,7 +398,7 @@ get_escaped_string_length(const char *start, size_t in_len_max,
   }
   if (chars_out)
     *chars_out = chars;
-  return cp - start+1;
+  return (int)(cp - start+1);
 }
 
 /** As decode_escaped_string, but does not decode the string: copies the
@@ -631,9 +631,9 @@ send_control_event_extended(uint16_t event, event_format_t which,
 static origin_circuit_t *
 get_circ(const char *id)
 {
-  unsigned long n_id;
+  uint32_t n_id;
   int ok;
-  n_id = tor_parse_ulong(id, 10, 0, ULONG_MAX, &ok, NULL);
+  n_id = (uint32_t) tor_parse_ulong(id, 10, 0, UINT32_MAX, &ok, NULL);
   if (!ok)
     return NULL;
   return circuit_get_by_global_id(n_id);
@@ -643,10 +643,10 @@ get_circ(const char *id)
 static edge_connection_t *
 get_stream(const char *id)
 {
-  unsigned long n_id;
+  uint32_t n_id;
   int ok;
   edge_connection_t *conn;
-  n_id = tor_parse_ulong(id, 10, 0, ULONG_MAX, &ok, NULL);
+  n_id = (uint32_t) tor_parse_ulong(id, 10, 0, UINT32_MAX, &ok, NULL);
   if (!ok)
     return NULL;
   conn = connection_get_by_global_id(n_id);
@@ -1008,7 +1008,7 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len,
     cp = body;
     while (TOR_ISXDIGIT(*cp))
       ++cp;
-    i = cp - body;
+    i = (int)(cp - body);
     tor_assert(i>0);
     password_len = i/2;
     password = tor_malloc(password_len + 1);
@@ -2197,8 +2197,8 @@ handle_control_attachstream(control_connection_t *conn, uint32_t len,
     char *hopstring = smartlist_get(args, 2);
     if (!strcasecmpstart(hopstring, "HOP=")) {
       hopstring += strlen("HOP=");
-      hop = tor_parse_ulong(hopstring, 10, 0, ULONG_MAX,
-                            &hop_line_ok, NULL);
+      hop = (int) tor_parse_ulong(hopstring, 10, 0, INT_MAX,
+                                  &hop_line_ok, NULL);
       if (!hop_line_ok) { /* broken hop line */
         connection_printf_to_buf(conn, "552 Bad value hop=%s\r\n", hopstring);
       }
@@ -2660,6 +2660,7 @@ int
 connection_control_process_inbuf(control_connection_t *conn)
 {
   size_t data_len;
+  uint32_t cmd_data_len;
   int cmd_len;
   char *args;
 
@@ -2721,7 +2722,7 @@ connection_control_process_inbuf(control_connection_t *conn)
     tor_assert(data_len);
 
     last_idx = conn->incoming_cmd_cur_len;
-    conn->incoming_cmd_cur_len += data_len;
+    conn->incoming_cmd_cur_len += (int)data_len;
 
     /* We have appended a line to incoming_cmd.  Is the command done? */
     if (last_idx == 0 && *conn->incoming_cmd != '+')
@@ -2772,64 +2773,71 @@ connection_control_process_inbuf(control_connection_t *conn)
     return 0;
   }
 
