commit 01e922766d6d214c765b616653c460adbd97d277
from: Alisdair MacLeod <git@alisdairmacleod.co.uk>
via: Alisdair MacLeod <131350026+admacleod@users.noreply.github.com>
date: Thu Mar 26 18:01:54 2026 UTC

Modernize C style: declarations at point-of-use and const qualifiers

Move variable declarations from top-of-block to point of first use
(C99/C23 style), add const qualifiers to locals and value parameters
where appropriate, and remove #include directives made redundant by
transitive includes through project headers.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

commit - ef786819d823cd662e0e6261c2c9ed7c1e581be7
commit + 01e922766d6d214c765b616653c460adbd97d277
blob - bae0ab59bf83cd472eb4ed1929831f6b7e02551e
blob + 17822273e355dc4920ba6c96abb177d956196f66
--- book.c
+++ book.c
@@ -19,8 +19,6 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include <string.h>
-#include <time.h>
 
 #include <sqlite3.h>
 
@@ -45,23 +43,17 @@
 void
 handle_book(const char *day_param)
 {
-	const char	*user;
-	char		*body, *csrf_form, *desk;
 	char		 datestr[16];
-	long		 content_length;
-	size_t		 nread;
 	struct tm	 tm;
-	sqlite3		*db;
-	int		 rc;
 
-	user = getenv("REMOTE_USER");
+	const char *user = getenv("REMOTE_USER");
 	if (user == NULL || *user == '\0') {
 		cgi_error(401);
 		return;
 	}
 
-	/* Read POST body. */
-	content_length = 0;
+	/* Read the POST body. */
+	long content_length = 0;
 	if (getenv("CONTENT_LENGTH") != NULL)
 		content_length = strtol(getenv("CONTENT_LENGTH"), NULL, 10);
 	if (content_length <= 0 || content_length > MAX_BODY) {
@@ -69,16 +61,16 @@ handle_book(const char *day_param)
 		return;
 	}
 
-	body = malloc((size_t)content_length + 1);
+	char *body = malloc((size_t) content_length + 1);
 	if (body == NULL) {
 		cgi_error(500);
 		return;
 	}
-	nread = fread(body, 1, (size_t)content_length, stdin);
+	const size_t nread = fread(body, 1, (size_t) content_length, stdin);
 	body[nread] = '\0';
 
 	/* CSRF check. */
-	csrf_form = cgi_form_get(body, CSRF_KEY);
+	char *csrf_form = cgi_form_get(body, CSRF_KEY);
 	if (!cgi_csrf_check(csrf_form)) {
 		free(csrf_form);
 		free(body);
@@ -104,7 +96,7 @@ handle_book(const char *day_param)
 	date_format(&tm, datestr, sizeof(datestr));
 
 	/* Get desk from form. */
-	desk = cgi_form_get(body, DESK_KEY);
+	char *desk = cgi_form_get(body, DESK_KEY);
 	free(body);
 	if (desk == NULL || *desk == '\0') {
 		free(desk);
@@ -113,14 +105,14 @@ handle_book(const char *day_param)
 	}
 
 	/* Insert booking. */
-	db = db_open();
+	sqlite3 *db = db_open();
 	if (db == NULL) {
 		free(desk);
 		cgi_error_csrf(500);
 		return;
 	}
 
-	rc = db_insert_booking(db, user, desk, datestr);
+	const int rc = db_insert_booking(db, user, desk, datestr);
 	db_close(db);
 	free(desk);
 
blob - 2432aa2075b711bfcf16906eb2a78c72443bca0e
blob + 8652d6fb89573981c8b033c155824147cea4c5f8
--- bookingform.c
+++ bookingform.c
@@ -19,8 +19,6 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include <string.h>
-#include <time.h>
 
 #include "cgi.h"
 #include "db.h"
@@ -39,16 +37,13 @@ static const char html_head[] = {
 void
 handle_bookingform(const char *day_param)
 {
-	const char		*user;
-	char			*csrf;
-	sqlite3			*db;
 	struct booking_list	 bl;
 	struct desk_list	 dl;
 	struct tm		 tm;
 	char			 display[16], datestr[16];
 	int			 i;
 
-	user = getenv("REMOTE_USER");
+	const char *user = getenv("REMOTE_USER");
 	if (user == NULL || *user == '\0') {
 		cgi_error(401);
 		return;
@@ -63,7 +58,7 @@ handle_bookingform(const char *day_param)
 	date_format(&tm, datestr, sizeof(datestr));
 	date_display(&tm, display, sizeof(display));
 
