powerel7
/
web
2
0
Fork 0
Code Issues Pull Requests Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
355 Commits
1 Branch
0 Tags
2.3 MiB
 
 
 
 
 
 
Tree: b657724892
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b657724892'
${ noResults }
web/SOURCES/bind99-coverity-fixes.patch

307 lines
9.2 KiB
Raw Blame History

From 127701d9d32e568f09c775e722286e9c0b8c72ec Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Fri, 22 May 2015 16:56:25 +0200
Subject: [PATCH] Fix coverity issues
http://cov01.lab.eng.brq.redhat.com/covscanhub/waiving/9377/
Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
bin/named/server.c | 8 +++-----
lib/dns/dispatch.c | 5 +++--
lib/dns/dst_api.c | 6 ++++++
lib/dns/gen.c | 16 +++++++++++++++-
lib/dns/name.c | 8 ++------
lib/dns/nsec3.c | 4 ++--
lib/dns/rcode.c | 4 +++-
lib/isc/netaddr.c | 1 +
lib/isc/pk11.c | 21 ++++++++++++++-------
9 files changed, 49 insertions(+), 24 deletions(-)
diff --git a/bin/named/server.c b/bin/named/server.c
index 227c646..5e94660 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -8018,9 +8018,11 @@ ns_server_sync(ns_server_t *server, char *args, isc_buffer_t *text) {
dns_zone_t *zone = NULL;
char classstr[DNS_RDATACLASS_FORMATSIZE];
char zonename[DNS_NAME_FORMATSIZE];
- const char *vname, *sep, *msg = NULL, *arg;
+ const char *vname, *sep, *arg;
isc_boolean_t cleanup = ISC_FALSE;
+ UNUSED(text);
+
(void) next_token(&args, " \t");
arg = next_token(&args, " \t");
@@ -8061,10 +8063,6 @@ ns_server_sync(ns_server_t *server, char *args, isc_buffer_t *text) {
result = synczone(zone, &cleanup);
isc_task_endexclusive(server->task);
- if (msg != NULL && strlen(msg) < isc_buffer_availablelength(text))
- isc_buffer_putmem(text, (const unsigned char *)msg,
- strlen(msg) + 1);
-
view = dns_zone_getview(zone);
if (strcmp(view->name, "_default") == 0 ||
strcmp(view->name, "_bind") == 0)
diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c
index 5063914..c93651d 100644
--- a/lib/dns/dispatch.c
+++ b/lib/dns/dispatch.c
@@ -2278,9 +2278,10 @@ dns_dispatchmgr_setudp(dns_dispatchmgr_t *mgr,
/* Create or adjust socket pool */
if (mgr->spool != NULL) {
- if (maxrequests < DNS_DISPATCH_POOLSOCKS * 2)
+ if (maxrequests < DNS_DISPATCH_POOLSOCKS * 2) {
isc_mempool_setmaxalloc(mgr->spool, DNS_DISPATCH_POOLSOCKS * 2);
isc_mempool_setfreemax(mgr->spool, DNS_DISPATCH_POOLSOCKS * 2);
+ }
UNLOCK(&mgr->buffer_lock);
return (ISC_R_SUCCESS);
}
@@ -3765,7 +3766,7 @@ dns_dispatchset_create(isc_mem_t *mctx, isc_socketmgr_t *sockmgr,
goto fail_alloc;
dset->dispatches = isc_mem_get(mctx, sizeof(dns_dispatch_t *) * n);
- if (dset == NULL) {
+ if (dset->dispatches == NULL) {
result = ISC_R_NOMEMORY;
goto fail_lock;
}
diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
index d96473f..e71f202 100644
--- a/lib/dns/dst_api.c
+++ b/lib/dns/dst_api.c
@@ -1882,6 +1882,9 @@ dst__entropy_getdata(void *buf, unsigned int len, isc_boolean_t pseudo) {
#ifdef BIND9
unsigned int flags = dst_entropy_flags;
+ if (dst_entropy_pool == NULL)
+ return (ISC_R_FAILURE);
+
if (len == 0)
return (ISC_R_SUCCESS);
@@ -1914,6 +1917,9 @@ dst__entropy_status(void) {
unsigned char buf[32];
static isc_boolean_t first = ISC_TRUE;
+ if (dst_entropy_pool == NULL)
+ return (0);
+
if (first) {
/* Someone believes RAND_status() initializes the PRNG */
flags &= ~ISC_ENTROPY_GOODONLY;
diff --git a/lib/dns/gen.c b/lib/dns/gen.c
index 6b533dd..548f892 100644
--- a/lib/dns/gen.c
+++ b/lib/dns/gen.c
@@ -335,10 +335,14 @@ insert_into_typenames(int type, const char *typename, const char *attr) {
typename);
exit(1);
}
+
strncpy(ttn->typename, typename, sizeof(ttn->typename));
- ttn->type = type;
+ ttn->typename[sizeof(ttn->typename) - 1] = '\0';
strncpy(ttn->macroname, ttn->typename, sizeof(ttn->macroname));
+ ttn->macroname[sizeof(ttn->macroname) - 1] = '\0';
+
+ ttn->type = type;
c = strlen(ttn->macroname);
while (c > 0) {
if (ttn->macroname[c - 1] == '-')
@@ -364,7 +368,10 @@ insert_into_typenames(int type, const char *typename, const char *attr) {
attr, typename);
exit(1);
}
+
strncpy(ttn->attr, attr, sizeof(ttn->attr));
+ ttn->attr[sizeof(ttn->attr) - 1] = '\0';
+
ttn->sorted = 0;
if (maxtype < type)
maxtype = type;
@@ -393,11 +400,17 @@ add(int rdclass, const char *classname, int type, const char *typename,
newtt->next = NULL;
newtt->rdclass = rdclass;
newtt->type = type;
+
strncpy(newtt->classname, classname, sizeof(newtt->classname));
+ newtt->classname[sizeof(newtt->classname) - 1] = '\0';
+
strncpy(newtt->typename, typename, sizeof(newtt->typename));
+ newtt->typename[sizeof(newtt->typename) - 1] = '\0';
+
if (strncmp(dirname, "./", 2) == 0)
dirname += 2;
strncpy(newtt->dirname, dirname, sizeof(newtt->dirname));
+ newtt->dirname[sizeof(newtt->dirname) - 1] = '\0';
tt = types;
oldtt = NULL;
@@ -436,6 +449,7 @@ add(int rdclass, const char *classname, int type, const char *typename,
}
newcc->rdclass = rdclass;
strncpy(newcc->classname, classname, sizeof(newcc->classname));
+ newcc->classname[sizeof(newcc->classname) - 1] = '\0';
cc = classes;
oldcc = NULL;
diff --git a/lib/dns/name.c b/lib/dns/name.c
index 4fcabb1..93173ee 100644
--- a/lib/dns/name.c
+++ b/lib/dns/name.c
@@ -1859,7 +1859,6 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source,
0)
return (DNS_R_DISALLOWED);
new_current = c & 0x3F;
- n = 1;
state = fw_newcurrent;
} else
return (DNS_R_BADLABELTYPE);
@@ -1867,8 +1866,6 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source,
case fw_ordinary:
if (downcase)
c = maptolower[c];
- /* FALLTHROUGH */
- case fw_copy:
*ndata++ = c;
n--;
if (n == 0)
@@ -1877,9 +1874,6 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source,
case fw_newcurrent:
new_current *= 256;
new_current += c;
- n--;
- if (n != 0)
- break;
if (new_current >= biggest_pointer)
return (DNS_R_BADPOINTER);
biggest_pointer = new_current;
@@ -2398,6 +2392,8 @@ dns_name_tostring(dns_name_t *name, char **target, isc_mem_t *mctx) {
isc_buffer_usedregion(&buf, &reg);
p = isc_mem_allocate(mctx, reg.length + 1);
+ if (p == NULL)
+ return (ISC_R_NOMEMORY);
memcpy(p, (char *) reg.base, (int) reg.length);
p[reg.length] = '\0';
diff --git a/lib/dns/nsec3.c b/lib/dns/nsec3.c
index 935f515..86fad33 100644