+  if (data_len >= UINT32_MAX) {
+    connection_write_str_to_buf("500 A 4GB command? Nice try.\r\n", conn);
+    connection_mark_for_close(TO_CONN(conn));
+    return 0;
+  }
+
+  cmd_data_len = (uint32_t)data_len;
   if (!strcasecmp(conn->incoming_cmd, "SETCONF")) {
-    if (handle_control_setconf(conn, data_len, args))
+    if (handle_control_setconf(conn, cmd_data_len, args))
       return -1;
   } else if (!strcasecmp(conn->incoming_cmd, "RESETCONF")) {
-    if (handle_control_resetconf(conn, data_len, args))
+    if (handle_control_resetconf(conn, cmd_data_len, args))
       return -1;
   } else if (!strcasecmp(conn->incoming_cmd, "GETCONF")) {
-    if (handle_control_getconf(conn, data_len, args))
+    if (handle_control_getconf(conn, cmd_data_len, args))
       return -1;
   } else if (!strcasecmp(conn->incoming_cmd, "SETEVENTS")) {
-    if (handle_control_setevents(conn, data_len, args))
+    if (handle_control_setevents(conn, cmd_data_len, args))
       return -1;
   } else if (!strcasecmp(conn->incoming_cmd, "AUTHENTICATE")) {
-    if (handle_control_authenticate(conn, data_len, args))
+    if (handle_control_authenticate(conn, cmd_data_len, args))
       return -1;
   } else if (!strcasecmp(conn->incoming_cmd, "SAVECONF")) {
-    if (handle_control_saveconf(conn, data_len, args))
+    if (handle_control_saveconf(conn, cmd_data_len, args))
       return -1;
   } else if (!strcasecmp(conn->incoming_cmd, "SIGNAL")) {
-    if (handle_control_signal(conn, data_len, args))
+    if (handle_control_signal(conn, cmd_data_len, args))
       return -1;
   } else if (!strcasecmp(conn->incoming_cmd, "MAPADDRESS")) {
-    if (handle_control_mapaddress(conn, data_len, args))
+    if (handle_control_mapaddress(conn, cmd_data_len, args))
       return -1;
   } else if (!strcasecmp(conn->incoming_cmd, "GETINFO")) {
-    if (handle_control_getinfo(conn, data_len, args))
+    if (handle_control_getinfo(conn, cmd_data_len, args))
       return -1;
   } else if (!strcasecmp(conn->incoming_cmd, "EXTENDCIRCUIT")) {
-    if (handle_control_extendcircuit(conn, data_len, args))
+    if (handle_control_extendcircuit(conn, cmd_data_len, args))
       return -1;
   } else if (!strcasecmp(conn->incoming_cmd, "SETCIRCUITPURPOSE")) {
-    if (handle_control_setcircuitpurpose(conn, data_len, args))
+    if (handle_control_setcircuitpurpose(conn, cmd_data_len, args))
       return -1;
   } else if (!strcasecmp(conn->incoming_cmd, "SETROUTERPURPOSE")) {
     connection_write_str_to_buf("511 SETROUTERPURPOSE is obsolete.\r\n", conn);
   } else if (!strcasecmp(conn->incoming_cmd, "ATTACHSTREAM")) {
-    if (handle_control_attachstream(conn, data_len, args))
+    if (handle_control_attachstream(conn, cmd_data_len, args))
       return -1;
   } else if (!strcasecmp(conn->incoming_cmd, "+POSTDESCRIPTOR")) {
-    if (handle_control_postdescriptor(conn, data_len, args))
+    if (handle_control_postdescriptor(conn, cmd_data_len, args))
       return -1;
   } else if (!strcasecmp(conn->incoming_cmd, "REDIRECTSTREAM")) {
-    if (handle_control_redirectstream(conn, data_len, args))
+    if (handle_control_redirectstream(conn, cmd_data_len, args))
       return -1;
   } else if (!strcasecmp(conn->incoming_cmd, "CLOSESTREAM")) {
-    if (handle_control_closestream(conn, data_len, args))
+    if (handle_control_closestream(conn, cmd_data_len, args))
       return -1;
   } else if (!strcasecmp(conn->incoming_cmd, "CLOSECIRCUIT")) {
-    if (handle_control_closecircuit(conn, data_len, args))
+    if (handle_control_closecircuit(conn, cmd_data_len, args))
       return -1;
   } else if (!strcasecmp(conn->incoming_cmd, "USEFEATURE")) {
-    if (handle_control_usefeature(conn, data_len, args))
+    if (handle_control_usefeature(conn, cmd_data_len, args))
       return -1;
   } else if (!strcasecmp(conn->incoming_cmd, "RESOLVE")) {
-    if (handle_control_resolve(conn, data_len, args))
+    if (handle_control_resolve(conn, cmd_data_len, args))
       return -1;
   } else if (!strcasecmp(conn->incoming_cmd, "PROTOCOLINFO")) {
-    if (handle_control_protocolinfo(conn, data_len, args))
+    if (handle_control_protocolinfo(conn, cmd_data_len, args))
       return -1;
   } else {
     connection_printf_to_buf(conn, "510 Unrecognized command \"%s\"\r\n",
@@ -3457,7 +3465,7 @@ control_event_or_authdir_new_descriptor(const char *action,
 {
   char firstline[1024];
   char *buf;
-  int totallen;
+  size_t totallen;
   char *esc = NULL;
   size_t esclen;
 

