make libfko pointers constant where possible

lib/fko.h

@@ -202,14 +202,6 @@ typedef enum {
 #define B64_GPG_PREFIX "hQ"
 #define B64_GPG_PREFIX_STR_LEN 2
 
-/* Define the consistent prefixes or salt on some encryption schemes.
-*/
-#define B64_RIJNDAEL_SALT "U2FsdGVkX1"
-#define B64_RIJNDAEL_SALT_STR_LEN 10
-
-#define B64_GPG_PREFIX "hQ"
-#define B64_GPG_PREFIX_STR_LEN 2
-
 /* The context holds the global state and config options, as
  * well as some intermediate results during processing. This
  * is an opaque pointer.
@@ -238,23 +230,23 @@ enum {
 /* General api calls
 */
 DLL_API int fko_new(fko_ctx_t *ctx);
-DLL_API int fko_new_with_data(fko_ctx_t *ctx, const char *enc_msg,
+DLL_API int fko_new_with_data(fko_ctx_t *ctx, const char * const enc_msg,
-    const char *dec_key, const int dec_key_len, int encryption_mode,
+    const char * const dec_key, const int dec_key_len, int encryption_mode,
-    const char *hmac_key, const int hmac_key_len);
+    const char * const hmac_key, const int hmac_key_len);
 DLL_API void fko_destroy(fko_ctx_t ctx);
-DLL_API int fko_spa_data_final(fko_ctx_t ctx, const char *enc_key,
+DLL_API int fko_spa_data_final(fko_ctx_t ctx, const char * const enc_key,
-    const int enc_key_len, const char *hmac_key, const int hmac_key_len);
+    const int enc_key_len, const char * const hmac_key, const int hmac_key_len);
 
 
 /* Set context data functions
 */
-DLL_API int fko_set_rand_value(fko_ctx_t ctx, const char *val);
+DLL_API int fko_set_rand_value(fko_ctx_t ctx, const char * const val);
-DLL_API int fko_set_username(fko_ctx_t ctx, const char *spoof_user);
+DLL_API int fko_set_username(fko_ctx_t ctx, const char * const spoof_user);
 DLL_API int fko_set_timestamp(fko_ctx_t ctx, const int offset);
 DLL_API int fko_set_spa_message_type(fko_ctx_t ctx, const short msg_type);
-DLL_API int fko_set_spa_message(fko_ctx_t ctx, const char *msg_string);
+DLL_API int fko_set_spa_message(fko_ctx_t ctx, const char * const msg_string);
-DLL_API int fko_set_spa_nat_access(fko_ctx_t ctx, const char *nat_access);
+DLL_API int fko_set_spa_nat_access(fko_ctx_t ctx, const char * const nat_access);
-DLL_API int fko_set_spa_server_auth(fko_ctx_t ctx, const char *server_auth);
+DLL_API int fko_set_spa_server_auth(fko_ctx_t ctx, const char * const server_auth);
 DLL_API int fko_set_spa_client_timeout(fko_ctx_t ctx, const int timeout);
 DLL_API int fko_set_spa_digest_type(fko_ctx_t ctx, const short digest_type);
 DLL_API int fko_set_spa_digest(fko_ctx_t ctx);
@@ -262,26 +254,26 @@ DLL_API int fko_set_raw_spa_digest_type(fko_ctx_t ctx, const short raw_digest_ty
 DLL_API int fko_set_raw_spa_digest(fko_ctx_t ctx);
 DLL_API int fko_set_spa_encryption_type(fko_ctx_t ctx, const short encrypt_type);
 DLL_API int fko_set_spa_encryption_mode(fko_ctx_t ctx, const int encrypt_mode);
-DLL_API int fko_set_spa_data(fko_ctx_t ctx, const char *enc_msg);
+DLL_API int fko_set_spa_data(fko_ctx_t ctx, const char * const enc_msg);
 DLL_API int fko_set_hmac_mode(fko_ctx_t ctx, const short hmac_mode);
 
 /* Data processing and misc utility functions
 */
 DLL_API const char* fko_errstr(const int err_code);
-DLL_API int fko_encryption_type(const char *enc_data);
+DLL_API int fko_encryption_type(const char * const enc_data);
-DLL_API int fko_key_gen(char *key_base64, char *hmac_key_base64);
+DLL_API int fko_key_gen(char * const key_base64, char * const hmac_key_base64);
-DLL_API int fko_base64_encode(unsigned char *in, char *out, int in_len);
+DLL_API int fko_base64_encode(unsigned char * const in, char * const out, int in_len);
-DLL_API int fko_base64_decode(const char *in, unsigned char *out);
+DLL_API int fko_base64_decode(const char * const in, unsigned char *out);
 
 DLL_API int fko_encode_spa_data(fko_ctx_t ctx);
 DLL_API int fko_decode_spa_data(fko_ctx_t ctx);
-DLL_API int fko_encrypt_spa_data(fko_ctx_t ctx, const char *enc_key,
+DLL_API int fko_encrypt_spa_data(fko_ctx_t ctx, const char * const enc_key,
     const int enc_key_len);
-DLL_API int fko_decrypt_spa_data(fko_ctx_t ctx, const char *dec_key,
+DLL_API int fko_decrypt_spa_data(fko_ctx_t ctx, const char * const dec_key,
     const int dec_key_len);
-DLL_API int fko_verify_hmac(fko_ctx_t ctx, const char *hmac_key,
+DLL_API int fko_verify_hmac(fko_ctx_t ctx, const char * const hmac_key,
     const int hmac_key_len);
-DLL_API int fko_calculate_hmac(fko_ctx_t ctx, const char *hmac_key,
+DLL_API int fko_calculate_hmac(fko_ctx_t ctx, const char * const hmac_key,
     const int hmac_key_len);
 DLL_API int fko_get_hmac_data(fko_ctx_t ctx, char **enc_data);
 
@@ -309,14 +301,14 @@ DLL_API int fko_get_spa_data(fko_ctx_t ctx, char **spa_data);
 DLL_API int fko_get_version(fko_ctx_t ctx, char **version);
 
 /* GPG-related functions */
-DLL_API int fko_set_gpg_exe(fko_ctx_t ctx, const char *gpg_exe);
+DLL_API int fko_set_gpg_exe(fko_ctx_t ctx, const char * const gpg_exe);
 DLL_API int fko_get_gpg_exe(fko_ctx_t ctx, char **gpg_exe);
 
-DLL_API int fko_set_gpg_recipient(fko_ctx_t ctx, const char *recip);
+DLL_API int fko_set_gpg_recipient(fko_ctx_t ctx, const char * const recip);
 DLL_API int fko_get_gpg_recipient(fko_ctx_t ctx, char **recip);
-DLL_API int fko_set_gpg_signer(fko_ctx_t ctx, const char *signer);
+DLL_API int fko_set_gpg_signer(fko_ctx_t ctx, const char * const signer);
 DLL_API int fko_get_gpg_signer(fko_ctx_t ctx, char **signer);
-DLL_API int fko_set_gpg_home_dir(fko_ctx_t ctx, const char *gpg_home_dir);
+DLL_API int fko_set_gpg_home_dir(fko_ctx_t ctx, const char * const gpg_home_dir);
 DLL_API int fko_get_gpg_home_dir(fko_ctx_t ctx, char **gpg_home_dir);
 
 DLL_API const char* fko_gpg_errstr(fko_ctx_t ctx);
@@ -324,21 +316,21 @@ DLL_API const char* fko_gpg_errstr(fko_ctx_t ctx);
 DLL_API int fko_set_gpg_signature_verify(fko_ctx_t ctx,
     const unsigned char val);
 DLL_API int fko_get_gpg_signature_verify(fko_ctx_t ctx,
-    unsigned char *val);
+    unsigned char * const val);
 DLL_API int fko_set_gpg_ignore_verify_error(fko_ctx_t ctx,
     const unsigned char val);
 DLL_API int fko_get_gpg_ignore_verify_error(fko_ctx_t ctx,
-    unsigned char *val);
+    unsigned char * const val);
 
 DLL_API int fko_get_gpg_signature_id(fko_ctx_t ctx, char **sig_id);
 DLL_API int fko_get_gpg_signature_fpr(fko_ctx_t ctx, char **sig_fpr);
 DLL_API int fko_get_gpg_signature_summary(fko_ctx_t ctx, int *sigsum);
 DLL_API int fko_get_gpg_signature_status(fko_ctx_t ctx, int *sigstat);
 
-DLL_API int fko_gpg_signature_id_match(fko_ctx_t ctx, const char *id,
+DLL_API int fko_gpg_signature_id_match(fko_ctx_t ctx, const char * const id,
-    unsigned char *result);
+    unsigned char * const result);
-DLL_API int fko_gpg_signature_fpr_match(fko_ctx_t ctx, const char *fpr,
+DLL_API int fko_gpg_signature_fpr_match(fko_ctx_t ctx, const char * const fpr,
-    unsigned char *result);
+    unsigned char * const result);
 
 #ifdef __cplusplus
 }

lib/fko_encryption.c

@@ -439,7 +439,7 @@ fko_get_spa_encryption_mode(fko_ctx_t ctx, int *enc_mode)
 /* Encrypt the encoded SPA data.
 */
 int
-fko_encrypt_spa_data(fko_ctx_t ctx, const char *enc_key, const int enc_key_len)
+fko_encrypt_spa_data(fko_ctx_t ctx, const char * const enc_key, const int enc_key_len)
 {
     int             res = 0;
 
@@ -485,7 +485,7 @@ fko_encrypt_spa_data(fko_ctx_t ctx, const char *enc_key, const int enc_key_len)
 /* Decode, decrypt, and parse SPA data into the context.
 */
 int
-fko_decrypt_spa_data(fko_ctx_t ctx, const char *dec_key, const int key_len)
+fko_decrypt_spa_data(fko_ctx_t ctx, const char * const dec_key, const int key_len)
 {
     int     enc_type, res;
 
@@ -518,7 +518,7 @@ fko_decrypt_spa_data(fko_ctx_t ctx, const char *dec_key, const int key_len)
 /* Return the assumed encryption type based on the raw encrypted data.
 */
 int
-fko_encryption_type(const char *enc_data)
+fko_encryption_type(const char * const enc_data)
 {
     int enc_data_len;
 
@@ -587,7 +587,7 @@ fko_set_gpg_recipient(fko_ctx_t ctx, const char *recip)
 /* Set the GPG home dir.
 */
 int
-fko_set_gpg_exe(fko_ctx_t ctx, const char *gpg_exe)
+fko_set_gpg_exe(fko_ctx_t ctx, const char * const gpg_exe)
 {
 #if HAVE_LIBGPGME
     struct stat     st;
@@ -657,7 +657,7 @@ fko_get_gpg_recipient(fko_ctx_t ctx, char **recipient)
 /* Set the GPG signer key name.
 */
 int
-fko_set_gpg_signer(fko_ctx_t ctx, const char *signer)
+fko_set_gpg_signer(fko_ctx_t ctx, const char * const signer)
 {
 #if HAVE_LIBGPGME
     int             res;
@@ -717,7 +717,7 @@ fko_get_gpg_signer(fko_ctx_t ctx, char **signer)
 /* Set the GPG home dir.
 */
 int
-fko_set_gpg_home_dir(fko_ctx_t ctx, const char *gpg_home_dir)
+fko_set_gpg_home_dir(fko_ctx_t ctx, const char * const gpg_home_dir)
 {
 #if HAVE_LIBGPGME
     struct stat     st;
@@ -782,7 +782,7 @@ fko_set_gpg_signature_verify(fko_ctx_t ctx, const unsigned char val)
 }
 
 int
-fko_get_gpg_signature_verify(fko_ctx_t ctx, unsigned char *val)
+fko_get_gpg_signature_verify(fko_ctx_t ctx, unsigned char * const val)
 {
 #if HAVE_LIBGPGME
     /* Must be initialized
@@ -816,7 +816,7 @@ fko_set_gpg_ignore_verify_error(fko_ctx_t ctx, const unsigned char val)
 }
 
 int
-fko_get_gpg_ignore_verify_error(fko_ctx_t ctx, unsigned char *val)
+fko_get_gpg_ignore_verify_error(fko_ctx_t ctx, unsigned char * const val)
 {
 #if HAVE_LIBGPGME
     /* Must be initialized
@@ -962,7 +962,8 @@ fko_get_gpg_signature_status(fko_ctx_t ctx, int *sigstat)
 }
 
 int
-fko_gpg_signature_id_match(fko_ctx_t ctx, const char *id, unsigned char *result)
+fko_gpg_signature_id_match(fko_ctx_t ctx, const char * const id,
+        unsigned char * const result)
 {
 #if HAVE_LIBGPGME
     char *curr_id;
@@ -998,7 +999,8 @@ fko_gpg_signature_id_match(fko_ctx_t ctx, const char *id, unsigned char *result)
 }
 
 int
-fko_gpg_signature_fpr_match(fko_ctx_t ctx, const char *id, unsigned char *result)
+fko_gpg_signature_fpr_match(fko_ctx_t ctx, const char * const id,
+        unsigned char * const result)
 {
 #if HAVE_LIBGPGME
     /* Must be initialized

lib/fko_funcs.c

@@ -170,9 +170,9 @@ fko_new(fko_ctx_t *r_ctx)
  * and parsing the provided data into the context data.
 */
 int
-fko_new_with_data(fko_ctx_t *r_ctx, const char *enc_msg,
+fko_new_with_data(fko_ctx_t *r_ctx, const char * const enc_msg,
-    const char *dec_key, const int dec_key_len,
+    const char * const dec_key, const int dec_key_len,
-    int encryption_mode, const char *hmac_key,
+    int encryption_mode, const char * const hmac_key,
     const int hmac_key_len)
 {
     fko_ctx_t   ctx;
@@ -350,7 +350,7 @@ fko_destroy(fko_ctx_t ctx)
  * encode them
 */
 int
-fko_key_gen(char *key_base64, char *hmac_key_base64)
+fko_key_gen(char * const key_base64, char * const hmac_key_base64)
 {
     unsigned char key[RIJNDAEL_MAX_KEYSIZE];
     unsigned char hmac_key[SHA256_BLOCK_LEN];
@@ -367,13 +367,13 @@ fko_key_gen(char *key_base64, char *hmac_key_base64)
 /* Provide an FKO wrapper around base64 encode/decode functions
 */
 int
-fko_base64_encode(unsigned char *in, char *out, int in_len)
+fko_base64_encode(unsigned char * const in, char * const out, int in_len)
 {
     return b64_encode(in, out, in_len);
 }
 
 int
-fko_base64_decode(const char *in, unsigned char *out)
+fko_base64_decode(const char * const in, unsigned char *out)
 {
     return b64_decode(in, out);
 }
@@ -399,8 +399,8 @@ fko_get_version(fko_ctx_t ctx, char **version)
 */
 int
 fko_spa_data_final(fko_ctx_t ctx,
-    const char *enc_key, const int enc_key_len,
+    const char * const enc_key, const int enc_key_len,
-    const char *hmac_key, const int hmac_key_len)
+    const char * const hmac_key, const int hmac_key_len)
 {
     char   *tbuf;
     int     res = 0, data_with_hmac_len = 0;
@@ -475,7 +475,7 @@ fko_get_spa_data(fko_ctx_t ctx, char **spa_data)
 /* Set the fko SPA encrypted data.
 */
 int
-fko_set_spa_data(fko_ctx_t ctx, const char *enc_msg)
+fko_set_spa_data(fko_ctx_t ctx, const char * const enc_msg)
 {
     int         enc_msg_len;
 

lib/fko_hmac.c

@@ -35,7 +35,7 @@
 #include "base64.h"
 
 int fko_verify_hmac(fko_ctx_t ctx,
-    const char *hmac_key, const int hmac_key_len)
+    const char * const hmac_key, const int hmac_key_len)
 {
     char    *hmac_digest_from_data = NULL;
     char    *tbuf = NULL;
@@ -141,7 +141,7 @@ fko_set_hmac_mode(fko_ctx_t ctx, const short hmac_mode)
 }
 
 int fko_calculate_hmac(fko_ctx_t ctx,
-    const char *hmac_key, const int hmac_key_len)
+    const char * const hmac_key, const int hmac_key_len)
 {
     unsigned char hmac[SHA256_DIGEST_STR_LEN] = {0};
     char *hmac_base64 = NULL;