--- a/lib/dns/nsec3.c
+++ b/lib/dns/nsec3.c
@@ -842,8 +842,8 @@ dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version,
dns_db_detachnode(db, &newnode);
} while (1);
- if (result == ISC_R_NOMORE)
- result = ISC_R_SUCCESS;
+ /* result cannot be ISC_R_NOMORE here */
+ INSIST(result != ISC_R_NOMORE);
failure:
if (dbit != NULL)
diff --git a/lib/dns/rcode.c b/lib/dns/rcode.c
index 0b7fe8c..091b3c7 100644
--- a/lib/dns/rcode.c
+++ b/lib/dns/rcode.c
@@ -216,7 +216,9 @@ maybe_numeric(unsigned int *valuep, isc_textregion_t *source,
* isc_parse_uint32(). isc_parse_uint32() requires
* null termination, so we must make a copy.
*/
- strncpy(buffer, source->base, NUMBERSIZE);
+ strncpy(buffer, source->base, sizeof(buffer));
+ buffer[sizeof(buffer) - 1] = '\0';
+
INSIST(buffer[source->length] == '\0');
result = isc_parse_uint32(&n, buffer, 10);
diff --git a/lib/isc/netaddr.c b/lib/isc/netaddr.c
index 5cce1bc..6706542 100644
--- a/lib/isc/netaddr.c
+++ b/lib/isc/netaddr.c
@@ -235,6 +235,7 @@ isc_netaddr_prefixok(const isc_netaddr_t *na, unsigned int prefixlen) {
nbytes = prefixlen / 8;
nbits = prefixlen % 8;
if (nbits != 0) {
+ INSIST(nbytes < ipbytes);
if ((p[nbytes] & (0xff>>nbits)) != 0U)
return (ISC_R_FAILURE);
nbytes++;
diff --git a/lib/isc/pk11.c b/lib/isc/pk11.c
index 015bff2..de4479b 100644
--- a/lib/isc/pk11.c
+++ b/lib/isc/pk11.c
@@ -130,7 +130,10 @@
#include <pkcs11/cryptoki.h>
#include <pkcs11/pkcs11.h>
-#define PINLEN 32
+/* was 32 octets, Petr Spacek suggested 1024, SoftHSMv2 uses 256... */
+#ifndef PINLEN
+#define PINLEN 256
+#endif
#ifndef PK11_NO_LOGERR
#define PK11_NO_LOGERR 1
@@ -163,7 +166,7 @@ struct pk11_token {
char manuf[32];
char model[16];
char serial[16];
- char pin[PINLEN];
+ char pin[PINLEN + 1];
};
static ISC_LIST(pk11_token_t) tokens;
@@ -498,7 +501,9 @@ pk11_get_session(pk11_context_t *ctx, pk11_optype_t optype,
/* Override the token's PIN */
if (logon && pin != NULL && *pin != '\0') {
- memset(token->pin, 0, PINLEN);
+ if (strlen(pin) > PINLEN)
+ return ISC_R_RANGE;
+ memset(token->pin, 0, PINLEN + 1);
strncpy(token->pin, pin, PINLEN);
}
@@ -1099,7 +1104,7 @@ pk11_parse_uri(pk11_object_t *obj, const char *label,
char *uri, *p, *a, *na, *v;
size_t len, l;
FILE *stream = NULL;
- char pin[PINLEN];
+ char pin[PINLEN + 1];
isc_boolean_t gotpin = ISC_FALSE;
isc_result_t ret;
@@ -1207,10 +1212,12 @@ pk11_parse_uri(pk11_object_t *obj, const char *label,
ret = isc_stdio_open(v, "r", &stream);
if (ret != ISC_R_SUCCESS)
goto err;
- memset(pin, 0, PINLEN);
- ret = isc_stdio_read(pin, 1, PINLEN - 1, stream, NULL);
+ memset(pin, 0, PINLEN + 1);
+ ret = isc_stdio_read(pin, 1, PINLEN + 1, stream, &l);
if ((ret != ISC_R_SUCCESS) && (ret != ISC_R_EOF))
goto err;
+ if (l > PINLEN)
+ DST_RET(ISC_R_RANGE);
ret = isc_stdio_close(stream);
stream = NULL;
if (ret != ISC_R_SUCCESS)
@@ -1238,7 +1245,7 @@ pk11_parse_uri(pk11_object_t *obj, const char *label,
DST_RET(ISC_R_NOTFOUND);
obj->slot = token->slotid;
if (gotpin) {
- memmove(token->pin, pin, PINLEN);
+ memmove(token->pin, pin, PINLEN + 1);
obj->reqlogon = ISC_TRUE;
}
--
2.1.0