src/or/cpuworker.c

@@ -250,7 +250,7 @@ cpuworker_main(void *data)
   dup_onion_keys(&onion_key, &last_onion_key);
 
   for (;;) {
-    int r;
+    ssize_t r;
 
     if ((r = recv(fd, &question_type, 1, 0)) != 1) {
 //      log_fn(LOG_ERR,"read type failed. Exiting.");

src/or/directory.c

@@ -1225,7 +1225,7 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
   size_t body_len=0, orig_len=0;
   int status_code;
   time_t date_header=0;
-  int delta;
+  long delta;
   compress_method_t compression;
   int plausible;
   int skewed=0;
@@ -1281,7 +1281,7 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
      * inaccurate if we spend a lot of time downloading.)
      */
     delta = conn->_base.timestamp_lastwritten - date_header;
-    if (abs(delta)>ALLOW_DIRECTORY_TIME_SKEW) {
+    if (labs(delta)>ALLOW_DIRECTORY_TIME_SKEW) {
       char dbuf[64];
       int trusted = router_digest_is_trusted_dir(conn->identity_digest);
       format_time_interval(dbuf, sizeof(dbuf), delta);
@@ -1296,11 +1296,11 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
              delta>0 ? "behind" : "ahead");
       skewed = 1; /* don't check the recommended-versions line */
       control_event_general_status(trusted ? LOG_WARN : LOG_NOTICE,
-                               "CLOCK_SKEW SKEW=%d SOURCE=DIRSERV:%s:%d",
+                               "CLOCK_SKEW SKEW=%ld SOURCE=DIRSERV:%s:%d",
                                delta, conn->_base.address, conn->_base.port);
     } else {
       log_debug(LD_HTTP, "Time on received directory is within tolerance; "
-                "we are %d seconds skewed.  (That's okay.)", delta);
+                "we are %ld seconds skewed.  (That's okay.)", delta);
     }
   }
   (void) skewed; /* skewed isn't used yet. */
@@ -1977,7 +1977,7 @@ static void
 write_http_response_header_impl(dir_connection_t *conn, ssize_t length,
                            const char *type, const char *encoding,
                            const char *extra_headers,
-                           int cache_lifetime)
+                           long cache_lifetime)
 {
   char date[RFC1123_TIME_LEN+1];
   char tmp[1024];
@@ -2041,7 +2041,7 @@ write_http_response_header_impl(dir_connection_t *conn, ssize_t length,
  * based on whether the response will be <b>compressed</b> or not. */
 static void
 write_http_response_header(dir_connection_t *conn, ssize_t length,
-                           int compressed, int cache_lifetime)
+                           int compressed, long cache_lifetime)
 {
   write_http_response_header_impl(conn, length,
                           compressed?"application/octet-stream":"text/plain",
@@ -2273,7 +2273,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
     int is_v3 = !strcmpstart(url, "/tor/status-vote");
     const char *request_type = NULL;
     const char *key = url + strlen("/tor/status/");
-    int lifetime = NETWORKSTATUS_CACHE_LIFETIME;
+    long lifetime = NETWORKSTATUS_CACHE_LIFETIME;
     if (!is_v3) {
       dirserv_get_networkstatus_v2_fingerprints(dir_fps, key);
       if (!strcmpstart(key, "fp/"))
@@ -3004,7 +3004,7 @@ download_status_increment_failure(download_status_t *dls, int status_code,
                                   const char *item, int server, time_t now)
 {
   const int *schedule;
-  int schedule_len;
+  size_t schedule_len;
   int increment;
   tor_assert(dls);
   if (status_code != 503 || server)

src/or/dirserv.c

@@ -31,9 +31,9 @@ const char dirserv_c_id[] =
 extern time_t time_of_process_start; /* from main.c */
 
