d56ed2
From 127701d9d32e568f09c775e722286e9c0b8c72ec Mon Sep 17 00:00:00 2001
d56ed2
From: Tomas Hozza <thozza@redhat.com>
d56ed2
Date: Fri, 22 May 2015 16:56:25 +0200
d56ed2
Subject: [PATCH] Fix coverity issues
d56ed2
d56ed2
http://cov01.lab.eng.brq.redhat.com/covscanhub/waiving/9377/
d56ed2
Signed-off-by: Tomas Hozza <thozza@redhat.com>
d56ed2
---
d56ed2
 bin/named/server.c |  8 +++-----
d56ed2
 lib/dns/dispatch.c |  5 +++--
d56ed2
 lib/dns/dst_api.c  |  6 ++++++
d56ed2
 lib/dns/gen.c      | 16 +++++++++++++++-
d56ed2
 lib/dns/name.c     |  8 ++------
d56ed2
 lib/dns/nsec3.c    |  4 ++--
d56ed2
 lib/dns/rcode.c    |  4 +++-
d56ed2
 lib/isc/netaddr.c  |  1 +
d56ed2
 lib/isc/pk11.c     | 21 ++++++++++++++-------
d56ed2
 9 files changed, 49 insertions(+), 24 deletions(-)
d56ed2
d56ed2
diff --git a/bin/named/server.c b/bin/named/server.c
d56ed2
index 227c646..5e94660 100644
d56ed2
--- a/bin/named/server.c
d56ed2
+++ b/bin/named/server.c
d56ed2
@@ -8018,9 +8018,11 @@ ns_server_sync(ns_server_t *server, char *args, isc_buffer_t *text) {
d56ed2
 	dns_zone_t *zone = NULL;
d56ed2
 	char classstr[DNS_RDATACLASS_FORMATSIZE];
d56ed2
 	char zonename[DNS_NAME_FORMATSIZE];
d56ed2
-	const char *vname, *sep, *msg = NULL, *arg;
d56ed2
+	const char *vname, *sep, *arg;
d56ed2
 	isc_boolean_t cleanup = ISC_FALSE;
d56ed2
 
d56ed2
+	UNUSED(text);
d56ed2
+
d56ed2
 	(void) next_token(&args, " \t");
d56ed2
 
d56ed2
 	arg = next_token(&args, " \t");
d56ed2
@@ -8061,10 +8063,6 @@ ns_server_sync(ns_server_t *server, char *args, isc_buffer_t *text) {
d56ed2
 	result = synczone(zone, &cleanup);
d56ed2
 	isc_task_endexclusive(server->task);
d56ed2
 
d56ed2
-	if (msg != NULL && strlen(msg) < isc_buffer_availablelength(text))
d56ed2
-		isc_buffer_putmem(text, (const unsigned char *)msg,
d56ed2
-				  strlen(msg) + 1);
d56ed2
-
d56ed2
 	view = dns_zone_getview(zone);
d56ed2
 	if (strcmp(view->name, "_default") == 0 ||
d56ed2
 	    strcmp(view->name, "_bind") == 0)
d56ed2
diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c
d56ed2
index 5063914..c93651d 100644
d56ed2
--- a/lib/dns/dispatch.c
d56ed2
+++ b/lib/dns/dispatch.c
d56ed2
@@ -2278,9 +2278,10 @@ dns_dispatchmgr_setudp(dns_dispatchmgr_t *mgr,
d56ed2
 
d56ed2
 	/* Create or adjust socket pool */
d56ed2
 	if (mgr->spool != NULL) {
d56ed2
-		if (maxrequests < DNS_DISPATCH_POOLSOCKS * 2)
d56ed2
+		if (maxrequests < DNS_DISPATCH_POOLSOCKS * 2) {
d56ed2
 		  isc_mempool_setmaxalloc(mgr->spool, DNS_DISPATCH_POOLSOCKS * 2);
d56ed2
 		  isc_mempool_setfreemax(mgr->spool, DNS_DISPATCH_POOLSOCKS * 2);
d56ed2
+		}
d56ed2
 		UNLOCK(&mgr->buffer_lock);
d56ed2
 		return (ISC_R_SUCCESS);
d56ed2
 	}
d56ed2
@@ -3765,7 +3766,7 @@ dns_dispatchset_create(isc_mem_t *mctx, isc_socketmgr_t *sockmgr,
d56ed2
 		goto fail_alloc;
d56ed2
 
