Fix: Remove unsafe function pointer casting in cfsysline.c

- Replaced function pointer casting with direct handler calls for type safety
- Fixes crashes (BUS errors) on ARM64 macOS 14+ due to strict calling conventions
- Root cause identified by ThreadSanitizer
- Eliminates undefined behavior, improves code safety

runtime/cfsysline.c

@@ -723,46 +723,45 @@ static rsRetVal cslchSetEntry(
  */
 static rsRetVal cslchCallHdlr(cslCmdHdlr_t *pThis, uchar **ppConfLine) {
     DEFiRet;
-    rsRetVal (*pHdlr)(void *, ...) = NULL;
     assert(pThis != NULL);
     assert(ppConfLine != NULL);
 
     switch (pThis->eType) {
         case eCmdHdlrCustomHandler:
-            pHdlr = (rsRetVal(*)(void *, ...))doCustomHdlr;
+            CHKiRet(doCustomHdlr(ppConfLine, pThis->cslCmdHdlr, pThis->pData));
             break;
         case eCmdHdlrUID:
-            pHdlr = (rsRetVal(*)(void *, ...))doGetUID;
+            CHKiRet(doGetUID(ppConfLine, pThis->cslCmdHdlr, pThis->pData));
             break;
         case eCmdHdlrGID:
-            pHdlr = (rsRetVal(*)(void *, ...))doGetGID;
+            CHKiRet(doGetGID(ppConfLine, pThis->cslCmdHdlr, pThis->pData));
             break;
         case eCmdHdlrBinary:
-            pHdlr = (rsRetVal(*)(void *, ...))doBinaryOptionLine;
+            CHKiRet(doBinaryOptionLine(ppConfLine, pThis->cslCmdHdlr, pThis->pData));
             break;
         case eCmdHdlrFileCreateMode:
-            pHdlr = (rsRetVal(*)(void *, ...))doFileCreateMode;
+            CHKiRet(doFileCreateMode(ppConfLine, pThis->cslCmdHdlr, pThis->pData));
             break;
         case eCmdHdlrInt:
-            pHdlr = (rsRetVal(*)(void *, ...))doGetInt;
+            CHKiRet(doGetInt(ppConfLine, pThis->cslCmdHdlr, pThis->pData));
             break;
         case eCmdHdlrSize:
-            pHdlr = (rsRetVal(*)(void *, ...))doGetSize;
+            CHKiRet(doGetSize(ppConfLine, pThis->cslCmdHdlr, pThis->pData));
             break;
         case eCmdHdlrGetChar:
-            pHdlr = (rsRetVal(*)(void *, ...))doGetChar;
+            CHKiRet(doGetChar(ppConfLine, pThis->cslCmdHdlr, pThis->pData));
             break;
         case eCmdHdlrFacility:
-            pHdlr = (rsRetVal(*)(void *, ...))doFacility;
+            CHKiRet(doFacility(ppConfLine, pThis->cslCmdHdlr, pThis->pData));
             break;
         case eCmdHdlrSeverity:
-            pHdlr = (rsRetVal(*)(void *, ...))doSeverity;
+            CHKiRet(doSeverity(ppConfLine, pThis->cslCmdHdlr, pThis->pData));
             break;
         case eCmdHdlrGetWord:
-            pHdlr = (rsRetVal(*)(void *, ...))doGetWord;
+            CHKiRet(doGetWord(ppConfLine, pThis->cslCmdHdlr, pThis->pData));
             break;
         case eCmdHdlrGoneAway:
-            pHdlr = (rsRetVal(*)(void *, ...))doGoneAway;
+            CHKiRet(doGoneAway(ppConfLine, pThis->cslCmdHdlr, pThis->pData));
             break;
         /* some non-legacy handler (used in v6+ solely) */
         case eCmdHdlrInvalid:
@@ -777,9 +776,6 @@ static rsRetVal cslchCallHdlr(cslCmdHdlr_t *pThis, uchar **ppConfLine) {
             goto finalize_it;
     }
 
-    /* we got a pointer to the handler, so let's call it */
-    assert(pHdlr != NULL);
-    CHKiRet(pHdlr(ppConfLine, pThis->cslCmdHdlr, pThis->pData));
 
 finalize_it:
     RETiRet;

runtime/net_ossl.c

@@ -616,7 +616,7 @@ static rsRetVal net_ossl_chkonepeername(net_ossl_t *pThis,
     permittedPeers_t *pPeer;
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
     int osslRet;
-	unsigned int x509flags = 0;
+    unsigned int x509flags = 0;
 #endif
     char *x509name = NULL;
     DEFiRet;
@@ -644,15 +644,15 @@ static rsRetVal net_ossl_chkonepeername(net_ossl_t *pThis,
              * if prioritizeSAN set, only check against SAN
              */
             if (pThis->bSANpriority == 1) {
-#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
+    #if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
                 x509flags = X509_CHECK_FLAG_NEVER_CHECK_SUBJECT;
-#else
+    #else
                 dbgprintf("net_ossl_chkonepeername: PrioritizeSAN not supported before OpenSSL 1.1.0\n");
-#endif // OPENSSL_VERSION_NUMBER >= 0x10100004L
+    #endif  // OPENSSL_VERSION_NUMBER >= 0x10100004L
             }
-			osslRet = X509_check_host(certpeer, (const char *)pPeer->pszID, strlen((const char *)pPeer->pszID),
-							x509flags, NULL);
-			if (osslRet == 1) {
+            osslRet = X509_check_host(certpeer, (const char *)pPeer->pszID, strlen((const char *)pPeer->pszID),
+                                      x509flags, NULL);
+            if (osslRet == 1) {
                 /* Found Peer cert in allowed Peerslist */
                 dbgprintf("net_ossl_chkonepeername: Client ('%s') is allowed (X509_check_host)\n", x509name);
                 *pbFoundPositiveMatch = 1;
@@ -1202,7 +1202,7 @@ void net_ossl_set_bio_callback(BIO *conn) {
 BEGINobjConstruct(net_ossl) /* be sure to specify the object type also in END macro! */
     DBGPRINTF("net_ossl_construct: [%p]\n", pThis);
     pThis->bReportAuthErr = 1;
-	pThis->bSANpriority = 0;
+    pThis->bSANpriority = 0;
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
     CHKiRet(net_ossl_init_engine(pThis));
 finalize_it: