Address various minor clang-tidy warnings (#1513)

No specific methodology other than checking the github CI output for the
`clang-tidy` job, and fixing things one at a time.

.clang-tidy

@@ -1,5 +1,7 @@
 ---
 Checks: 'clang-diagnostic-*,
+	,-clang-diagnostic-ignored-optimization-argument,
+	,-cplusplus.InnerPointer,
 	,clang-analyzer-*,
 	,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,
 	,-clang-analyzer-security.insecureAPI.strcpy,
@@ -7,6 +9,7 @@ Checks: 'clang-diagnostic-*,
 	,bugprone-*,
 	,-bugprone-easily-swappable-parameters,
 	,performance-*,
+	,-performance-no-int-to-ptr,
 	,readability-*,
 	,-readability-braces-around-statements,
 	,-readability-identifier-length,
@@ -15,8 +18,8 @@ Checks: 'clang-diagnostic-*,
 	,-readability-function-cognitive-complexity,
 	,-readability-uppercase-literal-suffix,
 	,modernize-*,
-	,-modernize-use-trailing-return-type,
 	,-modernize-use-auto,
-	,-cplusplus.InnerPointer,
-	,-clang-diagnostic-ignored-optimization-argument,
+	,-modernize-avoid-c-arrays,
+	,-modernize-redundant-void-arg,
+	,-modernize-use-trailing-return-type,
 '

src/apps/common/ns_turn_utils.c

@@ -112,39 +112,60 @@ int turn_mutex_unlock(const turn_mutex *mutex) {
 }
 
 int turn_mutex_init(turn_mutex *mutex) {
-  if (mutex) {
-    mutex->data = MAGIC_CODE;
-    mutex->mutex = (pthread_mutex_t *)malloc(sizeof(pthread_mutex_t));
-    pthread_mutex_init((pthread_mutex_t *)mutex->mutex, NULL);
-    return 0;
-  } else {
+  if (!mutex) {
+    return -1;
+  }
+
+  mutex->mutex = (pthread_mutex_t *)malloc(sizeof(pthread_mutex_t));
+  if (!(mutex->mutex)) {
+    perror("Cannot allocate mutex");
+    return -1;
+  }
+
+  if (pthread_mutex_init((pthread_mutex_t *)mutex->mutex, NULL) != 0) {
+    perror("Cannot init mutex");
+    free(mutex->mutex);
+    mutex->mutex = NULL;
     return -1;
   }
+
+  mutex->data = MAGIC_CODE;
+  return 0;
 }
 
 int turn_mutex_init_recursive(turn_mutex *mutex) {
-  int ret = -1;
-  if (mutex) {
-    pthread_mutexattr_t attr;
-    if (pthread_mutexattr_init(&attr) < 0) {
-      perror("Cannot init mutex attr");
-    } else {
-      if (pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE) < 0) {
-        perror("Cannot set type on mutex attr");
-      } else {
-        mutex->data = MAGIC_CODE;
-        mutex->mutex = (pthread_mutex_t *)malloc(sizeof(pthread_mutex_t));
-        if ((ret = pthread_mutex_init((pthread_mutex_t *)mutex->mutex, &attr)) < 0) {
-          perror("Cannot init mutex");
-          mutex->data = 0;
-          free(mutex->mutex);
-          mutex->mutex = NULL;
-        }
-      }
-      pthread_mutexattr_destroy(&attr);
-    }
+  if (!mutex) {
+    return -1;
   }
-  return ret;
+
+  pthread_mutexattr_t attr;
+  if (pthread_mutexattr_init(&attr) != 0) {
+    perror("Cannot init mutex attr");
+    return -1;
+  }
+
+  if (pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE) != 0) {
+    perror("Cannot set type on mutex attr");
+    return -1;
+  }
+
+  mutex->mutex = (pthread_mutex_t *)malloc(sizeof(pthread_mutex_t));
+  if (!(mutex->mutex)) {
+    perror("Cannot allocate mutex");
+    return -1;
+  }
+
+  if (pthread_mutex_init((pthread_mutex_t *)mutex->mutex, &attr) != 0) {
+    perror("Cannot init mutex");
+    free(mutex->mutex);
+    mutex->mutex = NULL;
+    return -1;
+  }
+
+  pthread_mutexattr_destroy(&attr);
+
+  mutex->data = MAGIC_CODE;
+  return 0;
 }
 
 int turn_mutex_destroy(turn_mutex *mutex) {
@@ -280,7 +301,7 @@ static void get_date(char *s, size_t sz) {
 void set_logfile(const char *fn) {
   if (fn) {
     log_lock();
-    if (strcmp(fn, log_fn_base)) {
+    if (strcmp(fn, log_fn_base) != 0) {
       reset_rtpprintf();
       STRCPY(log_fn_base, fn);
     }
@@ -501,7 +522,7 @@ void rollover_logfile(void) {
     char logf[FILE_STR_LEN];
 
     set_log_file_name(log_fn_base, logf);
-    if (strcmp(log_fn, logf)) {
+    if (strcmp(log_fn, logf) != 0) {
       fclose(_rtpfile);
       log_fn[0] = 0;
       _rtpfile = fopen(logf, "w");

src/apps/natdiscovery/natdiscovery.c

@@ -165,7 +165,6 @@ static int stunclient_receive(int sockfd, ioa_addr *local_addr, ioa_addr *reflex
   {
     int len = 0;
     stun_buffer buf;
-    uint8_t *ptr = buf.buf;
     int recvd = 0;
     const int to_recv = sizeof(buf.buf);
     struct timeval tv;
@@ -176,10 +175,9 @@ static int stunclient_receive(int sockfd, ioa_addr *local_addr, ioa_addr *reflex
     setsockopt(sockfd, SOL_SOCKET, SO_RCVTIMEO, (char *)&tv, sizeof(struct timeval));
 
     do {
-      len = recv(sockfd, ptr, to_recv - recvd, 0);
+      len = recv(sockfd, buf.buf, to_recv - recvd, 0);
       if (len > 0) {
         recvd += len;
-        ptr += len;
         break;
       }
     } while (len < 0 && socket_eintr());
@@ -377,8 +375,8 @@ static int stunclient_send(stun_buffer *buf, int sockfd, ioa_addr *local_addr, i
   }
 
   {
-    int len = 0;
-    int slen = get_ioa_addr_len(remote_addr);
+    ssize_t len = 0;
+    uint32_t slen = get_ioa_addr_len(remote_addr);
 
     do {
       len = sendto(sockfd, buf->buf, buf->len, 0, (struct sockaddr *)remote_addr, (socklen_t)slen);
@@ -403,9 +401,8 @@ static int stunclient_receive(stun_buffer *buf, int sockfd, ioa_addr *local_addr
   int ret = 0;
 
