Clean up a bunch of signed/unsigned comparison warnings

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23120 dc483132-0cff-0310-8789-dd5450dbe970

19 files changed, 66 insertions, 61 deletions

diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 0a38692..6a85a39 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -620,8 +620,8 @@ struct addrlist {
 	void (*freefn)(void *);
 	void *data;
     } *addrs;
-    int naddrs;
-    int space;
+    size_t naddrs;
+    size_t space;
 };
 #define ADDRLIST_INIT { 0, 0, 0 }
 extern void krb5int_free_addrlist (struct addrlist *);
diff --git a/src/lib/crypto/builtin/yhash.h b/src/lib/crypto/builtin/yhash.h
index ee4f03e..ce78c56 100644
--- a/src/lib/crypto/builtin/yhash.h
+++ b/src/lib/crypto/builtin/yhash.h
@@ -15,7 +15,7 @@
 #define HASH_Init(x) shsInit(x)
 #define HASH_Update(x, buf, sz) shsUpdate(x, (const void*)buf, sz)
 #define HASH_Final(x, tdigest)  do { \
-  int loopvar; \
+  size_t loopvar; \
   unsigned char *out2 = (void *)(tdigest); \
   HASH_CTX  *ctx = (x); \
   shsFinal(ctx); \
diff --git a/src/lib/crypto/krb/yarrow/yarrow.c b/src/lib/crypto/krb/yarrow/yarrow.c
index 4b1fcf1..66a5fe4 100644
--- a/src/lib/crypto/krb/yarrow/yarrow.c
+++ b/src/lib/crypto/krb/yarrow/yarrow.c
@@ -462,7 +462,7 @@ int krb5int_yarrow_status( Yarrow_CTX* y, int *num_sources, unsigned *source_id,
     EXCEP_DECL;
     int num = y->slow_k_of_n_thresh;
     int source = -1;
-    int emax = y->slow_thresh;
+    size_t emax = y->slow_thresh;
     size_t entropy = 0;
     unsigned i;
 
@@ -929,7 +929,8 @@ YARROW_DLL
 const char* krb5int_yarrow_str_error( int err )
 {
     err = 1-err;
-    if ( err < 0 || err >= sizeof( yarrow_str_error ) / sizeof( char* ) )
+    if ( err < 0 ||
+	 (unsigned int) err >= sizeof( yarrow_str_error ) / sizeof( char* ) )
     {
 	err = 1-YARROW_FAIL;
     }
diff --git a/src/lib/crypto/krb/yarrow/yarrow.h b/src/lib/crypto/krb/yarrow/yarrow.h
index 081a06b..3cf50fd 100644
--- a/src/lib/crypto/krb/yarrow/yarrow.h
+++ b/src/lib/crypto/krb/yarrow/yarrow.h
@@ -121,8 +121,8 @@ typedef struct
     int slow_k_of_n;
 
     /* current thresholds */
-    int slow_thresh;
-    int fast_thresh;
+    size_t slow_thresh;
+    size_t fast_thresh;
     int slow_k_of_n_thresh;
 } Yarrow_CTX;
 
diff --git a/src/lib/gssapi/generic/util_buffer_set.c b/src/lib/gssapi/generic/util_buffer_set.c
index 41875c9..1e506e7 100644
--- a/src/lib/gssapi/generic/util_buffer_set.c
+++ b/src/lib/gssapi/generic/util_buffer_set.c
@@ -98,7 +98,7 @@ OM_uint32 generic_gss_release_buffer_set
 	   (OM_uint32 * minor_status,
 	    gss_buffer_set_t *buffer_set)
 {
-    int i;
+    size_t i;
     OM_uint32 minor;
 
     *minor_status = 0;
diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c
index f6429dd..6af5afc 100644
--- a/src/lib/krb5/ccache/cc_file.c
+++ b/src/lib/krb5/ccache/cc_file.c
@@ -294,8 +294,8 @@ typedef struct _krb5_fcc_data {
        We used to have a stdio option, but we get more precise control
        by using the POSIX I/O functions.  */
 #define FCC_BUFSIZ 1024
-    int valid_bytes;
-    int cur_offset;
+    size_t valid_bytes;
+    size_t cur_offset;
     char buf[FCC_BUFSIZ];
 } krb5_fcc_data;
 