 /** Do we need to regenerate the directory when someone asks for it? */
-static int the_directory_is_dirty = 1;
-static int runningrouters_is_dirty = 1;
-static int the_v2_networkstatus_is_dirty = 1;
+static time_t the_directory_is_dirty = 1;
+static time_t runningrouters_is_dirty = 1;
+static time_t the_v2_networkstatus_is_dirty = 1;
 
 /** Most recently generated encoded signed v1 directory. (v1 auth dirservers
  * only.) */
@@ -1628,7 +1628,7 @@ static uint64_t total_exit_bandwidth = 0;
 
 /** Helper: estimate the uptime of a router given its stated uptime and the
  * amount of time since it last stated its stated uptime. */
-static INLINE int
+static INLINE long
 real_uptime(routerinfo_t *router, time_t now)
 {
   if (now < router->cache_info.published_on)
@@ -1652,7 +1652,7 @@ dirserv_thinks_router_is_unreliable(time_t now,
       /* XXXX Once most authorities are on v3, we should change the rule from
        * "use uptime if we don't have mtbf data" to "don't advertise Stable on
        * v3 if we don't have enough mtbf data." */
-      int uptime = real_uptime(router, now);
+      long uptime = real_uptime(router, now);
       if ((unsigned)uptime < stable_uptime &&
           (unsigned)uptime < UPTIME_TO_GUARANTEE_STABLE)
         return 1;
@@ -1681,7 +1681,7 @@ dirserv_thinks_router_is_unreliable(time_t now,
 static int
 dirserv_thinks_router_is_hs_dir(routerinfo_t *router, time_t now)
 {
-  int uptime = real_uptime(router, now);
+  long uptime = real_uptime(router, now);
 
   return (router->wants_to_be_hs_dir &&
           uptime > get_options()->MinUptimeHidServDirectoryV2 &&
@@ -1739,7 +1739,7 @@ dirserv_compute_performance_thresholds(routerlist_t *rl)
       const char *id = ri->cache_info.identity_digest;
       uint32_t bw;
       ri->is_exit = exit_policy_is_general_exit(ri->exit_policy);
-      uptimes[n_active] = real_uptime(ri, now);
+      uptimes[n_active] = (uint32_t)real_uptime(ri, now);
       mtbfs[n_active] = rep_hist_get_stability(id, now);
       tks  [n_active] = rep_hist_get_weighted_time_known(id, now);
       bandwidths[n_active] = bw = router_get_advertised_bandwidth(ri);
@@ -2233,14 +2233,14 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key,
     char tbuf[ISO_TIME_LEN+1];
     networkstatus_t *current_consensus =
       networkstatus_get_live_consensus(now);
-    time_t last_consensus_interval; /* only used to pick a valid_after */
+    long last_consensus_interval; /* only used to pick a valid_after */
     if (current_consensus)
       last_consensus_interval = current_consensus->fresh_until -
         current_consensus->valid_after;
     else
       last_consensus_interval = DEFAULT_VOTING_INTERVAL_WHEN_NO_CONSENSUS;
     v3_out->valid_after =
-      dirvote_get_start_of_next_interval(now, last_consensus_interval);
+      dirvote_get_start_of_next_interval(now, (int)last_consensus_interval);
     format_iso_time(tbuf, v3_out->valid_after);
     log_notice(LD_DIR,"Choosing valid-after time in vote as %s: "
                "consensus_set=%d, last_interval=%d",

src/or/dirvote.c

@@ -283,7 +283,7 @@ compare_vote_rs(const vote_routerstatus_t *a, const vote_routerstatus_t *b)
   if ((r = memcmp(a->status.descriptor_digest, b->status.descriptor_digest,
                   DIGEST_LEN)))
     return r;
-  if ((r = (b->status.published_on - a->status.published_on)))
+  if ((r = (int)(b->status.published_on - a->status.published_on)))
     return r;
   if ((r = strcmp(b->status.nickname, a->status.nickname)))
     return r;
@@ -1220,7 +1220,7 @@ dirvote_recalculate_timing(or_options_t *options, time_t now)
   memset(&voting_schedule, 0, sizeof(voting_schedule));
 
