Use C99 like the Linux kernel

Apply to loop variables so that they don't leak out of the loop - unless
they leak on purpose.

src/config.c

@@ -94,7 +94,7 @@ const struct vpn_config invalid_cfg = {
  */
 int add_trusted_cert(struct vpn_config *cfg, const char *digest)
 {
-	struct x509_digest *last, *new;
+	struct x509_digest *new;
 
 	new = malloc(sizeof(struct x509_digest));
 	if (new == NULL)
@@ -107,7 +107,10 @@ int add_trusted_cert(struct vpn_config *cfg, const char *digest)
 	if (cfg->cert_whitelist == NULL) {
 		cfg->cert_whitelist = new;
 	} else {
-		for (last = cfg->cert_whitelist; last->next != NULL;
+		struct x509_digest *last;
+
+		for (last = cfg->cert_whitelist;
+		     last->next != NULL;
 		     last = last->next)
 			;
 		last->next = new;
@@ -196,7 +199,6 @@ int load_config(struct vpn_config *cfg, const char *filename)
 	// Read line by line
 	while ((read = getline(&line, &len, file)) != -1) {
 		char *key, *equals, *val;
-		int i;
 
 		// Ignore blank lines. We could argue that the string must be at least
 		// 3 chars to be valid, eg. 'x=\n' but let the rest of the function
@@ -224,13 +226,13 @@ int load_config(struct vpn_config *cfg, const char *filename)
 		while (isspace(val[0]))
 			val++;
 		// Remove trailing spaces
-		for (i = strlen(key) - 1; i > 0; i--) {
+		for (int i = strlen(key) - 1; i > 0; i--) {
 			if (isspace(key[i]))
 				key[i] = '\0';
 			else
 				break;
 		}
-		for (i = strlen(val) - 1; i > 0; i--) {
+		for (int i = strlen(val) - 1; i > 0; i--) {
 			if (isspace(val[i]))
 				val[i] = '\0';
 			else

src/hdlc.c

@@ -126,7 +126,6 @@ ssize_t hdlc_encode(uint8_t *frame, size_t frmsize,
 	ssize_t written = 0;
 	uint16_t checksum;
 	const uint8_t address_control_fields[] = { 0xff, 0x03 };
-	int i;
 	uint8_t byte;
 
 	if (frmsize < 7)
@@ -144,7 +143,7 @@ ssize_t hdlc_encode(uint8_t *frame, size_t frmsize,
 
 	checksum = address_control_checksum; // Precalculated for Address Control
 
-	for (i = 0; i < pktsize; i++) {
+	for (int i = 0; i < pktsize; i++) {
 		byte = packet[i];
 
 		if (frmsize < written + 2)
@@ -197,10 +196,10 @@ ssize_t hdlc_encode(uint8_t *frame, size_t frmsize,
  */
 ssize_t hdlc_find_frame(const uint8_t *buffer, size_t bufsize, off_t *start)
 {
-	int i, s = -1, e = -1;
+	int s = -1, e = -1;
 
 	// Look for frame start
-	for (i = *start; i < bufsize; i++) {
+	for (int i = *start; i < bufsize; i++) {
 		if (buffer[i] == 0x7e) { // Flag Sequence
 			s = i + 1;
 			break;
@@ -214,7 +213,7 @@ ssize_t hdlc_find_frame(const uint8_t *buffer, size_t bufsize, off_t *start)
 		s++;
 
 	// Look for frame end
-	for (i = s; i < bufsize; i++) {
+	for (int i = s; i < bufsize; i++) {
 		if (buffer[i] == 0x7e) { // Flag Sequence
 			e = i;
 			break;
@@ -245,7 +244,6 @@ ssize_t hdlc_decode(const uint8_t *frame, size_t frmsize,
 	off_t start = 0;
 	ssize_t written = 0;
 	int has_address_control_fields = 0;
-	int i;
 	int in_escape;
 	uint16_t checksum;
 
@@ -259,7 +257,7 @@ ssize_t hdlc_decode(const uint8_t *frame, size_t frmsize,
 	}
 
 	in_escape = 0;
-	for (i = start; i < frmsize; i++) {
+	for (int i = start; i < frmsize; i++) {
 		uint8_t byte = frame[i];
 
 		if (byte == 0x7d) { // Control Escape

src/http.c

@@ -92,11 +92,11 @@ int http_send(struct tunnel *tunnel, const char *request, ...)
 		url_encode(password, tunnel->config->password);
 
 		while ((pwstart = strstr(logbuffer, password))) {
-			int pos, pwlen, i;
+			int pos, pwlen;
 
 			pos = pwstart - logbuffer;
 			pwlen = strlen(password);
-			for (i = pos; i < pos + pwlen; i++)
+			for (int i = pos; i < pos + pwlen; i++)
 				logbuffer[i] = '*';
 		}
 	}

src/io.c

@@ -86,22 +86,18 @@ static unsigned long thread_id(void)
 
 static void init_ssl_locks(void)
 {
-	int i;
-
 	lockarray = (pthread_mutex_t *) OPENSSL_malloc(CRYPTO_num_locks() *
 	                sizeof(pthread_mutex_t));
-	for (i = 0; i < CRYPTO_num_locks(); i++)
+	for (int i = 0; i < CRYPTO_num_locks(); i++)
 		pthread_mutex_init(&lockarray[i], NULL);
 	CRYPTO_set_id_callback((unsigned long (*)()) thread_id);
 	CRYPTO_set_locking_callback((void (*)()) lock_callback);
 }
 
 static void destroy_ssl_locks(void)
 {
-	int i;
-
 	CRYPTO_set_locking_callback(NULL);
-	for (i = 0; i < CRYPTO_num_locks(); i++)
+	for (int i = 0; i < CRYPTO_num_locks(); i++)
 		pthread_mutex_destroy(&lockarray[i]);
 	OPENSSL_free(lockarray);
 	lockarray = NULL;
@@ -405,7 +401,7 @@ static inline void set_tunnel_ips(struct tunnel *tunnel,
 static void debug_bad_packet(struct tunnel *tunnel, uint8_t *header)
 {
 	uint8_t buffer[256];
-	int size, i;
+	int size;
 
 	memcpy(buffer, header, 6 * sizeof(uint8_t));
 
@@ -418,10 +414,10 @@ static void debug_bad_packet(struct tunnel *tunnel, uint8_t *header)
 	do_log_packet("  (hex) ", size, buffer);
 
 	// then print the raw string, after escaping non-displayable chars
-	for (i = 0; i < size; i++)
+	for (int i = 0; i < size; i++)
 		if (!printable_char((char) buffer[i]))
 			buffer[i] = '.';
-	buffer[i] = buffer[256 - 1] = '\0';
+	buffer[size] = buffer[256 - 1] = '\0';
 
 	printf("  (raw) %s\n", (const char *) buffer);
 }

src/log.c

@@ -136,17 +136,17 @@ void do_log(int verbosity, const char *format, ...)
 void do_log_packet(const char *prefix, size_t len, const uint8_t *packet)
 {
 	char *str, *pos;
-	size_t i;
+	size_t len_prefix = strlen(prefix);
 
-	str = malloc(strlen(prefix) + 3 * len + 1 + 1);
+	str = malloc(len_prefix + 3 * len + 1 + 1);
 	if (str == NULL) {
 		log_error("malloc: %s\n", strerror(errno));
 		return;
 	}
 
 	pos = strcpy(str, prefix);
-	pos += strlen(str);
-	for (i = 0; i < len; i++)
+	pos += len_prefix;
+	for (size_t i = 0; i < len; i++)
 		pos += sprintf(pos, "%02x ", packet[i]);
 	strcpy(pos - 1, "\n");
 

src/tunnel.c

@@ -561,7 +561,7 @@ static int pppd_terminate(struct tunnel *tunnel)
 
 int ppp_interface_is_up(struct tunnel *tunnel)
 {
-	struct ifaddrs *ifap, *ifa;
+	struct ifaddrs *ifap;
 
 	log_debug("Got Address: %s\n", inet_ntoa(tunnel->ipv4.ip_addr));
 
@@ -570,7 +570,7 @@ int ppp_interface_is_up(struct tunnel *tunnel)
 		return 0;
 	}
 
-	for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next) {
+	for (struct ifaddrs *ifa = ifap; ifa != NULL; ifa = ifa->ifa_next) {
 		if (
 #if HAVE_USR_SBIN_PPPD
 		        ((tunnel->config->pppd_ifname &&
@@ -849,8 +849,6 @@ static int ssl_verify_cert(struct tunnel *tunnel)
 	unsigned int len;
 	struct x509_digest *elem;
 	char digest_str[SHA256STRLEN], *subject, *issuer;
-	char *line;
-	int i;
 	X509_NAME *subj;
 	char *saveptr = NULL;
 
@@ -883,7 +881,7 @@ static int ssl_verify_cert(struct tunnel *tunnel)
 		goto free_cert;
 	}
 	// Encode digest in base16
-	for (i = 0; i < SHA256LEN; i++)
+	for (int i = 0; i < SHA256LEN; i++)
 		sprintf(&digest_str[2 * i], "%02x", digest[i]);
 	digest_str[SHA256STRLEN - 1] = '\0';
 	// Is it in whitelist?
@@ -907,15 +905,15 @@ static int ssl_verify_cert(struct tunnel *tunnel)
 	log_error("    subject:\n");
 	subject = X509_NAME_oneline(subj, NULL, 0);
 	if (subject) {
-		for (line = strtok_r(subject, "/", &saveptr); line != NULL;
+		for (char *line = strtok_r(subject, "/", &saveptr); line != NULL;
 		     line = strtok_r(NULL, "/", &saveptr))
 			log_error("        %s\n", line);
 		free(subject);
 	}
 	log_error("    issuer:\n");
 	issuer = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0);
 	if (issuer) {
-		for (line = strtok_r(issuer, "/", &saveptr); line != NULL;
+		for (char *line = strtok_r(issuer, "/", &saveptr); line != NULL;
 		     line = strtok_r(NULL, "/", &saveptr))
 			log_error("        %s\n", line);
 		free(issuer);

src/xml.c

@@ -38,11 +38,9 @@
  */
 const char *xml_find(char t, const char *needle, const char *buf, int nest)
 {
-	int i;
-
 	if (!buf)
 		return NULL;
-	for (i = 0; buf[i]; i++) {
+	for (int i = 0; buf[i]; i++) {
 		if (buf[i] == '<' && buf[i + 1] != '/')
 			nest++;
 		if (buf[i] == '/')