@@ -309,7 +309,6 @@ static off_t fcc_lseek(krb5_fcc_data *data, off_t offset, int whence)
     /* If we read some extra data in advance, and then want to know or
        use our "current" position, we need to back up a little.  */
     if (whence == SEEK_CUR && data->valid_bytes) {
-        assert(data->valid_bytes > 0);
         assert(data->cur_offset > 0);
         assert(data->cur_offset <= data->valid_bytes);
         offset -= (data->valid_bytes - data->cur_offset);
@@ -402,7 +401,6 @@ krb5_fcc_read(krb5_context context, krb5_ccache id, krb5_pointer buf, unsigned i
         int nread, e;
         size_t ncopied;
 
-        assert (data->valid_bytes >= 0);
         if (data->valid_bytes > 0)
             assert(data->cur_offset <= data->valid_bytes);
         if (data->valid_bytes == 0
@@ -500,7 +498,7 @@ krb5_fcc_read_principal(krb5_context context, krb5_ccache id, krb5_principal *pr
         return KRB5_CC_NOMEM;
     if (length) {
         size_t msize = length;
-        if (msize != length) {
+        if (msize != (krb5_ui_4) length) {
             free(tmpprinc);
             return KRB5_CC_NOMEM;
         }
@@ -557,7 +555,7 @@ krb5_fcc_read_addrs(krb5_context context, krb5_ccache id, krb5_address ***addrs)
      */
     msize = length;
     msize += 1;
-    if (msize == 0 || msize - 1 != length || length < 0)
+    if (msize == 0 || msize - 1 != (krb5_ui_4) length || length < 0)
         return KRB5_CC_NOMEM;
     *addrs = ALLOC (msize, krb5_address *);
     if (*addrs == NULL)
@@ -613,11 +611,11 @@ krb5_fcc_read_keyblock(krb5_context context, krb5_ccache id, krb5_keyblock *keyb
         return KRB5_CC_NOMEM;
     keyblock->length = int32;
     /* Overflow check.  */
-    if (keyblock->length != int32)
+    if (keyblock->length != (krb5_ui_4) int32)
         return KRB5_CC_NOMEM;
     if ( keyblock->length == 0 )
         return KRB5_OK;
-    keyblock->contents = ALLOC (keyblock->length, krb5_octet);
+    keyblock->contents = malloc(keyblock->length);
     if (keyblock->contents == NULL)
         return KRB5_CC_NOMEM;
 
@@ -650,7 +648,7 @@ krb5_fcc_read_data(krb5_context context, krb5_ccache id, krb5_data *data)
     if (len < 0)
         return KRB5_CC_NOMEM;
     data->length = len;
-    if (data->length != len || data->length + 1 == 0)
+    if (data->length != (krb5_ui_4) len || data->length + 1 == 0)
         return KRB5_CC_NOMEM;
 
     if (data->length == 0) {
@@ -698,7 +696,7 @@ krb5_fcc_read_addr(krb5_context context, krb5_ccache id, krb5_address *addr)
     addr->length = int32;
     /* Length field is "unsigned int", which may be smaller than 32
        bits.  */
-    if (addr->length != int32)
+    if (addr->length != (krb5_ui_4) int32)
         return KRB5_CC_NOMEM;  /* XXX */
 
     if (addr->length == 0)
@@ -828,7 +826,7 @@ krb5_fcc_read_authdata(krb5_context context, krb5_ccache id, krb5_authdata ***a)
      */
     msize = length;
     msize += 1;
-    if (msize == 0 || msize - 1 != length || length < 0)
+    if (msize == 0 || msize - 1 != (krb5_ui_4) length || length < 0)
         return KRB5_CC_NOMEM;
     *a = ALLOC (msize, krb5_authdata *);
     if (*a == NULL)
@@ -877,7 +875,7 @@ krb5_fcc_read_authdatum(krb5_context context, krb5_ccache id, krb5_authdata *a)
     a->length = int32;
     /* Value could have gotten truncated if int is smaller than 32
        bits.  */
-    if (a->length != int32)
+    if (a->length != (krb5_ui_4) int32)
         return KRB5_CC_NOMEM;   /* XXX */
 
     if (a->length == 0 )
@@ -924,7 +922,7 @@ krb5_fcc_write(krb5_context context, krb5_ccache id, krb5_pointer buf, unsigned
     ret = write(((krb5_fcc_data *)id->data)->file, (char *) buf, len);
     if (ret < 0)
         return krb5_fcc_interpret(context, errno);
-    if (ret != len)
+    if ((unsigned int) ret != len)
         return KRB5_CC_WRITE;
     return KRB5_OK;
 }
diff --git a/src/lib/krb5/ccache/ser_cc.c b/src/lib/krb5/ccache/ser_cc.c
index dfe5e60..2438dd6 100644
--- a/src/lib/krb5/ccache/ser_cc.c
+++ b/src/lib/krb5/ccache/ser_cc.c
@@ -173,7 +173,7 @@ krb5_ccache_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **
     kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
     if (kret)
         return kret;
-    if (ibuf < 0 || ibuf > remain)
+    if (ibuf < 0 || (krb5_ui_4) ibuf > remain)
         return EINVAL;
 