-	db = db_open();
+	sqlite3 *db = db_open();
 	if (db == NULL) {
 		cgi_error(500);
 		return;
@@ -87,7 +82,7 @@ handle_bookingform(const char *day_param)
 	}
 	db_close(db);
 
-	csrf = cgi_csrf_generate();
+	char *csrf = cgi_csrf_generate();
 	if (csrf == NULL) {
 		booking_list_free(&bl);
 		desk_list_free(&dl);
blob - 1052d1c320a9ba3587cf6149e1f5c976c7aa5b1f
blob + cc2f2ace15f06fbd35d66d5ddaa544bd518782bd
--- bookings.c
+++ bookings.c
@@ -20,7 +20,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <time.h>
 
 #include "cgi.h"
 #include "db.h"
@@ -39,21 +38,17 @@ static const char html_head[] = {
 void
 handle_bookings(void)
 {
-	const char		*user;
-	char			*csrf;
-	sqlite3			*db;
 	struct booking_list	 bl;
 	struct tm		 tm;
 	char			 display[16];
-	int			 i;
 
-	user = getenv("REMOTE_USER");
+	const char *user = getenv("REMOTE_USER");
 	if (user == NULL || *user == '\0') {
 		cgi_error(401);
 		return;
 	}
 
-	db = db_open();
+	sqlite3 *db = db_open();
 	if (db == NULL) {
 		cgi_error(500);
 		return;
@@ -68,7 +63,7 @@ handle_bookings(void)
 	}
 	db_close(db);
 
-	csrf = cgi_csrf_generate();
+	char *csrf = cgi_csrf_generate();
 	if (csrf == NULL) {
 		booking_list_free(&bl);
 		cgi_error(500);
@@ -95,7 +90,7 @@ handle_bookings(void)
 		printf("            </tr>\n");
 		printf("            </thead>\n");
 		printf("            <tbody>\n");
-		for (i = 0; i < bl.count; i++) {
+		for (int i = 0; i < bl.count; i++) {
 			memset(&tm, 0, sizeof(tm));
 			date_parse(bl.items[i].day, &tm);
 			date_display(&tm, display, sizeof(display));
blob - b9bc0166f3780ef9e26f8864fd888dfb71d3cba9
blob + 38f02a143898383191680571ede5d92d7e2a0404
--- cancel.c
+++ cancel.c
@@ -19,8 +19,6 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include <string.h>
-#include <time.h>
 
 #include "cgi.h"
 #include "db.h"
@@ -40,22 +38,17 @@
 void
 handle_cancel(void)
 {
-	const char	*user;
-	char		*body, *csrf_form, *desk, *day;
 	char		 datestr[16];
-	long		 content_length;
-	size_t		 nread;
 	struct tm	 tm;
-	sqlite3		*db;
 
-	user = getenv("REMOTE_USER");
+	const char *user = getenv("REMOTE_USER");
 	if (user == NULL || *user == '\0') {
 		cgi_error(401);
 		return;
 	}
 
-	/* Read POST body. */
-	content_length = 0;
+	/* Read the POST body. */
+	long content_length = 0;
 	if (getenv("CONTENT_LENGTH") != NULL)
 		content_length = strtol(getenv("CONTENT_LENGTH"), NULL, 10);
 	if (content_length <= 0 || content_length > MAX_BODY) {
@@ -63,16 +56,16 @@ handle_cancel(void)
 		return;
 	}
 
-	body = malloc((size_t)content_length + 1);
+	char *body = malloc((size_t) content_length + 1);
 	if (body == NULL) {
 		cgi_error(500);
 		return;
 	}
-	nread = fread(body, 1, (size_t)content_length, stdin);
+	const size_t nread = fread(body, 1, (size_t) content_length, stdin);
 	body[nread] = '\0';
 
 	/* CSRF check. */
-	csrf_form = cgi_form_get(body, CSRF_KEY);
+	char *csrf_form = cgi_form_get(body, CSRF_KEY);
 	if (!cgi_csrf_check(csrf_form)) {
 		free(csrf_form);
 		free(body);
@@ -82,7 +75,7 @@ handle_cancel(void)
 	free(csrf_form);
 