lib/fko_message.c

@@ -156,7 +156,7 @@ fko_get_spa_message_type(fko_ctx_t ctx, short *msg_type)
 /* Set the SPA MESSAGE data
 */
 int
-fko_set_spa_message(fko_ctx_t ctx, const char *msg)
+fko_set_spa_message(fko_ctx_t ctx, const char * const msg)
 {
     int res = FKO_ERROR_UNKNOWN;
 

lib/fko_nat_access.c

@@ -34,7 +34,7 @@
 /* Set the SPA Nat Access data
 */
 int
-fko_set_spa_nat_access(fko_ctx_t ctx, const char *msg)
+fko_set_spa_nat_access(fko_ctx_t ctx, const char * const msg)
 {
     int res = FKO_SUCCESS;
 

lib/fko_rand_value.c

@@ -48,7 +48,7 @@
 /* Set/Generate the SPA data random value string.
 */
 int
-fko_set_rand_value(fko_ctx_t ctx, const char *new_val)
+fko_set_rand_value(fko_ctx_t ctx, const char * const new_val)
 {
 #ifdef WIN32
 	struct _timeb	tb;

lib/fko_server_auth.c

@@ -34,7 +34,7 @@
 /* Set the SPA Server Auth data
 */
 int
-fko_set_spa_server_auth(fko_ctx_t ctx, const char *msg)
+fko_set_spa_server_auth(fko_ctx_t ctx, const char * const msg)
 {
     /****************************************
      *   --DSS This is not supported yet

lib/fko_user.c

@@ -38,7 +38,7 @@
 /* Get or Set the username for the fko context spa data.
 */
 int
-fko_set_username(fko_ctx_t ctx, const char *spoof_user)
+fko_set_username(fko_ctx_t ctx, const char * const spoof_user)
 {
     char   *username = NULL;
     int     res = FKO_SUCCESS;
@@ -74,14 +74,14 @@ fko_set_username(fko_ctx_t ctx, const char *spoof_user)
 #endif
             /* if we still didn't get a username, continue falling back
             */
-			if(username == NULL)
+            if(username == NULL)
-			{
+            {
                 if((username = getenv("USER")) == NULL)
-				{
+                {
-					username = strdup("NO_USER");
+                    username = strdup("NO_USER");
-					if(username == NULL)
+                    if(username == NULL)
-						return(FKO_ERROR_MEMORY_ALLOCATION);
+                        return(FKO_ERROR_MEMORY_ALLOCATION);
-				}
+                }
             }
         }
     }

server/fw_util.h

@@ -59,12 +59,13 @@
  *       They should be implemented in each of the corresponding
  *       fw_util_<fw-type>.c files.
 */
-void fw_config_init(fko_srv_options_t *opts);
+void fw_config_init(fko_srv_options_t * const opts);
-void fw_initialize(const fko_srv_options_t *opts);
+void fw_initialize(const fko_srv_options_t * const opts);
-int fw_cleanup(const fko_srv_options_t *opts);
+int fw_cleanup(const fko_srv_options_t * const opts);
-void check_firewall_rules(const fko_srv_options_t *opts);
+void check_firewall_rules(const fko_srv_options_t * const opts);
-int fw_dump_rules(const fko_srv_options_t *opts);
+int fw_dump_rules(const fko_srv_options_t * const opts);
-int process_spa_request(const fko_srv_options_t *opts, const acc_stanza_t *acc, spa_data_t *spdat);
+int process_spa_request(const fko_srv_options_t * const opts,
+        const acc_stanza_t * const acc, spa_data_t * const spadat);
 
 #endif /* FW_UTIL_H */
 

server/fw_util_iptables.c

@@ -53,7 +53,7 @@ zero_cmd_buffers(void)
 }
 
 static int
-comment_match_exists(const fko_srv_options_t *opts)
+comment_match_exists(const fko_srv_options_t * const opts)
 {
     int               res = 1;
     char             *ndx = NULL;
@@ -117,7 +117,7 @@ comment_match_exists(const fko_srv_options_t *opts)
 }
 
 static int
-add_jump_rule(const fko_srv_options_t *opts, const int chain_num)
+add_jump_rule(const fko_srv_options_t * const opts, const int chain_num)
 {
     int res = 0;
 