     /* Allocate and unpack the name. */
diff --git a/src/lib/krb5/os/an_to_ln.c b/src/lib/krb5/os/an_to_ln.c
index b5ec3a6..8572cc0 100644
--- a/src/lib/krb5/os/an_to_ln.c
+++ b/src/lib/krb5/os/an_to_ln.c
@@ -233,7 +233,7 @@ aname_do_match(char *string, char **contextp)
                 if (!regcomp(&match_exp, regexp, REG_EXTENDED) &&
                     !regexec(&match_exp, string, 1, &match_match, 0)) {
                     if ((match_match.rm_so == 0) &&
-                        (match_match.rm_eo == strlen(string)))
+                        ((unsigned int) match_match.rm_eo == strlen(string)))
                         kret = 0;
                 }
                 regfree(&match_exp);
diff --git a/src/lib/krb5/os/changepw.c b/src/lib/krb5/os/changepw.c
index ceda715..0c043a2 100644
--- a/src/lib/krb5/os/changepw.c
+++ b/src/lib/krb5/os/changepw.c
@@ -74,7 +74,7 @@ krb5_locate_kpasswd(krb5_context context, const krb5_data *realm,
         if (!code) {
             /* Success with admin_server but now we need to change the
                port number to use DEFAULT_KPASSWD_PORT and the socktype.  */
-            int i;
+            size_t i;
             for (i=0; i<addrlist->naddrs; i++) {
                 struct addrinfo *a = addrlist->addrs[i].ai;
                 if (a->ai_family == AF_INET)
diff --git a/src/lib/krb5/os/dnsglue.c b/src/lib/krb5/os/dnsglue.c
index 2543703..47b455a 100644
--- a/src/lib/krb5/os/dnsglue.c
+++ b/src/lib/krb5/os/dnsglue.c
@@ -127,11 +127,11 @@ krb5int_dns_init(struct krb5int_dns_state **dsp,
         len = res_search(host, ds->nclass, ds->ntype,
                          ds->ansp, ds->ansmax);
 #endif
-        if (len > maxincr) {
+        if ((size_t) len > maxincr) {
             ret = -1;
             goto errout;
         }
-        while (nextincr < len)
+        while (nextincr < (size_t) len)
             nextincr *= 2;
         if (len < 0 || nextincr > maxincr) {
             ret = -1;
@@ -251,7 +251,7 @@ initparse(struct krb5int_dns_state *ds)
     char host[MAXDNAME];
 #endif
 
-    if (ds->anslen < sizeof(HEADER))
+    if ((size_t) ds->anslen < sizeof(HEADER))
         return -1;
 
     hdr = (HEADER *)ds->ansp;
diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c
index 468f0df..0ecb2d9 100644
--- a/src/lib/krb5/os/locate_kdc.c
+++ b/src/lib/krb5/os/locate_kdc.c
@@ -104,8 +104,8 @@ _krb5_use_dns_realm(krb5_context context)
 int
 krb5int_grow_addrlist (struct addrlist *lp, int nmore)
 {
-    int i;
-    int newspace = lp->space + nmore;
+    size_t i;
+    size_t newspace = lp->space + nmore;
     size_t newsize = newspace * sizeof (*lp->addrs);
     void *newaddrs;
 
@@ -128,7 +128,7 @@ krb5int_grow_addrlist (struct addrlist *lp, int nmore)
 void
 krb5int_free_addrlist (struct addrlist *lp)
 {
-    int i;
+    size_t i;
     for (i = 0; i < lp->naddrs; i++)
         if (lp->addrs[i].freefn)
             (lp->addrs[i].freefn)(lp->addrs[i].data);
@@ -225,7 +225,7 @@ add_addrinfo_to_list(struct addrlist *lp, struct addrinfo *a,
     lp->addrs[lp->naddrs].freefn = freefn;
     lp->addrs[lp->naddrs].data = data;
     lp->naddrs++;
-    Tprintf ("\tcount is now %d: ", lp->naddrs);
+    Tprintf ("\tcount is now %lu: ", (unsigned long) lp->naddrs);
     print_addrlist(lp);
     Tprintf("\n");
     return 0;
@@ -248,7 +248,7 @@ krb5int_add_host_to_list (struct addrlist *lp, const char *hostname,
                           int socktype, int family)
 {
     struct addrinfo *addrs, *a, *anext, hint;
-    int err;
+    int err, result;
     char portbuf[10], secportbuf[10];
     void (*freefn)(void *);
 