 	/* Parse date from form. */
-	day = cgi_form_get(body, DATE_KEY);
+	char *day = cgi_form_get(body, DATE_KEY);
 	if (day == NULL || *day == '\0') {
 		free(day);
 		free(body);
@@ -108,7 +101,7 @@ handle_cancel(void)
 	date_format(&tm, datestr, sizeof(datestr));
 
 	/* Get desk from form. */
-	desk = cgi_form_get(body, DESK_KEY);
+	char *desk = cgi_form_get(body, DESK_KEY);
 	free(body);
 	if (desk == NULL || *desk == '\0') {
 		free(desk);
@@ -117,7 +110,7 @@ handle_cancel(void)
 	}
 
 	/* Delete booking. */
-	db = db_open();
+	sqlite3 *db = db_open();
 	if (db == NULL) {
 		free(desk);
 		cgi_error_csrf(500);
blob - 3ee77039ef1f5508d98c9b838ba3c3e7bc425bc3
blob + de40dba51b9eddd5aaf7bb40ee982ad49c5313ba
--- cgi.c
+++ cgi.c
@@ -19,9 +19,7 @@
 
 #include <ctype.h>
 #include <stdio.h>
-#include <stdlib.h>
 #include <string.h>
-#include <time.h>
 
 #include "compat.h"
 #include "cgi.h"
@@ -31,7 +29,7 @@
  * Returns "Unknown" for unrecognised codes.
  */
 static const char *
-status_text(int code)
+status_text(const int code)
 {
 	switch (code) {
 	case 200:
@@ -63,7 +61,7 @@ status_text(int code)
  * Output the CGI Status header line.
  */
 void
-cgi_status(int code)
+cgi_status(const int code)
 {
 	printf("Status: %d %s\n", code, status_text(code));
 }
@@ -92,7 +90,7 @@ cgi_end_headers(void)
  * blank line, status text with trailing newline.
  */
 void
-cgi_error(int code)
+cgi_error(const int code)
 {
 	cgi_status(code);
 	cgi_header("Content-Type", "text/plain; charset=utf-8");
@@ -105,7 +103,7 @@ cgi_error(int code)
  * Used when CSRF validation succeeded but a subsequent check failed.
  */
 void
-cgi_error_csrf(int code)
+cgi_error_csrf(const int code)
 {
 	cgi_status(code);
 	cgi_header("Content-Type", "text/plain; charset=utf-8");
@@ -118,7 +116,7 @@ cgi_error_csrf(int code)
  * Output a CGI redirect response with HTML body (for GET redirects).
  */
 void
-cgi_redirect(int code, const char *location)
+cgi_redirect(const int code, const char *location)
 {
 	cgi_status(code);
 	cgi_header("Content-Type", "text/html; charset=utf-8");
@@ -134,7 +132,7 @@ cgi_redirect(int code, const char *location)
  * redirects). Headers only, no body.
  */
 void
-cgi_redirect_csrf(int code, const char *location)
+cgi_redirect_csrf(const int code, const char *location)
 {
 	cgi_status(code);
 	cgi_header("Content-Type", "text/plain; charset=utf-8");
@@ -150,16 +148,13 @@ cgi_redirect_csrf(int code, const char *location)
 void
 cgi_url_decode(char *s)
 {
-	char	*r, *w;
-	int	 hi, lo;
-
-	r = s;
-	w = s;
+	const char *r = s;
+	char *w = s;
 	while (*r != '\0') {
 		if (*r == '%' && isxdigit((unsigned char)r[1]) &&
 		    isxdigit((unsigned char)r[2])) {
-			hi = r[1];
-			lo = r[2];
+			int hi = r[1];
+			int lo = r[2];
 			if (hi >= '0' && hi <= '9')
 				hi -= '0';
 			else if (hi >= 'a' && hi <= 'f')
@@ -193,22 +188,21 @@ cgi_url_decode(char *s)
 static char *
 parse_params(const char *params, const char *key)
 {
-	char	*copy, *p, *pair, *k, *v, *result;
-	size_t	 keylen;
+	char *p, *pair;
 
 	if (params == NULL || key == NULL)
 		return NULL;
 
-	copy = strdup(params);
+	char *copy = strdup(params);
 	if (copy == NULL)
 		return NULL;
 