@@ -148,7 +148,7 @@ add_jump_rule(const fko_srv_options_t *opts, const int chain_num)
 }
 
 static int
-chain_exists(const fko_srv_options_t *opts, const int chain_num)
+chain_exists(const fko_srv_options_t * const opts, const int chain_num)
 {
     int res = 0;
 
@@ -227,7 +227,7 @@ jump_rule_exists(const int chain_num)
  * daemon to stdout.
 */
 int
-fw_dump_rules(const fko_srv_options_t *opts)
+fw_dump_rules(const fko_srv_options_t * const opts)
 {
     int     i;
     int     res, got_err = 0;
@@ -312,7 +312,7 @@ fw_dump_rules(const fko_srv_options_t *opts)
 /* Quietly flush and delete all fwknop custom chains.
 */
 static void
-delete_all_chains(const fko_srv_options_t *opts)
+delete_all_chains(const fko_srv_options_t * const opts)
 {
     int     i, res;
     int     jump_rule_num;
@@ -374,7 +374,7 @@ delete_all_chains(const fko_srv_options_t *opts)
 }
 
 static int
-create_chain(const fko_srv_options_t *opts, const int chain_num)
+create_chain(const fko_srv_options_t * const opts, const int chain_num)
 {
     int res = 0;
 
@@ -404,7 +404,7 @@ create_chain(const fko_srv_options_t *opts, const int chain_num)
 /* Create the fwknop custom chains (at least those that are configured).
 */
 static int
-create_fw_chains(const fko_srv_options_t *opts)
+create_fw_chains(const fko_srv_options_t * const opts)
 {
     int     i, got_err = 0;
 
@@ -431,18 +431,23 @@ create_fw_chains(const fko_srv_options_t *opts)
     return(got_err);
 }
 
-
 static void
-set_fw_chain_conf(const int type, char *conf_str)
+set_fw_chain_conf(const int type, const char * const conf_str)
 {
     int i, j;
     char tbuf[1024]     = {0};
-    char *ndx           = conf_str;
+    const char *ndx     = conf_str;
 
     char *chain_fields[FW_NUM_CHAIN_FIELDS];
 
     struct fw_chain *chain = &(fwc.chain[type]);
 
+    if(conf_str == NULL)
+    {
+        fprintf(stderr, "[*] NULL conf_str.\n");
+        exit(EXIT_FAILURE);
+    }
+
     chain->type = type;
 
     if(ndx != NULL)
@@ -497,7 +502,7 @@ set_fw_chain_conf(const int type, char *conf_str)
 }
 
 void
-fw_config_init(fko_srv_options_t *opts)
+fw_config_init(fko_srv_options_t * const opts)
 {
 
     memset(&fwc, 0x0, sizeof(struct fw_config));
@@ -553,7 +558,7 @@ fw_config_init(fko_srv_options_t *opts)
 }
 
 void
-fw_initialize(const fko_srv_options_t *opts)
+fw_initialize(const fko_srv_options_t * const opts)
 {
     int res;
 
@@ -583,7 +588,7 @@ fw_initialize(const fko_srv_options_t *opts)
 }
 
 int
-fw_cleanup(const fko_srv_options_t *opts)
+fw_cleanup(const fko_srv_options_t * const opts)
 {
     if(strncasecmp(opts->config[CONF_FLUSH_IPT_AT_EXIT], "N", 1) == 0)
         return(0);
@@ -593,7 +598,8 @@ fw_cleanup(const fko_srv_options_t *opts)
 }
 
 static int
-rule_exists(const fko_srv_options_t *opts, const char *fw_chain, const char *fw_rule)
+rule_exists(const fko_srv_options_t * const opts,
+        const char * const fw_chain, const char * const fw_rule)
 {
     int     rule_exists = 0;
     int     res = 0;
@@ -623,7 +629,8 @@ rule_exists(const fko_srv_options_t *opts, const char *fw_chain, const char *fw_
     return rule_exists;
 }
 