@@ -262,10 +262,12 @@ krb5int_add_host_to_list (struct addrlist *lp, const char *hostname,
 #ifdef AI_NUMERICSERV
     hint.ai_flags = AI_NUMERICSERV;
 #endif
-    if (snprintf(portbuf, sizeof(portbuf), "%d", ntohs(port)) >= sizeof(portbuf))
+    result = snprintf(portbuf, sizeof(portbuf), "%d", ntohs(port));
+    if (SNPRINTF_OVERFLOW(result, sizeof(portbuf)))
         /* XXX */
         return EINVAL;
-    if (snprintf(secportbuf, sizeof(secportbuf), "%d", ntohs(secport)) >= sizeof(secportbuf))
+    result = snprintf(secportbuf, sizeof(secportbuf), "%d", ntohs(secport));
+    if (SNPRINTF_OVERFLOW(result, sizeof(secportbuf)))
         return EINVAL;
     err = getaddrinfo (hostname, portbuf, &hint, &addrs);
     if (err) {
@@ -701,7 +703,8 @@ module_locate_server (krb5_context ctx, const krb5_data *realm,
     Tprintf("stopped with plugin #%d, res=%p\n", i, res);
 
     /* Got something back, yippee.  */
-    Tprintf("now have %d addrs in list %p\n", addrlist->naddrs, addrlist);
+    Tprintf("now have %lu addrs in list %p\n",
+            (unsigned long) addrlist->naddrs, addrlist);
     print_addrlist(addrlist);
     free(realmz);
     krb5int_free_plugin_dir_data (ptrs);
diff --git a/src/lib/krb5/os/read_msg.c b/src/lib/krb5/os/read_msg.c
index 8d3dfe3..815f7ad 100644
--- a/src/lib/krb5/os/read_msg.c
+++ b/src/lib/krb5/os/read_msg.c
@@ -46,7 +46,7 @@ krb5_read_message(krb5_context context, krb5_pointer fdp, krb5_data *inbuf)
         return((len2 < 0) ? errno : ECONNABORTED);
     len = ntohl(len);
 
-    if ((len & VALID_UINT_BITS) != len)  /* Overflow size_t??? */
+    if ((len & VALID_UINT_BITS) != (krb5_ui_4) len)  /* Overflow size_t??? */
         return ENOMEM;
 
     inbuf->length = ilen = (int) len;
diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c
index 001afce..341afe8 100644
--- a/src/lib/krb5/os/sendto_kdc.c
+++ b/src/lib/krb5/os/sendto_kdc.c
@@ -257,7 +257,7 @@ krb5int_debug_fprint (const char *fmt, ...)
 static void
 print_addrlist (const struct addrlist *a)
 {
-    int i;
+    size_t i;
     dprint("%d{", a->naddrs);
     for (i = 0; i < a->naddrs; i++)
         dprint("%s%p=%A", i ? "," : "", (void*)a->addrs[i].ai, a->addrs[i].ai);
@@ -269,7 +269,8 @@ merge_addrlists (struct addrlist *dest, struct addrlist *src)
 {
     /* Wouldn't it be nice if we could filter out duplicates?  The
        alloc/free handling makes that pretty difficult though.  */
-    int err, i;
+    int err;
+    size_t i;
 
     dprint("merging addrlists:\n\tlist1: ");
     for (i = 0; i < dest->naddrs; i++)
@@ -301,7 +302,7 @@ merge_addrlists (struct addrlist *dest, struct addrlist *src)
 static int
 in_addrlist (struct addrinfo *thisaddr, struct addrlist *list)
 {
-    int i;
+    size_t i;
     for (i = 0; i < list->naddrs; i++) {
         if (thisaddr->ai_addrlen == list->addrs[i].ai->ai_addrlen
             && !memcmp(thisaddr->ai_addr, list->addrs[i].ai->ai_addr,
@@ -392,7 +393,7 @@ krb5_sendto_kdc (krb5_context context, const krb5_data *message,
 