-	keylen = strlen(key);
-	result = NULL;
+	const size_t keylen = strlen(key);
+	char *result = NULL;
 	p = copy;
 	while ((pair = strsep(&p, "&")) != NULL) {
-		k = pair;
-		v = strchr(pair, '=');
+		const char *k = pair;
+		char *v = strchr(pair, '=');
 		if (v != NULL)
 			*v++ = '\0';
 		else
@@ -233,9 +227,7 @@ parse_params(const char *params, const char *key)
 char *
 cgi_query_get(const char *uri, const char *key)
 {
-	const char	*qs;
-
-	qs = getenv("QUERY_STRING");
+	const char *qs = getenv("QUERY_STRING");
 	if (qs != NULL)
 		return parse_params(qs, key);
 
@@ -265,27 +257,25 @@ cgi_form_get(const char *body, const char *key)
 char *
 cgi_cookie_get(const char *name)
 {
-	const char	*cookies;
-	char		*copy, *p, *pair, *k, *v, *result;
-	size_t		 namelen;
+	char *p, *pair;
 
-	cookies = getenv("HTTP_COOKIE");
+	const char *cookies = getenv("HTTP_COOKIE");
 	if (cookies == NULL)
 		return NULL;
 
-	copy = strdup(cookies);
+	char *copy = strdup(cookies);
 	if (copy == NULL)
 		return NULL;
 
-	namelen = strlen(name);
-	result = NULL;
+	const size_t namelen = strlen(name);
+	char *result = NULL;
 	p = copy;
 	while ((pair = strsep(&p, ";")) != NULL) {
 		/* Skip leading whitespace. */
 		while (*pair == ' ')
 			pair++;
-		k = pair;
-		v = strchr(pair, '=');
+		const char *k = pair;
+		char *v = strchr(pair, '=');
 		if (v == NULL)
 			continue;
 		*v++ = '\0';
@@ -334,14 +324,12 @@ char *
 cgi_csrf_generate(void)
 {
 	unsigned char	 buf[16];
-	char		*token;
-	int		 i;
 
 	arc4random_buf(buf, sizeof(buf));
-	token = malloc(sizeof(buf) * 2 + 1);
+	char *token = malloc(sizeof(buf) * 2 + 1);
 	if (token == NULL)
 		return NULL;
-	for (i = 0; i < (int)sizeof(buf); i++)
+	for (int i = 0; i < (int)sizeof(buf); i++)
 		snprintf(token + i * 2, 3, "%02x", buf[i]);
 	token[sizeof(buf) * 2] = '\0';
 	return token;
@@ -357,25 +345,21 @@ cgi_csrf_generate(void)
 int
 cgi_csrf_check(const char *form_token)
 {
-	char	*cookie_token;
-	size_t	 clen, flen;
-	int	 result;
-
 	if (form_token == NULL)
 		return 0;
 
-	cookie_token = cgi_cookie_get(CSRF_COOKIE);
+	char *cookie_token = cgi_cookie_get(CSRF_COOKIE);
 	if (cookie_token == NULL)
 		return 0;
 
-	clen = strlen(cookie_token);
-	flen = strlen(form_token);
+	const size_t clen = strlen(cookie_token);
+	const size_t flen = strlen(form_token);
 	if (clen != flen) {
 		free(cookie_token);
 		return 0;
 	}
 
-	result = timingsafe_bcmp(cookie_token, form_token, clen) == 0;
+	const int result = timingsafe_bcmp(cookie_token, form_token, clen) == 0;
 	free(cookie_token);
 	return result;
 }
@@ -424,11 +408,9 @@ int
 date_parse(const char *s, struct tm *tm)
 {
 	struct tm	check;
-	char		*end;
-	time_t		t;
 
 	memset(tm, 0, sizeof(*tm));
-	end = strptime(s, DATE_FORMAT, tm);
+	const char *end = strptime(s, DATE_FORMAT, tm);
 	if (end == NULL || *end != '\0')
 		return -1;
 