d56ed2
 	dset->dispatches = isc_mem_get(mctx, sizeof(dns_dispatch_t *) * n);
d56ed2
-	if (dset == NULL) {
d56ed2
+	if (dset->dispatches == NULL) {
d56ed2
 		result = ISC_R_NOMEMORY;
d56ed2
 		goto fail_lock;
d56ed2
 	}
d56ed2
diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
d56ed2
index d96473f..e71f202 100644
d56ed2
--- a/lib/dns/dst_api.c
d56ed2
+++ b/lib/dns/dst_api.c
d56ed2
@@ -1882,6 +1882,9 @@ dst__entropy_getdata(void *buf, unsigned int len, isc_boolean_t pseudo) {
d56ed2
 #ifdef BIND9
d56ed2
 	unsigned int flags = dst_entropy_flags;
d56ed2
 
d56ed2
+	if (dst_entropy_pool == NULL)
d56ed2
+		return (ISC_R_FAILURE);
d56ed2
+
d56ed2
 	if (len == 0)
d56ed2
 		return (ISC_R_SUCCESS);
d56ed2
 
d56ed2
@@ -1914,6 +1917,9 @@ dst__entropy_status(void) {
d56ed2
 	unsigned char buf[32];
d56ed2
 	static isc_boolean_t first = ISC_TRUE;
d56ed2
 
d56ed2
+	if (dst_entropy_pool == NULL)
d56ed2
+		return (0);
d56ed2
+
d56ed2
 	if (first) {
d56ed2
 		/* Someone believes RAND_status() initializes the PRNG */
d56ed2
 		flags &= ~ISC_ENTROPY_GOODONLY;
d56ed2
diff --git a/lib/dns/gen.c b/lib/dns/gen.c
d56ed2
index 6b533dd..548f892 100644
d56ed2
--- a/lib/dns/gen.c
d56ed2
+++ b/lib/dns/gen.c
d56ed2
@@ -335,10 +335,14 @@ insert_into_typenames(int type, const char *typename, const char *attr) {
d56ed2
 			typename);
d56ed2
 		exit(1);
d56ed2
 	}
d56ed2
+
d56ed2
 	strncpy(ttn->typename, typename, sizeof(ttn->typename));
d56ed2
-	ttn->type = type;
d56ed2
+	ttn->typename[sizeof(ttn->typename) - 1] = '\0';
d56ed2
 
d56ed2
 	strncpy(ttn->macroname, ttn->typename, sizeof(ttn->macroname));
d56ed2
+	ttn->macroname[sizeof(ttn->macroname) - 1] = '\0';
d56ed2
+
d56ed2
+	ttn->type = type;
d56ed2
 	c = strlen(ttn->macroname);
d56ed2
 	while (c > 0) {
d56ed2
 		if (ttn->macroname[c - 1] == '-')
d56ed2
@@ -364,7 +368,10 @@ insert_into_typenames(int type, const char *typename, const char *attr) {
d56ed2
 			attr, typename);
d56ed2
 		exit(1);
d56ed2
 	}
d56ed2
+
d56ed2
 	strncpy(ttn->attr, attr, sizeof(ttn->attr));
d56ed2
+	ttn->attr[sizeof(ttn->attr) - 1] = '\0';
d56ed2
+
d56ed2
 	ttn->sorted = 0;
d56ed2
 	if (maxtype < type)
d56ed2
 		maxtype = type;
d56ed2
@@ -393,11 +400,17 @@ add(int rdclass, const char *classname, int type, const char *typename,
d56ed2
 	newtt->next = NULL;
d56ed2
 	newtt->rdclass = rdclass;
d56ed2
 	newtt->type = type;
d56ed2
+
d56ed2
 	strncpy(newtt->classname, classname, sizeof(newtt->classname));
d56ed2
+	newtt->classname[sizeof(newtt->classname) - 1] = '\0';
d56ed2
+
d56ed2
 	strncpy(newtt->typename, typename, sizeof(newtt->typename));
d56ed2
+	newtt->typename[sizeof(newtt->typename) - 1] = '\0';
d56ed2
+
d56ed2
 	if (strncmp(dirname, "./", 2) == 0)
d56ed2
 		dirname += 2;
d56ed2
 	strncpy(newtt->dirname, dirname, sizeof(newtt->dirname));
d56ed2
+	newtt->dirname[sizeof(newtt->dirname) - 1] = '\0';
d56ed2
 
d56ed2
 	tt = types;
d56ed2
 	oldtt = NULL;
d56ed2
@@ -436,6 +449,7 @@ add(int rdclass, const char *classname, int type, const char *typename,
d56ed2
 	}
d56ed2
 	newcc->rdclass = rdclass;
d56ed2
 	strncpy(newcc->classname, classname, sizeof(newcc->classname));
d56ed2
+	newcc->classname[sizeof(newcc->classname) - 1] = '\0';
d56ed2
 	cc = classes;
d56ed2
 	oldcc = NULL;
d56ed2
 
d56ed2
diff --git a/lib/dns/name.c b/lib/dns/name.c
d56ed2
index 4fcabb1..93173ee 100644
d56ed2
--- a/lib/dns/name.c
d56ed2
+++ b/lib/dns/name.c
d56ed2
@@ -1859,7 +1859,6 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source,
d56ed2
 				    0)
d56ed2
 					return (DNS_R_DISALLOWED);
d56ed2
 				new_current = c & 0x3F;
d56ed2
-				n = 1;
d56ed2
 				state = fw_newcurrent;
d56ed2
 			} else
d56ed2
 				return (DNS_R_BADLABELTYPE);
d56ed2
@@ -1867,8 +1866,6 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source,
d56ed2
 		case fw_ordinary:
d56ed2
 			if (downcase)
d56ed2
 				c = maptolower[c];
d56ed2
-			/* FALLTHROUGH */
d56ed2
-		case fw_copy:
d56ed2
 			*ndata++ = c;
d56ed2
 			n--;
d56ed2
 			if (n == 0)
d56ed2
@@ -1877,9 +1874,6 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source,
d56ed2
 		case fw_newcurrent:
d56ed2
 			new_current *= 256;
d56ed2
 			new_current += c;
d56ed2
-			n--;
d56ed2
-			if (n != 0)
d56ed2
-				break;
d56ed2
 			if (new_current >= biggest_pointer)
d56ed2
 				return (DNS_R_BADPOINTER);
d56ed2
 			biggest_pointer = new_current;
d56ed2
@@ -2398,6 +2392,8 @@ dns_name_tostring(dns_name_t *name, char **target, isc_mem_t *mctx) {
d56ed2
 
d56ed2
 	isc_buffer_usedregion(&buf, ®);
d56ed2
 	p = isc_mem_allocate(mctx, reg.length + 1);
d56ed2
+	if (p == NULL)
d56ed2
+		return (ISC_R_NOMEMORY);
d56ed2
 	memcpy(p, (char *) reg.base, (int) reg.length);
d56ed2
 	p[reg.length] = '\0';
d56ed2
 
d56ed2
diff --git a/lib/dns/nsec3.c b/lib/dns/nsec3.c
d56ed2
index 935f515..86fad33 100644
d56ed2
--- a/lib/dns/nsec3.c
d56ed2
+++ b/lib/dns/nsec3.c
d56ed2
@@ -842,8 +842,8 @@ dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version,
d56ed2
 		dns_db_detachnode(db, &newnode);
d56ed2
 	} while (1);
d56ed2
 
d56ed2
-	if (result == ISC_R_NOMORE)
d56ed2
-		result = ISC_R_SUCCESS;
d56ed2
+	/* result cannot be ISC_R_NOMORE here */
d56ed2
+	INSIST(result != ISC_R_NOMORE);
d56ed2
 
d56ed2
  failure:
d56ed2
 	if (dbit != NULL)
d56ed2
diff --git a/lib/dns/rcode.c b/lib/dns/rcode.c
d56ed2
index 0b7fe8c..091b3c7 100644
d56ed2
--- a/lib/dns/rcode.c
d56ed2
+++ b/lib/dns/rcode.c
d56ed2
@@ -216,7 +216,9 @@ maybe_numeric(unsigned int *valuep, isc_textregion_t *source,
d56ed2
 	 * isc_parse_uint32().  isc_parse_uint32() requires
d56ed2
 	 * null termination, so we must make a copy.
d56ed2
 	 */
d56ed2
-	strncpy(buffer, source->base, NUMBERSIZE);
d56ed2
+	strncpy(buffer, source->base, sizeof(buffer));
d56ed2
+	buffer[sizeof(buffer) - 1] = '\0';
d56ed2
+
d56ed2
 	INSIST(buffer[source->length] == '\0');
d56ed2
 