   {
-    int len = 0;
-    uint8_t *ptr = buf->buf;
-    int recvd = 0;
+    ssize_t len = 0;
+    ssize_t recvd = 0;
     const int to_recv = sizeof(buf->buf);
     struct timeval tv;
 
@@ -415,10 +412,9 @@ static int stunclient_receive(stun_buffer *buf, int sockfd, ioa_addr *local_addr
     setsockopt(sockfd, SOL_SOCKET, SO_RCVTIMEO, (char *)&tv, sizeof(struct timeval));
 
     do {
-      len = recv(sockfd, ptr, to_recv - recvd, 0);
+      len = recv(sockfd, buf->buf, to_recv - recvd, 0);
       if (len > 0) {
         recvd += len;
-        ptr += len;
         break;
       }
     } while (len < 0 && socket_eintr());
@@ -780,13 +776,11 @@ int main(int argc, char **argv) {
     }
     if (rfc5780) {
       if (!addr_any(&other_addr)) {
-        int res = 0;
-        res = run_stunclient(&local_addr, &remote_addr, &reflexive_addr, &other_addr, &local_port, &rfc5780, 1, 1,
-                             padding);
+        int res = run_stunclient(&local_addr, &remote_addr, &reflexive_addr, &other_addr, &local_port, &rfc5780, 1, 1,
+                                 padding);
         if (!res) {
           discoveryresult("NAT with Endpoint Independent Filtering!");
         } else {
-          res = 0;
           res = run_stunclient(&local_addr, &remote_addr, &reflexive_addr, &other_addr, &local_port, &rfc5780, 0, 1,
                                padding);
           if (!res) {

src/apps/peer/mainudpserver.c

@@ -29,13 +29,13 @@
  */
 
 #include "apputils.h"
+#include "ns_turn_defs.h" // for NULL, STRCPY
 #include "ns_turn_utils.h"
 #include "udpserver.h"
 
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <time.h>
 #if defined(_MSC_VER)
 #include <getopt.h>
 #else

src/apps/peer/udpserver.c

@@ -44,10 +44,10 @@ static void udp_server_input_handler(evutil_socket_t fd, short what, void *arg)
 
   ioa_addr *addr = (ioa_addr *)arg;
 
-  int len = 0;
-  int slen = get_ioa_addr_len(addr);
   stun_buffer buffer;
   ioa_addr remote_addr;
+  uint32_t slen = get_ioa_addr_len(addr);
+  ssize_t len = 0;
 
   do {
     len = recvfrom(fd, buffer.buf, sizeof(buffer.buf) - 1, 0, (struct sockaddr *)&remote_addr, (socklen_t *)&slen);

src/apps/relay/acme.c

@@ -18,10 +18,9 @@
 static int is_acme_req(char *req, size_t len) {
   static const char *A = "                                             -  0123456789       ABCDEFGHIJKLMNOPQRSTUVWXYZ  "
                          "  _ abcdefghijklmnopqrstuvwxyz     ";
-  int c, i, k;
 
   // Check first request line. Should be like: GET path HTTP/1.x
-  if (strncmp(req, GET_ACME_PREFIX, GET_ACME_PREFIX_LEN)) {
+  if (strncmp(req, GET_ACME_PREFIX, GET_ACME_PREFIX_LEN) != 0) {
     return -1;
   }
   // Usually (for LE) the "method path" is 32 + 43 = 55 chars. But other
@@ -31,24 +30,24 @@ static int is_acme_req(char *req, size_t len) {
   if (len > 131) {
     len = 131;
   }
-  for (i = GET_ACME_PREFIX_LEN; i < (int)len; i++) {
+  for (size_t i = GET_ACME_PREFIX_LEN; i < len; i++) {
     // find the end of the path
     if (req[i] != ' ') {
       continue;
     }
     // consider path < 10 chars invalid. Also we wanna see a "trailer".
-    if (i < (GET_ACME_PREFIX_LEN + 10) || strncmp(req + i, " HTTP/1.", 8)) {
+    if (i < (GET_ACME_PREFIX_LEN + 10) || strncmp(req + i, " HTTP/1.", 8) != 0) {
       return -2;
     }
     // finally check for allowed chars
-    for (k = GET_ACME_PREFIX_LEN; k < i; k++) {
-      c = req[k];
+    for (size_t k = GET_ACME_PREFIX_LEN; k < i; k++) {
+      const char c = req[k];
       if ((c > 127) || (A[c] == ' ')) {
         return -3;
       }
     }
     // all checks passed: sufficient for us to answer with a redirect
-    return i;
+    return (int)i;
   }
   return -4; // end of path not found
 }
@@ -57,11 +56,11 @@ int try_acme_redirect(char *req, size_t len, const char *url, ioa_socket_handle
   static const char *HTML = "<html><head><title>301 Moved Permanently</title></head>\
 		<body><h1>301 Moved Permanently</h1></body></html>";
   char http_response[1024];
-  size_t plen, rlen;
 
   if (url == NULL || url[0] == '\0' || req == NULL || s == 0) {
     return 1;
   }
+  size_t plen;
   if (len < (GET_ACME_PREFIX_LEN + 32) || len > (512 - GET_ACME_PREFIX_LEN) ||
       (plen = is_acme_req(req, len)) < (GET_ACME_PREFIX_LEN + 1)) {
     return 2;
@@ -78,7 +77,7 @@ int try_acme_redirect(char *req, size_t len, const char *url, ioa_socket_handle
            "\r\n%s",
            strlen(HTML), url, req + GET_ACME_PREFIX_LEN, HTML);
 
-  rlen = strlen(http_response);
+  size_t rlen = strlen(http_response);
 
 #ifdef LIBEV_OK
   ioa_network_buffer_handle nbh_acme = ioa_network_buffer_allocate(s->e);

src/apps/relay/dtls_listener.c

@@ -68,7 +68,7 @@ struct dtls_listener_relay_server_info {
   ioa_socket_handle udp_listen_s;
   ur_addr_map *children_ss; /* map of socket children on remote addr */
   struct message_to_relay sm;
-  int slen0;
+  size_t slen0;
   ioa_engine_new_connection_event_handler connect_cb;
 };
 