     if (tcp_only)
         socktype1 = SOCK_STREAM, socktype2 = 0;
-    else if (message->length <= context->udp_pref_limit)
+    else if (message->length <= (unsigned int) context->udp_pref_limit)
         socktype1 = SOCK_DGRAM, socktype2 = SOCK_STREAM;
     else
         socktype1 = SOCK_STREAM, socktype2 = SOCK_DGRAM;
@@ -743,12 +744,12 @@ start_connection (struct conn_state *state,
 
     if (ai->ai_socktype == SOCK_DGRAM) {
         /* Send it now.  */
-        int ret;
+        ssize_t ret;
         sg_buf *sg = &state->x.out.sgbuf[0];
 
         dprint("sending %d bytes on fd %d\n", SG_LEN(sg), state->fd);
         ret = send(state->fd, SG_BUF(sg), SG_LEN(sg), 0);
-        if (ret != SG_LEN(sg)) {
+        if (ret < 0 || (size_t) ret != SG_LEN(sg)) {
             dperror("sendto");
             (void) closesocket(state->fd);
             state->fd = INVALID_SOCKET;
@@ -798,6 +799,7 @@ maybe_send (struct conn_state *conn,
             krb5_data* callback_buffer)
 {
     sg_buf *sg;
+    ssize_t ret;
 
     dprint("maybe_send(@%p) state=%s type=%s\n", conn,
            state_strings[conn->state],
@@ -822,7 +824,8 @@ maybe_send (struct conn_state *conn,
        retransmit if a previous attempt timed out.  */
     sg = &conn->x.out.sgbuf[0];
     dprint("sending %d bytes on fd %d\n", SG_LEN(sg), conn->fd);
-    if (send(conn->fd, SG_BUF(sg), SG_LEN(sg), 0) != SG_LEN(sg)) {
+    ret = send(conn->fd, SG_BUF(sg), SG_LEN(sg), 0);
+    if (ret < 0 || (size_t) ret != SG_LEN(sg)) {
         dperror("send");
         /* Keep connection alive, we'll try again next pass.
 
@@ -884,7 +887,7 @@ service_tcp_fd (struct conn_state *conn, struct select_state *selstate,
                 int ssflags)
 {
     krb5_error_code e = 0;
-    int nwritten, nread;
+    ssize_t nwritten, nread;
 