   if (consensus) {
-    interval = consensus->fresh_until - consensus->valid_after;
+    interval = (int)( consensus->fresh_until - consensus->valid_after );
     vote_delay = consensus->vote_seconds;
     dist_delay = consensus->dist_seconds;
   } else {

src/or/dns.c

@@ -268,7 +268,12 @@ static int
 _compare_cached_resolves_by_expiry(const void *_a, const void *_b)
 {
   const cached_resolve_t *a = _a, *b = _b;
-  return a->expire - b->expire;
+  if (a->expire < b->expire)
+    return -1;
+  else if (a->expire == b->expire)
+    return 0;
+  else
+    return 1;
 }
 
 /** Priority queue of cached_resolve_t objects to let us know when they
@@ -423,7 +428,7 @@ send_resolved_cell(edge_connection_t *conn, uint8_t answer_type)
     case RESOLVED_TYPE_ERROR:
       {
         const char *errmsg = "Error resolving hostname";
-        int msglen = strlen(errmsg);
+        size_t msglen = strlen(errmsg);
 
         buf[1] = msglen;
         strlcpy(buf+2, errmsg, sizeof(buf)-2);
@@ -501,10 +506,10 @@ parse_inaddr_arpa_address(const char *address, struct in_addr *in)
   if (in) {
     uint32_t a;
     /* reverse the bytes */
-    a = (  ((inaddr.s_addr & 0x000000fful) << 24)
-          |((inaddr.s_addr & 0x0000ff00ul) << 8)
-          |((inaddr.s_addr & 0x00ff0000ul) >> 8)
-          |((inaddr.s_addr & 0xff000000ul) >> 24));
+    a = (uint32_t) (  ((inaddr.s_addr & 0x000000fful) << 24)
+                     |((inaddr.s_addr & 0x0000ff00ul) << 8)
+                     |((inaddr.s_addr & 0x00ff0000ul) >> 8)
+                     |((inaddr.s_addr & 0xff000000ul) >> 24));
     inaddr.s_addr = a;
 
     memcpy(in, &inaddr, sizeof(inaddr));

src/or/dnsserv.c

@@ -39,7 +39,7 @@ evdns_server_callback(struct evdns_server_request *req, void *_data)
 
   /* First, check whether the requesting address matches our SOCKSPolicy. */
   if ((addrlen = evdns_server_request_get_requesting_addr(req,
-                                (struct sockaddr*)&addr, sizeof(addr))) < 0) {
+                      (struct sockaddr*)&addr, (socklen_t)sizeof(addr))) < 0) {
     log_warn(LD_APP, "Couldn't get requesting address.");
     evdns_server_request_respond(req, DNS_ERR_SERVERFAILED);
     return;

src/or/geoip.c

@@ -20,7 +20,7 @@ static void clear_geoip_db(void);
 typedef struct geoip_entry_t {
   uint32_t ip_low; /**< The lowest IP in the range, in host order */
   uint32_t ip_high; /**< The highest IP in the range, in host order */
-  int country; /**< An index into geoip_countries */
+  intptr_t country; /**< An index into geoip_countries */
 } geoip_entry_t;
 
 /** A list of lowercased two-letter country codes. */
@@ -38,7 +38,7 @@ static smartlist_t *geoip_entries = NULL;
 static void
 geoip_add_entry(uint32_t low, uint32_t high, const char *country)
 {
-  uintptr_t idx;
+  intptr_t idx;
   geoip_entry_t *ent;
   void *_idxplus1;
 
@@ -143,7 +143,7 @@ geoip_load_file(const char *filename)
   log_info(LD_GENERAL, "Parsing GEOIP file.");
   while (!feof(f)) {
     char buf[512];
-    if (fgets(buf, sizeof(buf), f) == NULL)
+    if (fgets(buf, (int)sizeof(buf), f) == NULL)
       break;
     /* FFFF track full country name. */
     geoip_parse_entry(buf);
@@ -167,14 +167,14 @@ geoip_get_country_by_ip(uint32_t ipaddr)
   if (!geoip_entries)
     return -1;
   ent = smartlist_bsearch(geoip_entries, &ipaddr, _geoip_compare_key_to_entry);
-  return ent ? ent->country : -1;
+  return ent ? (int)ent->country : -1;
 }
 