d56ed2
 	result = isc_parse_uint32(&n, buffer, 10);
d56ed2
diff --git a/lib/isc/netaddr.c b/lib/isc/netaddr.c
d56ed2
index 5cce1bc..6706542 100644
d56ed2
--- a/lib/isc/netaddr.c
d56ed2
+++ b/lib/isc/netaddr.c
d56ed2
@@ -235,6 +235,7 @@ isc_netaddr_prefixok(const isc_netaddr_t *na, unsigned int prefixlen) {
d56ed2
 	nbytes = prefixlen / 8;
d56ed2
 	nbits = prefixlen % 8;
d56ed2
 	if (nbits != 0) {
d56ed2
+		INSIST(nbytes < ipbytes);
d56ed2
 		if ((p[nbytes] & (0xff>>nbits)) != 0U)
d56ed2
 			return (ISC_R_FAILURE);
d56ed2
 		nbytes++;
d56ed2
diff --git a/lib/isc/pk11.c b/lib/isc/pk11.c
d56ed2
index 015bff2..de4479b 100644
d56ed2
--- a/lib/isc/pk11.c
d56ed2
+++ b/lib/isc/pk11.c
d56ed2
@@ -130,7 +130,10 @@
d56ed2
 #include <pkcs11/cryptoki.h>
d56ed2
 #include <pkcs11/pkcs11.h>
d56ed2
 
d56ed2
-#define PINLEN	32
d56ed2
+/* was 32 octets, Petr Spacek suggested 1024, SoftHSMv2 uses 256... */
d56ed2
+#ifndef PINLEN
d56ed2
+#define PINLEN	256
d56ed2
+#endif
d56ed2
 
d56ed2
 #ifndef PK11_NO_LOGERR
d56ed2
 #define PK11_NO_LOGERR 1
d56ed2
@@ -163,7 +166,7 @@ struct pk11_token {
d56ed2
 	char			manuf[32];
d56ed2
 	char			model[16];
d56ed2
 	char			serial[16];
d56ed2
-	char			pin[PINLEN];
d56ed2
+	char			pin[PINLEN + 1];
d56ed2
 };
d56ed2
 static ISC_LIST(pk11_token_t) tokens;
d56ed2
 
d56ed2
@@ -498,7 +501,9 @@ pk11_get_session(pk11_context_t *ctx, pk11_optype_t optype,
d56ed2
 
d56ed2
 	/* Override the token's PIN */
d56ed2
 	if (logon && pin != NULL && *pin != '\0') {
d56ed2
-		memset(token->pin, 0, PINLEN);
d56ed2
+		if (strlen(pin) > PINLEN)
d56ed2
+			return ISC_R_RANGE;
d56ed2
+		memset(token->pin, 0, PINLEN + 1);
d56ed2
 		strncpy(token->pin, pin, PINLEN);
d56ed2
 	}
d56ed2
 
d56ed2
@@ -1099,7 +1104,7 @@ pk11_parse_uri(pk11_object_t *obj, const char *label,
d56ed2
 	char *uri, *p, *a, *na, *v;
d56ed2
 	size_t len, l;
d56ed2
 	FILE *stream = NULL;
d56ed2
-	char pin[PINLEN];
d56ed2
+	char pin[PINLEN + 1];
d56ed2
 	isc_boolean_t gotpin = ISC_FALSE;
d56ed2
 	isc_result_t ret;
d56ed2
 
d56ed2
@@ -1207,10 +1212,12 @@ pk11_parse_uri(pk11_object_t *obj, const char *label,
d56ed2
 			ret = isc_stdio_open(v, "r", &stream);
d56ed2
 			if (ret != ISC_R_SUCCESS)
d56ed2
 				goto err;
d56ed2
-			memset(pin, 0, PINLEN);
d56ed2
-			ret = isc_stdio_read(pin, 1, PINLEN - 1, stream, NULL);
d56ed2
+			memset(pin, 0, PINLEN + 1);
d56ed2
+			ret = isc_stdio_read(pin, 1, PINLEN + 1, stream, &l);
d56ed2
 			if ((ret != ISC_R_SUCCESS) && (ret != ISC_R_EOF))
d56ed2
 				goto err;
d56ed2
+			if (l > PINLEN)
d56ed2
+				DST_RET(ISC_R_RANGE);
d56ed2
 			ret = isc_stdio_close(stream);
d56ed2
 			stream = NULL;
d56ed2
 			if (ret != ISC_R_SUCCESS)
d56ed2
@@ -1238,7 +1245,7 @@ pk11_parse_uri(pk11_object_t *obj, const char *label,
d56ed2
 		DST_RET(ISC_R_NOTFOUND);
d56ed2
 	obj->slot = token->slotid;
d56ed2
 	if (gotpin) {
d56ed2
-		memmove(token->pin, pin, PINLEN);
d56ed2
+		memmove(token->pin, pin, PINLEN + 1);
d56ed2
 		obj->reqlogon = ISC_TRUE;
d56ed2
 	}
d56ed2
 
d56ed2
-- 
d56ed2
2.1.0
d56ed2