-static int create_rule(const fko_srv_options_t *opts, const char *fw_chain, const char *fw_rule)
+static int create_rule(const fko_srv_options_t * const opts,
+        const char * const fw_chain, const char * const fw_rule)
 {
     int res;
 
@@ -657,7 +664,8 @@ static int create_rule(const fko_srv_options_t *opts, const char *fw_chain, cons
 /* Rule Processing - Create an access request...
 */
 int
-process_spa_request(const fko_srv_options_t *opts, const acc_stanza_t *acc, spa_data_t *spadat)
+process_spa_request(const fko_srv_options_t * const opts,
+        const acc_stanza_t * const acc, spa_data_t * const spadat)
 {
     char             nat_ip[MAX_IPV4_STR_LEN] = {0};
     char             snat_target[SNAT_TARGET_BUFSIZE] = {0};
@@ -667,15 +675,15 @@ process_spa_request(const fko_srv_options_t *opts, const acc_stanza_t *acc, spa_
     unsigned int     nat_port = 0;
 
     acc_port_list_t *port_list = NULL;
-    acc_port_list_t *ple;
+    acc_port_list_t *ple = NULL;
 
     unsigned int    fst_proto;
     unsigned int    fst_port;
 
-    struct fw_chain *in_chain   = &(opts->fw_config->chain[IPT_INPUT_ACCESS]);
+    struct fw_chain * const in_chain   = &(opts->fw_config->chain[IPT_INPUT_ACCESS]);
-    struct fw_chain *out_chain  = &(opts->fw_config->chain[IPT_OUTPUT_ACCESS]);
+    struct fw_chain * const out_chain  = &(opts->fw_config->chain[IPT_OUTPUT_ACCESS]);
-    struct fw_chain *fwd_chain  = &(opts->fw_config->chain[IPT_FORWARD_ACCESS]);
+    struct fw_chain * const fwd_chain  = &(opts->fw_config->chain[IPT_FORWARD_ACCESS]);
-    struct fw_chain *dnat_chain = &(opts->fw_config->chain[IPT_DNAT_ACCESS]);
+    struct fw_chain * const dnat_chain = &(opts->fw_config->chain[IPT_DNAT_ACCESS]);
     struct fw_chain *snat_chain; /* We assign this later (if we need to). */
 
     int             res = 0;
@@ -1010,7 +1018,7 @@ process_spa_request(const fko_srv_options_t *opts, const acc_stanza_t *acc, spa_
  * firewall rules.
 */
 void
-check_firewall_rules(const fko_srv_options_t *opts)
+check_firewall_rules(const fko_srv_options_t * const opts)
 {
     char             exp_str[12];
     char             rule_num_str[6];

server/fwknopd.c

@@ -42,9 +42,10 @@
 
 /* Prototypes
 */
-static void check_dir_path(const char *path, const char *path_name, const unsigned char use_basename);
+static void check_dir_path(const char * const path,
-static int make_dir_path(const char *path);
+        const char * const path_name, const unsigned char use_basename);
-static void daemonize_process(fko_srv_options_t *opts);
+static int make_dir_path(const char * const path);
+static void daemonize_process(fko_srv_options_t * const opts);
 static int write_pid_file(fko_srv_options_t *opts);
 static pid_t get_running_pid(const fko_srv_options_t *opts);
 
@@ -381,7 +382,7 @@ main(int argc, char **argv)
 /* Ensure the specified directory exists.  If not, create it or die.
 */
 static void
-check_dir_path(const char *filepath, const char *fp_desc, const unsigned char use_basename)
+check_dir_path(const char * const filepath, const char * const fp_desc, const unsigned char use_basename)
 {
     struct stat     st;
     int             res = 0;
@@ -466,7 +467,7 @@ check_dir_path(const char *filepath, const char *fp_desc, const unsigned char us
 }
 
 static int
-make_dir_path(const char *run_dir)
+make_dir_path(const char * const run_dir)
 {
     struct stat     st;
     int             res = 0, len = 0;
@@ -535,7 +536,7 @@ make_dir_path(const char *run_dir)
  * and close unneeded standard filehandles.
 */
 static void
-daemonize_process(fko_srv_options_t *opts)
+daemonize_process(fko_srv_options_t * const opts)
 {
     pid_t pid, old_pid;