@@ -141,8 +141,10 @@ static void calculate_cookie(SSL *ssl, unsigned char *cookie_secret, unsigned in
 }
 
 static int generate_cookie(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len) {
-  unsigned char *buffer, result[EVP_MAX_MD_SIZE];
-  unsigned int length = 0, resultlength;
+  unsigned char *buffer;
+  unsigned char result[EVP_MAX_MD_SIZE];
+  unsigned int length = 0;
+  unsigned int resultlength;
   ioa_addr peer;
 
   unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
@@ -653,13 +655,13 @@ start_udp_cycle:
     ioa_addr orig_addr;
     int ttl = 0;
     int tos = 0;
-    int slen = server->slen0;
+    socklen_t slen = server->slen0;
     udp_recvfrom(fd, &orig_addr, &(server->addr), buffer, (int)sizeof(buffer), &ttl, &tos, server->e->cmsg, eflags,
                  &errcode);
     // try again...
     do {
       bsize = recvfrom(fd, ioa_network_buffer_data(elem), ioa_network_buffer_get_capacity_udp(), flags,
-                       (struct sockaddr *)&(server->sm.m.sm.nd.src_addr), (socklen_t *)&slen);
+                       (struct sockaddr *)&(server->sm.m.sm.nd.src_addr), &slen);
     } while (bsize < 0 && socket_eintr());
 
     conn_reset = is_connreset();

src/apps/relay/http_server.c

@@ -56,23 +56,24 @@ static void write_http_echo(ioa_socket_handle s) {
   if (s && !ioa_socket_tobeclosed(s)) {
     SOCKET_APP_TYPE sat = get_ioa_socket_app_type(s);
     if ((sat == HTTP_CLIENT_SOCKET) || (sat == HTTPS_CLIENT_SOCKET)) {
-      ioa_network_buffer_handle nbh_http = ioa_network_buffer_allocate(s->e);
-      size_t len_http = ioa_network_buffer_get_size(nbh_http);
-      uint8_t *data = ioa_network_buffer_data(nbh_http);
-      char data_http[1025];
       char content_http[1025];
-      const char *title = "TURN Server";
+      const char *const title = "TURN Server";
       snprintf(content_http, sizeof(content_http) - 1,
                "<!DOCTYPE html>\r\n<html>\r\n  <head>\r\n    <title>%s</title>\r\n  </head>\r\n  <body>\r\n    "
                "<b>%s</b> <br> <b><i>use https connection for the admin session</i></b>\r\n  </body>\r\n</html>\r\n",
                title, title);
-      snprintf(
-          data_http, sizeof(data_http) - 1,
-          "HTTP/1.0 200 OK\r\nServer: %s\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: %d\r\n\r\n%.906s",
-          TURN_SOFTWARE, (int)strlen(content_http), content_http);
-      len_http = strlen(data_http);
-      memcpy(data, data_http, len_http);
-      ioa_network_buffer_set_size(nbh_http, len_http);
+
+      char data_http[1025];
+      snprintf(data_http, sizeof(data_http) - 1,
+               "HTTP/1.0 200 OK\r\nServer: %s\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: "
+               "%zu\r\n\r\n%.906s",
+               TURN_SOFTWARE, strlen(content_http), content_http);
+
+      ioa_network_buffer_handle nbh_http = ioa_network_buffer_allocate(s->e);
+      char *data = ioa_network_buffer_data(nbh_http);
+
+      strcpy(data, data_http);
+      ioa_network_buffer_set_size(nbh_http, strlen(data_http));
       send_data_from_ioa_socket_nbh(s, NULL, nbh_http, TTL_IGNORE, TOS_IGNORE, NULL);
     }
   }

src/apps/relay/mainrelay.c

@@ -1793,7 +1793,7 @@ unsigned char *base64decode(const void *b64_decode_this, int decode_this_many_by
   int decoded_byte_index = 0;                     // Index where the next base64_decoded byte should be written.
   while (0 < BIO_read(b64_bio, base64_decoded + decoded_byte_index, 1)) { // Read byte-by-byte.
     decoded_byte_index++; // Increment the index until read of BIO decoded data is complete.
-  }                       // Once we're done reading decoded data, BIO_read returns -1 even though there's no error.
+  } // Once we're done reading decoded data, BIO_read returns -1 even though there's no error.
 
   BIO_free_all(b64_bio); // Destroys all BIOs in chain, starting with b64 (i.e. the 1st one).
   return base64_decoded; // Returns base-64 decoded data with trailing null terminator.

src/apps/relay/netengine.c

@@ -1056,7 +1056,7 @@ static void setup_barriers(void) {
 
 #if !defined(TURN_NO_THREAD_BARRIERS)
   {
-    if (pthread_barrier_init(&barrier, NULL, barrier_count) < 0) {
+    if (pthread_barrier_init(&barrier, NULL, barrier_count) != 0) {
       perror("barrier init");
     }
   }
@@ -1131,7 +1131,7 @@ static void setup_socket_per_endpoint_udp_listener_servers(void) {
   /* Aux UDP servers */
   for (i = 0; i < turn_params.aux_servers_list.size; i++) {
 
-    int index = i;
+    size_t index = i;
 
     if (!turn_params.no_udp || !turn_params.no_dtls) {
 
@@ -1663,8 +1663,7 @@ static void setup_relay_server(struct relay_server *rs, ioa_engine_handle e, int
       &turn_params.ip_blacklist, send_socket_to_relay, &turn_params.secure_stun, &turn_params.mobility,
       turn_params.server_relay, send_turn_session_info, send_https_socket, allocate_bps, turn_params.oauth,
       turn_params.oauth_server_name, turn_params.acme_redirect, turn_params.allocation_default_address_family,
-      &turn_params.log_binding, &turn_params.stun_backward_compatibility,
-      &turn_params.respond_http_unsupported);
+      &turn_params.log_binding, &turn_params.stun_backward_compatibility, &turn_params.respond_http_unsupported);
   if (to_set_rfc5780) {
     set_rfc5780(&(rs->server), get_alt_addr, send_message_from_listener_to_client);
   }

src/apps/relay/prom_server.c

@@ -200,8 +200,6 @@ void start_prometheus_server(void) {
   }
 
   TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "prometheus collector started successfully\n");
-
-  return;
 }
 
 void prom_set_finished_traffic(const char *realm, const char *user, unsigned long rsvp, unsigned long rsvb,

src/apps/relay/turn_admin_server.c

@@ -348,7 +348,7 @@ static void cli_print_ip_range_list(struct cli_session *cs, ip_range_list_t *val
     size_t i;
     for (i = 0; i < value->ranges_number; ++i) {
       if (value->rs[i].realm[0]) {
-        if (cs->realm[0] && strcmp(cs->realm, value->rs[i].realm)) {
+        if (cs->realm[0] && strcmp(cs->realm, value->rs[i].realm) != 0) {
           continue;
         } else {
           myprintf(cs, "  %s: %s (%s)%s\n", name, value->rs[i].str, value->rs[i].realm, sc);
@@ -440,11 +440,11 @@ static bool print_session(ur_map_key_type key, ur_map_value_type value, void *ar
     struct cli_session *cs = csarg->cs;
     struct turn_session_info *tsi = (struct turn_session_info *)value;
 