@@ -437,7 +419,7 @@ date_parse(const char *s, struct tm *tm)
 	 * Normalise via timegm and check the fields match.
 	 */
 	check = *tm;
-	t = timegm(&check);
+	const time_t t = timegm(&check);
 	if (t == -1)
 		return -1;
 	if (check.tm_year != tm->tm_year ||
@@ -460,7 +442,7 @@ int
 date_is_past(const struct tm *tm)
 {
 	struct tm	now_tm, date_tm;
-	time_t		now, date_t;
+	time_t		now;
 
 	time(&now);
 	gmtime_r(&now, &now_tm);
@@ -473,7 +455,7 @@ date_is_past(const struct tm *tm)
 	date_tm.tm_hour = 0;
 	date_tm.tm_min = 0;
 	date_tm.tm_sec = 0;
-	date_t = timegm(&date_tm);
+	const time_t date_t = timegm(&date_tm);
 
 	return date_t < now;
 }
@@ -483,7 +465,7 @@ date_is_past(const struct tm *tm)
  * storage format used in the SQLite database.
  */
 void
-date_format(const struct tm *tm, char *buf, size_t len)
+date_format(const struct tm *tm, char *buf, const size_t len)
 {
 	strftime(buf, len, DATE_FORMAT, tm);
 }
@@ -493,7 +475,7 @@ date_format(const struct tm *tm, char *buf, size_t len
  * in the web interface.
  */
 void
-date_display(const struct tm *tm, char *buf, size_t len)
+date_display(const struct tm *tm, char *buf, const size_t len)
 {
 	strftime(buf, len, DISPLAY_FORMAT, tm);
 }
blob - 6f48fbebbf98ce1f64b54e3ea0067d1d6ae45247
blob + f4933bb712cfd193bb25477a22f5c3cba52a632e
--- compat.h
+++ compat.h
@@ -27,7 +27,6 @@
 
 #include <stdint.h>
 #include <stdlib.h>
-#include <string.h>
 #include <errno.h>
 
 #ifdef __OpenBSD__
@@ -41,7 +40,7 @@
  */
 #if !defined(__OpenBSD__) && !defined(__GLIBC__)
 static inline void *
-reallocarray(void *ptr, size_t nmemb, size_t size)
+reallocarray(void *ptr, const size_t nmemb, const size_t size)
 {
 	if (size != 0 && nmemb > SIZE_MAX / size) {
 		errno = ENOMEM;
blob - 7b2f72e426c9903569db71a8bf853b4e534299ec
blob + b745ccfa5054efe73679b26ea20e4399160a90ab
--- dateform.c
+++ dateform.c
@@ -20,7 +20,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <time.h>
 
 #include "cgi.h"
 #include "dateform.h"
@@ -39,12 +38,11 @@ static const char dateform_page[] = {
 void
 handle_dateform(void)
 {
-	const char	*uri;
-	char		*day, redirect[256], datestr[16];
+	char redirect[256], datestr[16];
 	struct tm	 tm;
 
-	uri = getenv("REQUEST_URI");
-	day = cgi_query_get(uri, DATE_KEY);
+	const char *uri = getenv("REQUEST_URI");
+	char *day = cgi_query_get(uri, DATE_KEY);
 	if (day == NULL || *day == '\0') {
 		free(day);
 		cgi_status(200);
blob - c71ddc557a089d362a3c74f5223f05cf817d80b9
blob + 6965fc60f248b87956a53fc2097f3c0a477cb72d
--- db.c
+++ db.c
@@ -18,7 +18,6 @@
  */
 
 #include <stdio.h>
-#include <stdlib.h>
 #include <string.h>
 
 #include <sqlite3.h>
@@ -70,21 +69,19 @@ static const char sql_delete_booking[] = {
 char *
 dsn_to_path(const char *dsn)
 {
-	const char	*start, *end;
-	char		*path;
 	size_t		 len;
 
-	start = dsn;
+	const char *start = dsn;
 	if (strncmp(start, "file:", 5) == 0)
 		start += 5;
 
-	end = strchr(start, '?');
+	const char *end = strchr(start, '?');
 	if (end != NULL)
 		len = (size_t)(end - start);
 	else
 		len = strlen(start);
 
-	path = malloc(len + 1);
+	char *path = malloc(len + 1);
 	if (path == NULL)
 		return NULL;
 	memcpy(path, start, len);
@@ -103,10 +100,9 @@ dsn_to_path(const char *dsn)
 sqlite3 *
 db_open(void)
 {
-	const char	*dsn;
 	sqlite3		*db;
 