 /** Return the number of countries recognized by the GeoIP database. */
 int
 geoip_get_n_countries(void)
 {
-  return smartlist_len(geoip_countries);
+  return (int) smartlist_len(geoip_countries);
 }
 
 /** Return the two-letter country code associated with the number <b>num</b>,

src/or/hibernate.c

@@ -490,7 +490,7 @@ accounting_set_wakeup_time(void)
     return;
   }
 
-  time_in_interval = interval_end_time - interval_start_time;
+  time_in_interval = (int)(interval_end_time - interval_start_time);
 
   time_to_exhaust_bw =
     (get_options()->AccountingMax/expected_bandwidth_usage)*60;

src/or/main.c

@@ -1190,7 +1190,7 @@ second_elapsed_callback(int fd, short event, void *args)
   /* the second has rolled over. check more stuff. */
   bytes_written = stats_prev_global_write_bucket - global_write_bucket;
   bytes_read = stats_prev_global_read_bucket - global_read_bucket;
-  seconds_elapsed = current_second ? (now.tv_sec - current_second) : 0;
+  seconds_elapsed = current_second ? (int)(now.tv_sec - current_second) : 0;
   stats_n_bytes_read += bytes_read;
   stats_n_bytes_written += bytes_written;
   if (accounting_is_enabled(options) && seconds_elapsed >= 0)

src/or/networkstatus.c

@@ -1130,7 +1130,7 @@ update_consensus_networkstatus_fetch_time(time_t now)
     tor_assert(c->fresh_until < start);
     /* We must download the next one before c is invalid: */
     tor_assert(start+dl_interval < c->valid_until);
-    time_to_download_next_consensus = start + crypto_rand_int(dl_interval);
+    time_to_download_next_consensus = start + crypto_rand_int((int)dl_interval);
     {
       char tbuf1[ISO_TIME_LEN+1];
       char tbuf2[ISO_TIME_LEN+1];

src/or/onion.c

@@ -180,7 +180,7 @@ onion_skin_create(crypto_pk_env_t *dest_router_key,
     goto err;
 
   dhbytes = crypto_dh_get_bytes(dh);
-  pkbytes = crypto_pk_keysize(dest_router_key);
+  pkbytes = (int) crypto_pk_keysize(dest_router_key);
   tor_assert(dhbytes == 128);
   tor_assert(pkbytes == 128);
 
@@ -235,7 +235,7 @@ onion_skin_server_handshake(const char *onion_skin, /*ONIONSKIN_CHALLENGE_LEN*/
 {
   char challenge[ONIONSKIN_CHALLENGE_LEN];
   crypto_dh_env_t *dh = NULL;
-  int len;
+  ssize_t len;
   char *key_material=NULL;
   size_t key_material_len=0;
   int i;
@@ -258,8 +258,8 @@ onion_skin_server_handshake(const char *onion_skin, /*ONIONSKIN_CHALLENGE_LEN*/
              "Couldn't decrypt onionskin: client may be using old onion key");
     goto err;
   } else if (len != DH_KEY_LEN) {
-    log_warn(LD_PROTOCOL, "Unexpected onionskin length after decryption: %d",
-             len);
+    log_warn(LD_PROTOCOL, "Unexpected onionskin length after decryption: %ld",
+             (long)len);
     goto err;
   }
 
@@ -332,7 +332,7 @@ onion_skin_client_handshake(crypto_dh_env_t *handshake_state,
             char *key_out,
             size_t key_out_len)
 {
-  int len;
+  ssize_t len;
   char *key_material=NULL;
   size_t key_material_len;
   tor_assert(crypto_dh_get_bytes(handshake_state) == DH_KEY_LEN);

src/or/router.c

@@ -333,7 +333,7 @@ v3_authority_check_key_expiry(void)
 
   now = time(NULL);
   expires = authority_key_certificate->expires;
-  time_left = expires - now;
+  time_left = (int)( expires - now );
   if (time_left <= 0) {
     badness = LOG_ERR;
     warn_interval = 60*60;
@@ -1742,7 +1742,7 @@ router_dump_router_to_string(char *s, size_t maxlen, routerinfo_t *router,
   }
 #endif
 