-    if (cs->realm[0] && strcmp(cs->realm, tsi->realm)) {
+    if (cs->realm[0] && strcmp(cs->realm, tsi->realm) != 0) {
       return false;
     }
 
-    if (cs->origin[0] && strcmp(cs->origin, tsi->origin)) {
+    if (cs->origin[0] && strcmp(cs->origin, tsi->origin) != 0) {
       return false;
     }
 
@@ -487,7 +487,7 @@ static bool print_session(ur_map_key_type key, ur_map_value_type value, void *ar
     } else {
       if (csarg->username[0]) {
         if (csarg->exact_match) {
-          if (strcmp((char *)tsi->username, csarg->username)) {
+          if (strcmp((char *)tsi->username, csarg->username) != 0) {
             return false;
           }
         } else {
@@ -1942,7 +1942,7 @@ static const char *change_ip_addr_html(int dynamic, const char *kind, const char
         realm = "";
       }
 
-      if (current_realm()[0] && strcmp(current_realm(), realm)) {
+      if (current_realm()[0] && strcmp(current_realm(), realm) != 0) {
         // delete forbidden
       } else {
         char *eip = evhttp_encode_uri(ip);
@@ -1963,7 +1963,7 @@ static void https_print_ip_range_list(struct str_buffer *sb, ip_range_list_t *va
       char buffer[1025];
       for (i = 0; i < value->ranges_number; ++i) {
         if (value->rs[i].realm[0]) {
-          if (current_eff_realm()[0] && strcmp(current_eff_realm(), value->rs[i].realm)) {
+          if (current_eff_realm()[0] && strcmp(current_eff_realm(), value->rs[i].realm) != 0) {
             continue;
           } else {
             sbprintf(sb, "<tr><td>  %s</td><td> %s [%s] %s</td></tr>\r\n", name, value->rs[i].str, value->rs[i].realm,

src/apps/relay/turn_ports.c

@@ -93,12 +93,12 @@ static void turnports_randomize(turnports *tp) {
       uint16_t port1 = (uint16_t)(tp->low + (uint16_t)(((unsigned long)turn_random()) % ((unsigned long)size)));
       uint16_t port2 = (uint16_t)(tp->low + (uint16_t)(((unsigned long)turn_random()) % ((unsigned long)size)));
       if (port1 != port2) {
-        int pos1 = tp->status[port1];
-        int pos2 = tp->status[port2];
-        int tmp = (int)tp->status[port1];
+        uint32_t pos1 = tp->status[port1];
+        uint32_t pos2 = tp->status[port2];
+        uint32_t tmp = tp->status[port1];
         tp->status[port1] = tp->status[port2];
-        tp->status[port2] = (uint32_t)tmp;
-        tmp = (int)tp->ports[pos1];
+        tp->status[port2] = tmp;
+        tmp = tp->ports[pos1];
         tp->ports[pos1] = tp->ports[pos2];
         tp->ports[pos2] = (uint16_t)tmp;
       }
@@ -213,44 +213,44 @@ void turnports_release(turnports *tp, uint16_t port) {
 }
 
 int turnports_allocate_even(turnports *tp, int allocate_rtcp, uint64_t *reservation_token) {
-  if (tp) {
-    TURN_MUTEX_LOCK(&tp->mutex);
-    uint16_t size = turnports_size(tp);
-    if (size > 1) {
-      uint16_t i = 0;
-      for (i = 0; i < size; i++) {
-        int port = turnports_allocate(tp);
-        if (port & 0x00000001) {
-          turnports_release(tp, port);
+  if (!tp) {
+    return -1;
+  }
+
+  TURN_MUTEX_LOCK(&tp->mutex);
+  uint16_t size = turnports_size(tp);
+  if (size > 1) {
+    for (uint16_t i = 0; i < size; i++) {
+      int port = turnports_allocate(tp);
+      if (port & 0x00000001) {
+        turnports_release(tp, port);
+      } else {
+        if (!allocate_rtcp) {
+          TURN_MUTEX_UNLOCK(&tp->mutex);
+          return port;
         } else {
-          if (!allocate_rtcp) {
-            TURN_MUTEX_UNLOCK(&tp->mutex);
-            return port;
+          int rtcp_port = port + 1;
+          if ((rtcp_port > tp->range_stop) || !turnports_is_available(tp, rtcp_port)) {
+            turnports_release(tp, port);
           } else {
-            int rtcp_port = port + 1;
-            if (rtcp_port > tp->range_stop) {
-              turnports_release(tp, port);
-            } else if (!turnports_is_available(tp, rtcp_port)) {
-              turnports_release(tp, port);
-            } else {
-              tp->status[port] = TPS_TAKEN_EVEN;
-              tp->status[rtcp_port] = TPS_TAKEN_ODD;
-              if (reservation_token) {
-                uint16_t *v16 = (uint16_t *)reservation_token;
-                uint32_t *v32 = (uint32_t *)reservation_token;
-                v16[0] = (uint16_t)(tp->ports[(uint16_t)(tp->low & 0x0000FFFF)]);
-                v16[1] = (uint16_t)(tp->ports[(uint16_t)(tp->high & 0x0000FFFF)]);
-                v32[1] = (uint32_t)turn_random();
-              }
-              TURN_MUTEX_UNLOCK(&tp->mutex);
-              return port;
+            tp->status[port] = TPS_TAKEN_EVEN;
+            tp->status[rtcp_port] = TPS_TAKEN_ODD;
+            if (reservation_token) {
+              uint16_t *v16 = (uint16_t *)reservation_token;
+              uint32_t *v32 = (uint32_t *)reservation_token;
+              v16[0] = (uint16_t)(tp->ports[(uint16_t)(tp->low & 0x0000FFFF)]);
+              v16[1] = (uint16_t)(tp->ports[(uint16_t)(tp->high & 0x0000FFFF)]);
+              v32[1] = (uint32_t)turn_random();
             }
+            TURN_MUTEX_UNLOCK(&tp->mutex);
+            return port;
           }
         }
       }
     }
-    TURN_MUTEX_UNLOCK(&tp->mutex);
   }
+  TURN_MUTEX_UNLOCK(&tp->mutex);
+
   return -1;
 }
 

src/apps/relay/userdb.h

@@ -187,7 +187,7 @@ void add_to_secrets_list(secrets_list_t *sl, const char *elem);
 