-	dsn = getenv(DESKD_DB_ENV);
+	const char *dsn = getenv(DESKD_DB_ENV);
 	if (dsn == NULL || *dsn == '\0') {
 		fprintf(stderr, "DESKD_DB not set\n");
 		return NULL;
@@ -184,13 +180,10 @@ static int
 booking_list_add(struct booking_list *bl, const char *user, const char *desk,
     const char *day)
 {
-	struct booking	*new_items;
-	int		 newcap;
-
 	if (bl->count >= bl->cap) {
-		newcap = bl->cap == 0 ? 8 : bl->cap * 2;
-		new_items = reallocarray(bl->items, newcap,
-		    sizeof(struct booking));
+		const int newcap = bl->cap == 0 ? 8 : bl->cap * 2;
+		struct booking *new_items = reallocarray(bl->items, newcap,
+		                                         sizeof(struct booking));
 		if (new_items == NULL)
 			return -1;
 		bl->items = new_items;
@@ -220,9 +213,7 @@ booking_list_add(struct booking_list *bl, const char *
 void
 booking_list_free(struct booking_list *bl)
 {
-	int	i;
-
-	for (i = 0; i < bl->count; i++) {
+	for (int i = 0; i < bl->count; i++) {
 		free(bl->items[i].user);
 		free(bl->items[i].desk);
 		free(bl->items[i].day);
@@ -242,13 +233,10 @@ booking_list_free(struct booking_list *bl)
 static int
 desk_list_add(struct desk_list *dl, const char *desk)
 {
-	char	**new_items;
-	int	  newcap;
-
 	if (dl->count >= dl->cap) {
-		newcap = dl->cap == 0 ? 8 : dl->cap * 2;
-		new_items = reallocarray(dl->items, newcap,
-		    sizeof(char *));
+		const int newcap = dl->cap == 0 ? 8 : dl->cap * 2;
+		char **new_items = reallocarray(dl->items, newcap,
+		                                sizeof(char *));
 		if (new_items == NULL)
 			return -1;
 		dl->items = new_items;
@@ -270,9 +258,7 @@ desk_list_add(struct desk_list *dl, const char *desk)
 void
 desk_list_free(struct desk_list *dl)
 {
-	int	i;
-
-	for (i = 0; i < dl->count; i++)
+	for (int i = 0; i < dl->count; i++)
 		free(dl->items[i]);
 	free(dl->items);
 	dl->items = NULL;
@@ -425,10 +411,9 @@ db_insert_booking(sqlite3 *db, const char *user, const
     const char *day)
 {
 	sqlite3_stmt	*stmt;
-	int		 rc;
 
 	if (sqlite3_prepare_v2(db, sql_insert_booking, -1, &stmt,
-	    NULL) != SQLITE_OK) {
+	                       NULL) != SQLITE_OK) {
 		fprintf(stderr, "prepare insert booking: %s\n",
 		    sqlite3_errmsg(db));
 		return -1;
@@ -438,7 +423,7 @@ db_insert_booking(sqlite3 *db, const char *user, const
 	sqlite3_bind_text(stmt, 2, desk, -1, SQLITE_STATIC);
 	sqlite3_bind_text(stmt, 3, day, -1, SQLITE_STATIC);
 
-	rc = sqlite3_step(stmt);
+	const int rc = sqlite3_step(stmt);
 	sqlite3_finalize(stmt);
 
 	if (rc != SQLITE_DONE) {
@@ -456,10 +441,9 @@ db_delete_booking(sqlite3 *db, const char *user, const
     const char *day)
 {
 	sqlite3_stmt	*stmt;
-	int		 rc;
 
 	if (sqlite3_prepare_v2(db, sql_delete_booking, -1, &stmt,
-	    NULL) != SQLITE_OK) {
+	                       NULL) != SQLITE_OK) {
 		fprintf(stderr, "prepare delete booking: %s\n",
 		    sqlite3_errmsg(db));
 		return -1;
@@ -469,7 +453,7 @@ db_delete_booking(sqlite3 *db, const char *user, const
 	sqlite3_bind_text(stmt, 2, desk, -1, SQLITE_STATIC);
 	sqlite3_bind_text(stmt, 3, day, -1, SQLITE_STATIC);
 
-	rc = sqlite3_step(stmt);
+	const int rc = sqlite3_step(stmt);
 	sqlite3_finalize(stmt);
 
 	if (rc != SQLITE_DONE) {
blob - 57b02ef03332df05db7112fcd4a0e33fc440e9ea
blob + d65eb69ee4e046155131a909de53b5e85e5f3e47
--- deskd.c
+++ deskd.c
@@ -18,7 +18,6 @@
  */
 