-  return written+1;
+  return (int)written+1;
 }
 
 /** Write the contents of <b>extrainfo</b> to the <b>maxlen</b>-byte string
@@ -1814,7 +1814,7 @@ extrainfo_dump_to_string(char *s, size_t maxlen, extrainfo_t *extrainfo,
   }
 #endif
 
-  return strlen(s)+1;
+  return (int)strlen(s)+1;
 }
 
 /** Return true iff <b>s</b> is a legally valid server nickname. */

src/or/routerlist.c

@@ -547,7 +547,7 @@ static int
 _compare_signed_descriptors_by_age(const void **_a, const void **_b)
 {
   const signed_descriptor_t *r1 = *_a, *r2 = *_b;
-  return r1->published_on - r2->published_on;
+  return (int)(r1->published_on - r2->published_on);
 }
 
 /** If the journal is too long, or if <b>force</b> is true, then atomically
@@ -2875,7 +2875,7 @@ _compare_old_routers_by_identity(const void **_a, const void **_b)
   const signed_descriptor_t *r1 = *_a, *r2 = *_b;
   if ((i = memcmp(r1->identity_digest, r2->identity_digest, DIGEST_LEN)))
     return i;
-  return r1->published_on - r2->published_on;
+  return (int)(r1->published_on - r2->published_on);
 }
 
 /** Internal type used to represent how long an old descriptor was valid,
@@ -2949,7 +2949,7 @@ routerlist_remove_old_cached_routers_with_id(time_t now,
     if (i < hi) {
       r_next = smartlist_get(lst, i+1);
       tor_assert(r->published_on <= r_next->published_on);
-      lifespans[i-lo].duration = (r_next->published_on - r->published_on);
+      lifespans[i-lo].duration = (int)(r_next->published_on - r->published_on);
     } else {
       r_next = NULL;
       lifespans[i-lo].duration = INT_MAX;
@@ -4185,7 +4185,7 @@ int
 router_differences_are_cosmetic(routerinfo_t *r1, routerinfo_t *r2)
 {
   time_t r1pub, r2pub;
-  int time_difference;
+  long time_difference;
   tor_assert(r1 && r2);
 
   /* r1 should be the one that was published first. */
@@ -4240,7 +4240,7 @@ router_differences_are_cosmetic(routerinfo_t *r1, routerinfo_t *r2)
    * give or take some slop? */
   r1pub = r1->cache_info.published_on;
   r2pub = r2->cache_info.published_on;
-  time_difference = abs(r2->uptime - (r1->uptime + (r2pub - r1pub)));
+  time_difference = labs(r2->uptime - (r1->uptime + (r2pub - r1pub)));
   if (time_difference > ROUTER_ALLOW_UPTIME_DRIFT &&
       time_difference > r1->uptime * .05 &&
       time_difference > r2->uptime * .05)

src/or/routerparse.c

@@ -507,7 +507,7 @@ router_append_dirobj_signature(char *buf, size_t buf_len, const char *digest,
                                crypto_pk_env_t *private_key)
 {
   char *signature;
-  int i;
+  size_t i;
 
   signature = tor_malloc(crypto_pk_keysize(private_key));
   if (crypto_pk_private_sign(private_key, signature, digest, DIGEST_LEN) < 0) {
@@ -1174,7 +1174,7 @@ router_parse_entry_from_string(const char *s, const char *end,
 
   tok = find_first_by_keyword(tokens, K_BANDWIDTH);
   tor_assert(tok && tok->n_args >= 3);
-  router->bandwidthrate =
+  router->bandwidthrate = (int)
     tor_parse_long(tok->args[0],10,1,INT_MAX,&ok,NULL);
 