 int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, uint8_t *uname, uint8_t *realm, hmackey_t key,
                  ioa_network_buffer_handle nbh);
-uint8_t *start_user_check(turnserver_id id, turn_credential_type ct, int in_oauth, int *out_oauth, uint8_t *uname,
+uint8_t *start_user_check(turnserver_id id, turn_credential_type ct, int in_oauth, int *out_oauth, uint8_t *usname,
                           uint8_t *realm, get_username_resume_cb resume, ioa_net_data *in_buffer, uint64_t ctxkey,
                           int *postpone_reply);
 int check_new_allocation_quota(uint8_t *username, int oauth, uint8_t *realm);

src/apps/rfc5769/rfc5769check.c

@@ -57,8 +57,8 @@ void print_field5769(const char *name, const void *f0, size_t len);
 void print_field5769(const char *name, const void *f0, size_t len) {
   const unsigned char *f = (const unsigned char *)f0;
   printf("\nfield %s %lu==>>\n", name, (unsigned long)len);
-  size_t i;
-  for (i = 0; i < len; ++i) {
+
+  for (size_t i = 0; i < len; ++i) {
     printf("\\x%02x", (unsigned int)f[i]);
   }
   printf("\n<<==field %s\n", name);
@@ -67,8 +67,6 @@ void print_field5769(const char *name, const void *f0, size_t len) {
 static int check_oauth(void) {
   const char server_name[33] = "blackdow.carleon.gov";
 
-  size_t i_encs;
-
   const char long_term_key[33] = "HGkj32KJGiuy098sdfaqbNjOiaz71923";
 
   size_t ltp_output_length = 0;
@@ -89,7 +87,7 @@ static int check_oauth(void) {
 
   {
     {
-      for (i_encs = 0; encs[i_encs]; ++i_encs) {
+      for (size_t i_encs = 0; encs[i_encs]; ++i_encs) {
         printf("oauth token %s:", encs[i_encs]);
 
         if (print_extra) {
@@ -158,7 +156,7 @@ static int check_oauth(void) {
           }
         }
 
-        if (strcmp((char *)ot.enc_block.mac_key, (char *)dot.enc_block.mac_key)) {
+        if (0 != strcmp((char *)ot.enc_block.mac_key, (char *)dot.enc_block.mac_key)) {
           fprintf(stderr, "%s: wrong mac key: %s, must be %s\n", __FUNCTION__, (char *)dot.enc_block.mac_key,
                   (char *)ot.enc_block.mac_key);
           goto err;
@@ -353,15 +351,13 @@ int main(int argc, const char **argv) {
         printf("failure: length %d, must be %d\n", (int)len, (int)(sizeof(reqltc) - 1));
         exit(-1);
       }
-      if (memcmp(buf, reqltc, len)) {
+      if (memcmp(buf, reqltc, len) != 0) {
         printf("failure: wrong message content\n");
         {
-          int lines = 29;
-          int line = 0;
-          int col = 0;
-          int cols = 4;
-          for (line = 0; line < lines; line++) {
-            for (col = 0; col < cols; col++) {
+          size_t const lines = 29;
+          size_t const cols = 4;
+          for (size_t line = 0; line < lines; line++) {
+            for (size_t col = 0; col < cols; col++) {
               uint8_t c = buf[line * 4 + col];
               printf(" %2x", (int)c);
             }
@@ -562,10 +558,8 @@ int main(int argc, const char **argv) {
     }
   }
 
-  {
-    if (check_oauth() < 0) {
-      exit(-1);
-    }
+  if (check_oauth() < 0) {
+    exit(-1);
   }
 
   return 0;

src/apps/stunclient/stunclient.c

@@ -62,37 +62,36 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780,
                           bool change_port, int padding) {
 
   ioa_addr remote_addr;
-  int new_udp_fd = -1;
 
   memset((void *)&remote_addr, 0, sizeof(ioa_addr));
   if (make_ioa_addr((const uint8_t *)rip, rport, &remote_addr) < 0) {
-    err(-1, NULL);
+    err(-1, nullptr);
   }
 
   if (udp_fd < 0) {
     udp_fd = socket(remote_addr.ss.sa_family, SOCK_DGRAM, 0);
     if (udp_fd < 0) {
-      err(-1, NULL);
+      err(-1, nullptr);
     }
 
     if (!addr_any(&real_local_addr)) {
       if (addr_bind(udp_fd, &real_local_addr, 0, 1, UDP_SOCKET) < 0) {
-        err(-1, NULL);
+        err(-1, nullptr);
       }
     }
   }
 
+  int new_udp_fd = -1;
   if (response_port >= 0) {
-
     new_udp_fd = socket(remote_addr.ss.sa_family, SOCK_DGRAM, 0);
     if (new_udp_fd < 0) {
-      err(-1, NULL);
+      err(-1, nullptr);
     }
 
     addr_set_port(&real_local_addr, response_port);
 
     if (addr_bind(new_udp_fd, &real_local_addr, 0, 1, UDP_SOCKET) < 0) {
-      err(-1, NULL);
+      err(-1, nullptr);
     }
   }
 
@@ -105,10 +104,10 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780,
     rpa.setResponsePort((uint16_t)response_port);
     try {
       req.addAttr(rpa);
-    } catch (turn::WrongStunAttrFormatException &ex1) {
+    } catch (turn::WrongStunAttrFormatException const &ex1) {
       printf("Wrong rp attr format\n");
       exit(-1);
-    } catch (turn::WrongStunBufferFormatException &ex2) {
+    } catch (turn::WrongStunBufferFormatException const &ex2) {
       printf("Wrong stun buffer format (1)\n");
       exit(-1);
     } catch (...) {
@@ -122,10 +121,10 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780,
     cra.setChangePort(change_port);
     try {
       req.addAttr(cra);
-    } catch (turn::WrongStunAttrFormatException &ex1) {
+    } catch (turn::WrongStunAttrFormatException const &ex1) {
       printf("Wrong cr attr format\n");
       exit(-1);
-    } catch (turn::WrongStunBufferFormatException &ex2) {
+    } catch (turn::WrongStunBufferFormatException const &ex2) {
       printf("Wrong stun buffer format (2)\n");
       exit(-1);
     } catch (...) {
@@ -138,10 +137,10 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780,
     pa.setPadding(1500);
     try {
       req.addAttr(pa);
-    } catch (turn::WrongStunAttrFormatException &ex1) {
+    } catch (turn::WrongStunAttrFormatException const &ex1) {
       printf("Wrong p attr format\n");
       exit(-1);
-    } catch (turn::WrongStunBufferFormatException &ex2) {
+    } catch (turn::WrongStunBufferFormatException const &ex2) {
       printf("Wrong stun buffer format (3)\n");
       exit(-1);
     } catch (...) {
@@ -152,7 +151,7 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780,
 
   {
     int len = 0;
-    int slen = get_ioa_addr_len(&remote_addr);
+    ssize_t slen = get_ioa_addr_len(&remote_addr);
 
     do {
       len = sendto(udp_fd, req.getRawBuffer(), req.getSize(), 0, (struct sockaddr *)&remote_addr, (socklen_t)slen);
@@ -169,26 +168,21 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780,
     *port = addr_get_port(&real_local_addr);
   }
 
-  {
-    if (new_udp_fd >= 0) {
-      socket_closesocket(udp_fd);
-      udp_fd = new_udp_fd;
-      new_udp_fd = -1;
-    }
+  if (new_udp_fd >= 0) {
+    socket_closesocket(udp_fd);
+    udp_fd = new_udp_fd;
   }
 
   {
-    int len = 0;
+    ssize_t len = 0;
     stun_buffer buf;
-    uint8_t *ptr = buf.buf;
     int recvd = 0;
     const int to_recv = sizeof(buf.buf);
 
     do {
-      len = recv(udp_fd, ptr, to_recv - recvd, 0);
+      len = recv(udp_fd, buf.buf, to_recv - recvd, 0);
       if (len > 0) {
         recvd += len;
-        ptr += len;
         break;
       }
     } while (len < 0 && socket_eintr());
@@ -257,13 +251,12 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780,
   return 0;
 }
 
-#else
+#else  // ifdef __cplusplus
 
 static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780, int response_port, bool change_ip,
                           bool change_port, int padding) {
 
   ioa_addr remote_addr;
-  int new_udp_fd = -1;
   stun_buffer buf;
 
   memset(&remote_addr, 0, sizeof(remote_addr));
@@ -271,6 +264,7 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780,
     err(-1, NULL);
   }
 
+  int new_udp_fd = -1;
   if (udp_fd < 0) {
     udp_fd = socket(remote_addr.ss.sa_family, CLIENT_DGRAM_SOCKET_TYPE, CLIENT_DGRAM_SOCKET_PROTOCOL);
     if (udp_fd < 0) {
@@ -306,15 +300,14 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780,
   if (change_ip || change_port) {
     stun_attr_add_change_request_str((uint8_t *)buf.buf, (size_t *)&(buf.len), change_ip, change_port);
   }
-  if (padding) {
-    if (!stun_attr_add_padding_str((uint8_t *)buf.buf, (size_t *)&(buf.len), 1500)) {
-      printf("%s: ERROR: Cannot add padding\n", __FUNCTION__);
-    }
+
+  if (padding && !stun_attr_add_padding_str((uint8_t *)buf.buf, (size_t *)&(buf.len), 1500)) {
+    printf("%s: ERROR: Cannot add padding\n", __FUNCTION__);
   }
 
   {
-    int len = 0;
-    int slen = get_ioa_addr_len(&remote_addr);
+    ssize_t len = 0;
+    uint32_t slen = get_ioa_addr_len(&remote_addr);
 
     do {
       len = sendto(udp_fd, buf.buf, buf.len, 0, (struct sockaddr *)&remote_addr, (socklen_t)slen);
@@ -331,25 +324,20 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780,
     *port = addr_get_port(&real_local_addr);
   }
 
-  {
-    if (new_udp_fd >= 0) {
-      socket_closesocket(udp_fd);
-      udp_fd = new_udp_fd;
-      new_udp_fd = -1;
-    }
+  if (new_udp_fd >= 0) {
+    socket_closesocket(udp_fd);
+    udp_fd = new_udp_fd;
   }
 
   {
-    int len = 0;
-    uint8_t *ptr = buf.buf;
+    ssize_t len = 0;
     int recvd = 0;
     const int to_recv = sizeof(buf.buf);
 
     do {
-      len = recv(udp_fd, ptr, to_recv - recvd, 0);
+      len = recv(udp_fd, buf.buf, to_recv - recvd, 0);
       if (len > 0) {
         recvd += len;
-        ptr += len;
         break;
       }
     } while (len < 0 && (socket_eintr() || socket_eagain()));
@@ -414,7 +402,7 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780,
 
   return 0;
 }
-#endif
+#endif // ifdef __cplusplus
 
 //////////////// local definitions /////////////////
 

src/apps/uclient/startuclient.c

@@ -212,17 +212,12 @@ static int clnet_connect(uint16_t clnet_remote_port, const char *remote_address,
                          const char *local_address, bool verbose, app_ur_conn_info *clnet_info) {
 
   ioa_addr local_addr;
-  evutil_socket_t clnet_fd;
-  int connect_err;
   int connect_cycle = 0;
 
   ioa_addr remote_addr;
 
 start_socket:
 
-  clnet_fd = -1;
-  connect_err = 0;
-
   memset(&remote_addr, 0, sizeof(ioa_addr));
   if (make_ioa_addr((const uint8_t *)remote_address, clnet_remote_port, &remote_addr) < 0) {
     return -1;
@@ -230,11 +225,11 @@ start_socket:
 
   memset(&local_addr, 0, sizeof(ioa_addr));
 
-  clnet_fd = socket(remote_addr.ss.sa_family,
-                    use_sctp ? SCTP_CLIENT_STREAM_SOCKET_TYPE
-                             : (use_tcp ? CLIENT_STREAM_SOCKET_TYPE : CLIENT_DGRAM_SOCKET_TYPE),
-                    use_sctp ? SCTP_CLIENT_STREAM_SOCKET_PROTOCOL
-                             : (use_tcp ? CLIENT_STREAM_SOCKET_PROTOCOL : CLIENT_DGRAM_SOCKET_PROTOCOL));
+  evutil_socket_t clnet_fd = socket(
+      remote_addr.ss.sa_family,
+      use_sctp ? SCTP_CLIENT_STREAM_SOCKET_TYPE : (use_tcp ? CLIENT_STREAM_SOCKET_TYPE : CLIENT_DGRAM_SOCKET_TYPE),
+      use_sctp ? SCTP_CLIENT_STREAM_SOCKET_PROTOCOL
+               : (use_tcp ? CLIENT_STREAM_SOCKET_PROTOCOL : CLIENT_DGRAM_SOCKET_PROTOCOL));
   if (clnet_fd < 0) {
     perror("socket");
     exit(-1);
@@ -275,6 +270,7 @@ start_socket:
     addr_bind(clnet_fd, &local_addr, 0, 1, get_socket_type());
   }
 
+  int connect_err = 0;
   if (clnet_info->is_peer) {
     ;
   } else if (socket_connect(clnet_fd, &remote_addr, &connect_err) > 0) {
@@ -558,7 +554,6 @@ beg_allocate:
 
             TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "error %d (%s)\n", err_code, (char *)err_msg);
             if (err_code != 437) {
-              allocate_finished = true;
               current_reservation_token = 0;
               return -1;
             } else {
@@ -825,7 +820,6 @@ beg_bind:
                                                   clnet_info->server_name, &(clnet_info->oauth))) {
           goto beg_bind;
         } else if (stun_is_error_response(&response_message, &err_code, err_msg, sizeof(err_msg))) {
-          cb_received = true;
           TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "channel bind: error %d (%s)\n", err_code, (char *)err_msg);
           return -1;
         } else {
@@ -925,7 +919,6 @@ beg_cp:
                                                   clnet_info->server_name, &(clnet_info->oauth))) {
           goto beg_cp;
         } else if (stun_is_error_response(&response_message, &err_code, err_msg, sizeof(err_msg))) {
-          cp_received = true;
           TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "create permission error %d (%s)\n", err_code, (char *)err_msg);
           return -1;
         } else {

src/apps/uclient/uclient.c

@@ -192,7 +192,6 @@ static int remove_all_from_ss(app_ur_session *ss) {
 
 int send_buffer(app_ur_conn_info *clnet_info, stun_buffer *message, bool data_connection, app_tcp_conn_info *atc) {
 
-  int rc = 0;
   int ret = -1;
 
   char *buffer = (char *)(message->buf);
@@ -282,12 +281,14 @@ int send_buffer(app_ur_conn_info *clnet_info, stun_buffer *message, bool data_co
 
     size_t left = message->len;
 
+    ssize_t rc = 0;
+
     while (left > 0) {
       do {
         rc = send(fd, buffer, left, 0);
       } while (rc <= 0 && (socket_eintr() || socket_enobufs() || socket_eagain()));
       if (rc > 0) {
-        left -= (size_t)rc;
+        left -= rc;
         buffer += rc;
       } else {
         tot_send_dropped += 1;

src/client++/TurnMsgLib.h

@@ -731,7 +731,7 @@ protected:
  */
 class StunMsgRequest : public StunMsg {
 public:
-  StunMsgRequest(uint16_t method) : _method(method){};
+  StunMsgRequest(uint16_t method) : _method(method) {};
   StunMsgRequest(uint8_t *buffer, size_t total_sz, size_t sz, bool constructed)
       : StunMsg(buffer, total_sz, sz, constructed), _method(0) {
 
@@ -804,11 +804,11 @@ private:
  */
 class StunMsgResponse : public StunMsg {
 public:
-  StunMsgResponse(uint16_t method, stun_tid &tid) : _method(method), _err(0), _reason(""), _tid(tid){};
+  StunMsgResponse(uint16_t method, stun_tid &tid) : _method(method), _err(0), _reason(""), _tid(tid) {};
   StunMsgResponse(uint16_t method, int error_code, std::string reason, stun_tid &tid)
-      : _method(method), _err(error_code), _reason(reason), _tid(tid){
+      : _method(method), _err(error_code), _reason(reason), _tid(tid) {
 
-                                                            };
+        };
   StunMsgResponse(uint8_t *buffer, size_t total_sz, size_t sz, bool constructed)
       : StunMsg(buffer, total_sz, sz, constructed), _method(0), _err(0), _reason("") {
 
@@ -960,7 +960,7 @@ private:
  */
 class StunMsgIndication : public StunMsg {
 public:
-  StunMsgIndication(uint16_t method) : _method(method){};
+  StunMsgIndication(uint16_t method) : _method(method) {};
   StunMsgIndication(uint8_t *buffer, size_t total_sz, size_t sz, bool constructed)
       : StunMsg(buffer, total_sz, sz, constructed), _method(0) {
 
@@ -1005,7 +1005,7 @@ private:
  */
 class StunMsgChannel : public StunMsg {
 public:
-  StunMsgChannel(uint16_t cn, int length) : _cn(cn), _len(length){};
+  StunMsgChannel(uint16_t cn, int length) : _cn(cn), _len(length) {};
   StunMsgChannel(uint8_t *buffer, size_t total_sz, size_t sz, bool constructed)
       : StunMsg(buffer, total_sz, sz, constructed), _cn(0) {
 

src/client/ns_turn_msg_defs.h

@@ -51,10 +51,10 @@
 
 #define STUN_MAGIC_COOKIE (0x2112A442)
 
-#define IS_STUN_REQUEST(msg_type) (((msg_type)&0x0110) == 0x0000)
-#define IS_STUN_INDICATION(msg_type) (((msg_type)&0x0110) == 0x0010)
-#define IS_STUN_SUCCESS_RESP(msg_type) (((msg_type)&0x0110) == 0x0100)
-#define IS_STUN_ERR_RESP(msg_type) (((msg_type)&0x0110) == 0x0110)
+#define IS_STUN_REQUEST(msg_type) (((msg_type) & 0x0110) == 0x0000)
+#define IS_STUN_INDICATION(msg_type) (((msg_type) & 0x0110) == 0x0010)
+#define IS_STUN_SUCCESS_RESP(msg_type) (((msg_type) & 0x0110) == 0x0100)
+#define IS_STUN_ERR_RESP(msg_type) (((msg_type) & 0x0110) == 0x0110)
 
 #define GET_STUN_REQUEST(msg_type) (msg_type & 0xFEEF)
 #define GET_STUN_INDICATION(msg_type) ((msg_type & 0xFEEF) | 0x0010)

src/server/ns_turn_allocation.c

@@ -33,8 +33,9 @@
 #include "ns_turn_msg_defs.h" // for STUN_VALID_CHANNEL
 #include "ns_turn_utils.h"    // for TURN_LOG_FUNC, TURN_LOG_LEVEL_ERROR
 
-#include <stdlib.h> // for NULL, size_t, free, realloc, calloc
-#include <string.h> // for memset, memcpy
+#include <stdbool.h> // for bool, false, true
+#include <stdlib.h>  // for NULL, size_t, free, realloc, calloc
+#include <string.h>  // for memset, memcpy
 
 /////////////// Permission forward declarations /////////////////
 
@@ -556,7 +557,7 @@ static void set_new_tc_id(uint8_t server_id, tcp_connection *tc) {
 
 tcp_connection *create_tcp_connection(uint8_t server_id, allocation *a, stun_tid *tid, ioa_addr *peer_addr,
                                       int *err_code) {
-  tcp_connection_list *tcl = &(a->tcs);
+  tcp_connection_list *const tcl = &(a->tcs);
   if (!tcl) {
     return NULL;
   }
@@ -604,7 +605,6 @@ tcp_connection *create_tcp_connection(uint8_t server_id, allocation *a, stun_tid
     a->tcs.elems = new_elems;
     a->tcs.elems[a->tcs.sz] = tc;
     a->tcs.sz += 1;
-    tcl = &(a->tcs);
   }
 
   set_new_tc_id(server_id, tc);

src/server/ns_turn_maps_rtcp.h

@@ -34,7 +34,8 @@
 #include "ns_turn_ioalib.h"
 #include "ns_turn_maps.h"
 