 #include <stdio.h>
-#include <stdlib.h>
 #include <string.h>
 
 #include "compat.h"
@@ -39,9 +38,7 @@
 static void
 handle_migrate(void)
 {
-	sqlite3	*db;
-
-	db = db_open();
+	sqlite3 *db = db_open();
 	if (db == NULL) {
 		fprintf(stderr, "cannot open database for migration\n");
 		exit(1);
@@ -55,20 +52,16 @@ handle_migrate(void)
 }
 
 int
-main(int argc, char *argv[])
+main(const int argc, char *argv[])
 {
-	const char	*method, *uri, *path, *dsn;
-	char		*path_copy, *qmark, *dbpath;
-	size_t		 pathlen;
-
 	/* Sandbox the process before any I/O. */
-	dsn = getenv(DESKD_DB_ENV);
+	const char *dsn = getenv(DESKD_DB_ENV);
 	if (dsn == NULL || *dsn == '\0') {
 		fprintf(stderr, "DESKD_DB environment variable not set\n");
 		return 1;
 	}
 
-	dbpath = dsn_to_path(dsn);
+	char *dbpath = dsn_to_path(dsn);
 	if (dbpath == NULL) {
 		fprintf(stderr, "cannot resolve database path\n");
 		return 1;
@@ -123,8 +116,8 @@ main(int argc, char *argv[])
 		return 0;
 	}
 
-	method = getenv("REQUEST_METHOD");
-	uri = getenv("REQUEST_URI");
+	const char *method = getenv("REQUEST_METHOD");
+	const char *uri = getenv("REQUEST_URI");
 
 	if (method == NULL || uri == NULL) {
 		fprintf(stderr, "missing CGI environment variables\n");
@@ -132,14 +125,14 @@ main(int argc, char *argv[])
 	}
 
 	/* Strip query string from URI to get the path. */
-	path_copy = strdup(uri);
+	char *path_copy = strdup(uri);
 	if (path_copy == NULL)
 		return 1;
-	qmark = strchr(path_copy, '?');
+	char *qmark = strchr(path_copy, '?');
 	if (qmark != NULL)
 		*qmark = '\0';
-	path = path_copy;
-	pathlen = strlen(path);
+	const char *path = path_copy;
+	const size_t pathlen = strlen(path);
 
 	/* Route the request. */
 	if (strcmp(path, "/") == 0) {
blob - 97586a221251e1bb38025716e679349ef929302b
blob + bef6db47e8341c5996ceea5ac7539666827efb2a
--- natural.c
+++ natural.c
@@ -30,20 +30,15 @@
  * For example: "foo1", "foo2", "foo10" instead of "foo1", "foo10", "foo2".
  */
 int
-natural_compare(void *arg, int len1, const void *v1, int len2,
+natural_compare(void *arg, const int len1, const void *v1, const int len2,
     const void *v2)
 {
-	const char	*s1, *s2;
-	const char	*e1, *e2;
-	const char	*n1, *n2;
-	int		 nlen1, nlen2;
-
 	(void)arg;
 
-	s1 = v1;
-	s2 = v2;
-	e1 = s1 + len1;
-	e2 = s2 + len2;
+	const char *s1 = v1;
+	const char *s2 = v2;
+	const char *e1 = s1 + len1;
+	const char *e2 = s2 + len2;
 
 	while (s1 < e1 && s2 < e2) {
 		if (isdigit((unsigned char)*s1) &&
@@ -55,15 +50,15 @@ natural_compare(void *arg, int len1, const void *v1, i
 				s2++;
 
 			/* Find end of numeric run. */
-			n1 = s1;
+			const char *n1 = s1;
 			while (s1 < e1 && isdigit((unsigned char)*s1))
 				s1++;
-			n2 = s2;
+			const char *n2 = s2;
 			while (s2 < e2 && isdigit((unsigned char)*s2))
 				s2++;
 
-			nlen1 = (int)(s1 - n1);
-			nlen2 = (int)(s2 - n2);
+			const int nlen1 = (int) (s1 - n1);
+			const int nlen2 = (int) (s2 - n2);
 
 			/* Longer number is larger. */
 			if (nlen1 != nlen2)
@@ -71,9 +66,7 @@ natural_compare(void *arg, int len1, const void *v1, i
 
 			/* Same length, compare digit by digit. */
 			if (nlen1 > 0) {
-				int cmp;
-
-				cmp = memcmp(n1, n2, nlen1);
+				const int cmp = memcmp(n1, n2, nlen1);
 				if (cmp != 0)
 					return cmp;
 			}