     if (!(ssflags & (SSF_READ|SSF_WRITE|SSF_EXCEPTION)))
         abort();
@@ -955,11 +958,11 @@ service_tcp_fd (struct conn_state *conn, struct select_state *selstate,
         dprint("wrote %d bytes\n", nwritten);
         while (nwritten) {
             sg_buf *sgp = conn->x.out.sgp;
-            if (nwritten < SG_LEN(sgp)) {
-                SG_ADVANCE(sgp, nwritten);
+            if ((size_t) nwritten < SG_LEN(sgp)) {
+                SG_ADVANCE(sgp, (size_t) nwritten);
                 nwritten = 0;
             } else {
-                nwritten -= SG_LEN(conn->x.out.sgp);
+                nwritten -= SG_LEN(sgp);
                 conn->x.out.sgp++;
                 conn->x.out.sg_count--;
                 if (conn->x.out.sg_count == 0 && nwritten != 0)
@@ -1178,13 +1181,12 @@ krb5int_sendto (krb5_context context, const krb5_data *message,
                 int (*msg_handler)(krb5_context, const krb5_data *, void *),
                 void *msg_handler_data)
 {
-    unsigned int i;
     int pass;
     int delay_this_pass = 2;
     krb5_error_code retval;
     struct conn_state *conns = NULL;
     krb5_data *callback_data = NULL;
-    size_t n_conns = 0, host;
+    size_t i, n_conns = 0, host;
     struct select_state *sel_state = NULL;
     struct timeval now;
     int winning_conn = -1, e = 0;
diff --git a/src/lib/krb5/unicode/ucstr.c b/src/lib/krb5/unicode/ucstr.c
index fa6796f..b77dfb8 100644
--- a/src/lib/krb5/unicode/ucstr.c
+++ b/src/lib/krb5/unicode/ucstr.c
@@ -83,7 +83,7 @@ krb5int_ucstrncasechr(
 {
     c = uctolower(c);
     for (; 0 < n; ++u, --n) {
-	if (uctolower(*u) == c) {
+	if ((krb5_unicode) uctolower(*u) == c) {
 	    return (krb5_unicode *) u;
 	}
     }
diff --git a/src/lib/rpc/clnt_udp.c b/src/lib/rpc/clnt_udp.c
index a3876a7..f125a6e 100644
--- a/src/lib/rpc/clnt_udp.c
+++ b/src/lib/rpc/clnt_udp.c
@@ -237,7 +237,7 @@ clntudp_call(
 	register struct cu_data *cu = (struct cu_data *)cl->cl_private;
 	register XDR *xdrs;
 	register int outlen;
-	register int inlen;
+	register ssize_t inlen;
 	GETSOCKNAME_ARG3_TYPE fromlen; /* Assumes recvfrom uses same type */
 #ifdef FD_SETSIZE
 	fd_set readfds;
@@ -344,7 +344,7 @@ send_again:
 			cu->cu_error.re_errno = errno;
 			return (cu->cu_error.re_status = RPC_CANTRECV);
 		}
-		if (inlen < sizeof(uint32_t))
+		if ((size_t)inlen < sizeof(uint32_t))
 			continue;
 		/* see if reply transaction id matches sent id */
 		if (*((uint32_t *)(void *)(cu->cu_inbuf)) !=
diff --git a/src/lib/rpc/pmap_rmt.c b/src/lib/rpc/pmap_rmt.c
index ee630d2..78bc5b2 100644
--- a/src/lib/rpc/pmap_rmt.c
+++ b/src/lib/rpc/pmap_rmt.c
@@ -248,7 +248,8 @@ clnt_broadcast(
 	AUTH *unix_auth = authunix_create_default();
 	XDR xdr_stream;
 	register XDR *xdrs = &xdr_stream;
-	int outlen, inlen, nets;
+	int outlen, nets;
+	ssize_t inlen;
 	GETSOCKNAME_ARG3_TYPE fromlen;
         SOCKET sock;
 	int on = 1;
@@ -381,7 +382,7 @@ clnt_broadcast(
 			stat = RPC_CANTRECV;
 			goto done_broad;
 		}
-		if (inlen < sizeof(uint32_t))
+		if ((size_t)inlen < sizeof(uint32_t))
 			goto recv_again;
 		/*
 		 * see if reply transaction id matches sent id.
diff --git a/src/lib/rpc/svc_auth.c b/src/lib/rpc/svc_auth.c
index de77e4d..5e2881e 100644
--- a/src/lib/rpc/svc_auth.c
+++ b/src/lib/rpc/svc_auth.c
@@ -53,7 +53,7 @@ static char sccsid[] = "@(#)svc_auth.c	2.1 88/08/07 4.0 RPCSRC; from 1.19 87/08/
  */
 
 static struct svcauthsw_type {
-     u_int flavor;
+     enum_t flavor;
      enum auth_stat (*authenticator)(struct svc_req *, struct rpc_msg *,
 				     bool_t *);
 } svcauthsw[] = {
diff --git a/src/util/et/error_message.c b/src/util/et/error_message.c
index 734cedf..bcff6cd 100644
--- a/src/util/et/error_message.c
+++ b/src/util/et/error_message.c
@@ -141,7 +141,7 @@ error_message(long code)
 			goto oops;
 
 		/* This could trip if int is 16 bits.  */
-		if ((unsigned long)(int)code != code)
+		if ((unsigned long)(int)code != (unsigned long)code)
 		    abort ();
 #ifdef HAVE_STRERROR_R
 		cp = get_thread_buffer();
diff --git a/src/util/t_array.pm b/src/util/t_array.pm
index ed319d6..4a05ab8 100644
--- a/src/util/t_array.pm
+++ b/src/util/t_array.pm
@@ -67,15 +67,15 @@ static inline long
     return arr->allocated;
 }
 
-static inline long
+static inline unsigned long
 <NAME>_max_size(<NAME> *arr)
 {
     size_t upper_bound;
 
     upper_bound = SIZE_MAX / sizeof(*arr->elts);
-    if (upper_bound > LONG_MAX)
-	upper_bound = LONG_MAX;
-    return (long) upper_bound;
+    if (upper_bound > ULONG_MAX)
+	upper_bound = ULONG_MAX;
+    return (unsigned long) upper_bound;
 }
 
 static inline int
@@ -105,7 +105,7 @@ static inline int
 static inline <TYPE> *
 <NAME>_getaddr (<NAME> *arr, long idx)
 {
-    if (idx < 0 || idx >= arr->allocated)
+    if (idx < 0 || (unsigned long) idx >= arr->allocated)
 	abort();
     return arr->elts + idx;
 }