   if (!ok) {
@@ -1182,12 +1182,13 @@ router_parse_entry_from_string(const char *s, const char *end,
              escaped(tok->args[0]));
     goto err;
   }
-  router->bandwidthburst = tor_parse_long(tok->args[1],10,0,INT_MAX,&ok,NULL);
+  router->bandwidthburst =
+    (int) tor_parse_long(tok->args[1],10,0,INT_MAX,&ok,NULL);
   if (!ok) {
     log_warn(LD_DIR, "Invalid bandwidthburst %s", escaped(tok->args[1]));
     goto err;
   }
-  router->bandwidthcapacity =
+  router->bandwidthcapacity = (int)
     tor_parse_long(tok->args[2],10,0,INT_MAX,&ok,NULL);
   if (!ok) {
     log_warn(LD_DIR, "Invalid bandwidthcapacity %s", escaped(tok->args[1]));
@@ -2309,8 +2310,10 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
         goto err;
       v->good_signature = 1;
     } else {
+      if (tok->object_size >= INT_MAX)
+        goto err;
       v->signature = tor_memdup(tok->object_body, tok->object_size);
-      v->signature_len = tok->object_size;
+      v->signature_len = (int) tok->object_size;
     }
     ++n_signatures;
   });
@@ -2441,8 +2444,10 @@ networkstatus_parse_detached_signatures(const char *s, const char *eos)
       voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
       memcpy(voter->identity_digest, id_digest, DIGEST_LEN);
       memcpy(voter->signing_key_digest, sk_digest, DIGEST_LEN);
+      if (tok->object_size >= INT_MAX)
+        goto err;
       voter->signature = tor_memdup(tok->object_body, tok->object_size);
-      voter->signature_len = tok->object_size;
+      voter->signature_len = (int) tok->object_size;
 
       smartlist_add(sigs->signatures, voter);
     });
@@ -2684,7 +2689,8 @@ static directory_token_t *
 get_next_token(const char **s, const char *eos, token_rule_t *table)
 {
   const char *next, *eol, *obstart;
-  int i, j, allocated, obname_len;
+  int i, j, allocated;
+  size_t obname_len;
   directory_token_t *tok;
   obj_syntax o_syn = NO_OBJ;
   char ebuf[128];
@@ -2801,7 +2807,7 @@ get_next_token(const char **s, const char *eos, token_rule_t *table)
   if (!eol)  /* end-of-line marker, or eos if there's no '\n' */
     eol = eos;
   /* Validate the ending tag, which should be 9 + NAME + 5 + eol */
-  if (eol-next != 9+obname_len+5 ||
+  if ((size_t)(eol-next) != 9+obname_len+5 ||
       strcmp_len(next+9, tok->object_type, obname_len) ||
       strcmp_len(eol-5, "-----", 5)) {
     snprintf(ebuf, sizeof(ebuf), "Malformed object: mismatched end tag %s",
@@ -3065,17 +3071,17 @@ tor_version_parse(const char *s, tor_version_t *out)
     s += 4;
 
   /* Get major. */
-  out->major = strtol(s,&eos,10);
+  out->major = (int)strtol(s,&eos,10);
   if (!eos || eos==s || *eos != '.') return -1;
   cp = eos+1;
 
   /* Get minor */
-  out->minor = strtol(cp,&eos,10);
+  out->minor = (int) strtol(cp,&eos,10);
   if (!eos || eos==cp || *eos != '.') return -1;
   cp = eos+1;
 
   /* Get micro */
-  out->micro = strtol(cp,&eos,10);
+  out->micro = (int) strtol(cp,&eos,10);
   if (!eos || eos==cp) return -1;
   if (!*eos) {
     out->status = VER_RELEASE;
@@ -3099,7 +3105,7 @@ tor_version_parse(const char *s, tor_version_t *out)
   }
 
   /* Get patchlevel */
-  out->patchlevel = strtol(cp,&eos,10);
+  out->patchlevel = (int) strtol(cp,&eos,10);
   if (!eos || eos==cp) return -1;
   cp = eos;
 
@@ -3117,7 +3123,7 @@ tor_version_parse(const char *s, tor_version_t *out)
 
   if (!strcmpstart(cp, "(r")) {
     cp += 2;
-    out->svn_revision = strtol(cp,&eos,10);
+    out->svn_revision = (int) strtol(cp,&eos,10);
   }
 
   return 0;