-#include <stddef.h> // for size_t
+#include <stdbool.h> // for bool
+#include <stddef.h>  // for size_t
 
 #ifdef __cplusplus
 extern "C" {

src/server/ns_turn_server.c

@@ -38,9 +38,10 @@
 
 #include "apputils.h" // for turn_random, base64_decode
 
-#include <stdio.h>  // for snprintf
-#include <stdlib.h> // for free, malloc, calloc, realloc
-#include <string.h> // for memcpy, strlen, strcmp
+#include <stdbool.h> // for bool, false
+#include <stdio.h>   // for snprintf
+#include <stdlib.h>  // for free, malloc, calloc, realloc
+#include <string.h>  // for memcpy, strlen, strcmp
 
 ///////////////////////////////////////////
 
@@ -295,73 +296,68 @@ static int good_peer_addr(turn_turnserver *server, const char *realm, ioa_addr *
       return 0;
     }
 
+    if (server->ip_whitelist) {
+      // White listing of addr ranges
+      for (int i = server->ip_whitelist->ranges_number - 1; i >= 0; --i) {
+        CHECK_REALM(server->ip_whitelist->rs[i].realm);
+        if (ioa_addr_in_range(&(server->ip_whitelist->rs[i].enc), peer_addr)) {
+          return 1;
+        }
+      }
+    }
+
     {
-      int i;
+      ioa_lock_whitelist(server->e);
 
-      if (server->ip_whitelist) {
+      const ip_range_list_t *wl = ioa_get_whitelist(server->e);
+      if (wl) {
         // White listing of addr ranges
-        for (i = server->ip_whitelist->ranges_number - 1; i >= 0; --i) {
-          CHECK_REALM(server->ip_whitelist->rs[i].realm);
-          if (ioa_addr_in_range(&(server->ip_whitelist->rs[i].enc), peer_addr)) {
+        for (int i = wl->ranges_number - 1; i >= 0; --i) {
+          CHECK_REALM(wl->rs[i].realm);
+          if (ioa_addr_in_range(&(wl->rs[i].enc), peer_addr)) {
+            ioa_unlock_whitelist(server->e);
             return 1;
           }
         }
       }
 
-      {
-        ioa_lock_whitelist(server->e);
-
-        const ip_range_list_t *wl = ioa_get_whitelist(server->e);
-        if (wl) {
-          // White listing of addr ranges
-          for (i = wl->ranges_number - 1; i >= 0; --i) {
-            CHECK_REALM(wl->rs[i].realm);
-            if (ioa_addr_in_range(&(wl->rs[i].enc), peer_addr)) {
-              ioa_unlock_whitelist(server->e);
-              return 1;
-            }
-          }
-        }
+      ioa_unlock_whitelist(server->e);
+    }
 
-        ioa_unlock_whitelist(server->e);
+    if (server->ip_blacklist) {
+      // Black listing of addr ranges
+      for (int i = server->ip_blacklist->ranges_number - 1; i >= 0; --i) {
+        CHECK_REALM(server->ip_blacklist->rs[i].realm);
+        if (ioa_addr_in_range(&(server->ip_blacklist->rs[i].enc), peer_addr)) {
+          char saddr[129];
+          addr_to_string_no_port(peer_addr, (uint8_t *)saddr);
+          TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "session %018llu: A peer IP %s denied in the range: %s in server %d \n",
+                        (unsigned long long)session_id, saddr, server->ip_blacklist->rs[i].str, server_id);
+          return 0;
+        }
       }
+    }
 
-      if (server->ip_blacklist) {
+    {
+      ioa_lock_blacklist(server->e);
+
+      const ip_range_list_t *bl = ioa_get_blacklist(server->e);
+      if (bl) {
         // Black listing of addr ranges
-        for (i = server->ip_blacklist->ranges_number - 1; i >= 0; --i) {
-          CHECK_REALM(server->ip_blacklist->rs[i].realm);
-          if (ioa_addr_in_range(&(server->ip_blacklist->rs[i].enc), peer_addr)) {
+        for (int i = bl->ranges_number - 1; i >= 0; --i) {
+          CHECK_REALM(bl->rs[i].realm);
+          if (ioa_addr_in_range(&(bl->rs[i].enc), peer_addr)) {
+            ioa_unlock_blacklist(server->e);
             char saddr[129];
             addr_to_string_no_port(peer_addr, (uint8_t *)saddr);
-            TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "session %018llu: A peer IP %s denied in the range: %s in server %d \n",
-                          (unsigned long long)session_id, saddr, server->ip_blacklist->rs[i].str, server_id);
+            TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "session %018llu: A peer IP %s denied in the range= %s in server %d \n",
+                          (unsigned long long)session_id, saddr, bl->rs[i].str, server_id);
             return 0;
           }
         }
       }
 
-      {
-        ioa_lock_blacklist(server->e);
-
-        const ip_range_list_t *bl = ioa_get_blacklist(server->e);
-        if (bl) {
-          // Black listing of addr ranges
-          for (i = bl->ranges_number - 1; i >= 0; --i) {
-            CHECK_REALM(bl->rs[i].realm);
-            if (ioa_addr_in_range(&(bl->rs[i].enc), peer_addr)) {
-              ioa_unlock_blacklist(server->e);
-              char saddr[129];
-              addr_to_string_no_port(peer_addr, (uint8_t *)saddr);
-              TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR,
-                            "session %018llu: A peer IP %s denied in the range= %s in server %d \n",
-                            (unsigned long long)session_id, saddr, bl->rs[i].str, server_id);
-              return 0;
-            }
-          }
-        }
-
-        ioa_unlock_blacklist(server->e);
-      }
+      ioa_unlock_blacklist(server->e);
     }
   }
 
@@ -4390,8 +4386,8 @@ static int create_relay_connection(turn_turnserver *server, ts_ur_super_session
 
     if (lifetime < 1) {
       lifetime = STUN_DEFAULT_ALLOCATE_LIFETIME;
-    } else if (lifetime > (uint32_t) * (server->max_allocate_lifetime)) {
-      lifetime = (uint32_t) * (server->max_allocate_lifetime);
+    } else if (lifetime > (uint32_t)*(server->max_allocate_lifetime)) {
+      lifetime = (uint32_t)*(server->max_allocate_lifetime);
     }
 
     ioa_timer_handle ev = set_ioa_timer(server->e, lifetime, 0, client_ss_allocation_timeout_handler, newelem, 0,