From 3088c76c8cbbf9b2a9bd264d8f79060b096f04bc Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Mon, 28 Dec 2020 09:13:21 -0500
Subject: [PATCH] [mod_mbedtls] use local strncmp_const()

On some older gcc, strncmp is a macro and expects three arguments,
but does not see expansion of lighttpd CONST_STR_LEN() macro before
warning/error about incorrect number of arguments
---
 src/mod_mbedtls.c | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/src/mod_mbedtls.c b/src/mod_mbedtls.c
index 5a73e651..0d367a96 100644
--- a/src/mod_mbedtls.c
+++ b/src/mod_mbedtls.c
@@ -3155,27 +3155,28 @@ mod_mbedtls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer
         /* manually handle first token, since one-offs apply */
         /* (openssl syntax NOT fully supported) */
         int default_suite = 0;
-        if (0 == strncmp(e, "!ALL", 4) || 0 == strncmp(e, "-ALL", 4)) {
+        #define strncmp_const(s,cs) strncmp((s),(cs),sizeof(cs)-1)
+        if (0 == strncmp_const(e, "!ALL") || 0 == strncmp_const(e, "-ALL")) {
             /* "!ALL" excluding all ciphers does not make sense; ignore */
             e += sizeof("!ALL")-1; /* same as sizeof("-ALL")-1 */
         }
-        else if (0 == strncmp(e, CONST_STR_LEN("!DEFAULT"))
-              || 0 == strncmp(e, CONST_STR_LEN("-DEFAULT"))) {
+        else if (0 == strncmp_const(e, "!DEFAULT")
+              || 0 == strncmp_const(e, "-DEFAULT")) {
             /* "!DEFAULT" excluding default ciphers is empty list; no effect */
             e += sizeof("!DEFAULT")-1; /* same as sizeof("-DEFAULT")-1 */
         }
-        else if (0 == strncmp(e, CONST_STR_LEN("DEFAULT"))) {
+        else if (0 == strncmp_const(e, "DEFAULT")) {
             e += sizeof("DEFAULT")-1;
             default_suite = 1;
         }
         else if (0 == /* effectively the same as "DEFAULT" */
-                 strncmp(e, CONST_STR_LEN("ALL:!COMPLEMENTOFDEFAULT:!eNULL"))) {
+                 strncmp_const(e, "ALL:!COMPLEMENTOFDEFAULT:!eNULL")) {
             e += sizeof("ALL:!COMPLEMENTOFDEFAULT:!eNULL")-1;
             default_suite = 1;
         }
-        else if (0 == strncmp(e, CONST_STR_LEN("SUITEB128"))
-              || 0 == strncmp(e, CONST_STR_LEN("SUITEB128ONLY"))
-              || 0 == strncmp(e, CONST_STR_LEN("SUITEB192"))) {
+        else if (0 == strncmp_const(e, "SUITEB128")
+              || 0 == strncmp_const(e, "SUITEB128ONLY")
+              || 0 == strncmp_const(e, "SUITEB192")) {
             mbedtls_ssl_conf_cert_profile(s->ssl_ctx,
                                           &mbedtls_x509_crt_profile_suiteb);
             /* re-initialize mbedtls_ssl_config defaults */
@@ -3190,7 +3191,7 @@ mod_mbedtls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer
                      "Init of ssl config context SUITEB defaults failed");
                 return 0;
             }
-            e += (0 == strncmp(e, CONST_STR_LEN("SUITEB128ONLY")))
+            e += (0 == strncmp_const(e, "SUITEB128ONLY"))
                  ? sizeof("SUITEB128ONLY")-1
                  : sizeof("SUITEB128")-1;
             if (*e)