diff --git a/CHANGES b/CHANGES index c7907ab680..e7d71ce5f0 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ +3388. [bug] Fixed several Coverity warnings. [RT #30996] + 3387. [func] DS digest can be disabled at runtime with disable-ds-digests. [RT #21581] diff --git a/bin/check/check-tool.c b/bin/check/check-tool.c index 461fe37e1a..436fa683d1 100644 --- a/bin/check/check-tool.c +++ b/bin/check/check-tool.c @@ -196,6 +196,10 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner, a->type == dns_rdatatype_a); REQUIRE(aaaa == NULL || !dns_rdataset_isassociated(aaaa) || aaaa->type == dns_rdatatype_aaaa); + + if (a == NULL || aaaa == NULL) + return (answer); + memset(&hints, 0, sizeof(hints)); hints.ai_flags = AI_CANONNAME; hints.ai_family = PF_UNSPEC; @@ -258,8 +262,7 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner, } return (ISC_TRUE); } - if (a == NULL || aaaa == NULL) - return (answer); + /* * Check that all glue records really exist. */ diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index 994def7a80..7dc681ecdd 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -812,11 +812,11 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) { looknew = make_empty_lookup(); INSIST(looknew != NULL); - strncpy(looknew->textname, lookold->textname, MXNAME); + strlcpy(looknew->textname, lookold->textname, MXNAME); #if DIG_SIGCHASE_TD - strncpy(looknew->textnamesigchase, lookold->textnamesigchase, MXNAME); + strlcpy(looknew->textnamesigchase, lookold->textnamesigchase, MXNAME); #endif - strncpy(looknew->cmdline, lookold->cmdline, MXNAME); + strlcpy(looknew->cmdline, lookold->cmdline, MXNAME); looknew->textname[MXNAME-1] = 0; looknew->rdtype = lookold->rdtype; looknew->qrdtype = lookold->qrdtype; @@ -993,7 +993,7 @@ parse_hmac(const char *hmac) { len = strlen(hmac); if (len >= (int) sizeof(buf)) fatal("unknown key type '%.*s'", len, hmac); - strncpy(buf, hmac, sizeof(buf)); + strlcpy(buf, hmac, sizeof(buf)); digestbits = 0; @@ -1075,8 +1075,8 @@ read_confkey(void) { secretstr = cfg_obj_asstring(secretobj); algorithm = cfg_obj_asstring(algorithmobj); - strncpy(keynametext, keyname, sizeof(keynametext)); - strncpy(keysecret, secretstr, sizeof(keysecret)); + strlcpy(keynametext, keyname, sizeof(keynametext)); + strlcpy(keysecret, secretstr, sizeof(keysecret)); parse_hmac(algorithm); setup_text_key(); @@ -1159,7 +1159,7 @@ make_searchlist_entry(char *domain) { if (search == NULL) fatal("memory allocation failure in %s:%d", __FILE__, __LINE__); - strncpy(search->origin, domain, MXNAME); + strlcpy(search->origin, domain, MXNAME); search->origin[MXNAME-1] = 0; ISC_LINK_INIT(search, link); return (search); @@ -1637,7 +1637,7 @@ start_lookup(void) { = current_lookup->rdclassset; current_lookup->rdclass = dns_rdataclass_in; - strncpy(current_lookup->textnamesigchase, + strlcpy(current_lookup->textnamesigchase, current_lookup->textname, MXNAME); current_lookup->trace_root_sigchase = ISC_TRUE; @@ -1649,7 +1649,7 @@ start_lookup(void) { check_result(result, "dns_name_totext"); isc_buffer_usedregion(b, &r); r.base[r.length] = '\0'; - strncpy(current_lookup->textname, (char*)r.base, + strlcpy(current_lookup->textname, (char*)r.base, MXNAME); isc_buffer_free(&b); @@ -4079,7 +4079,7 @@ sigchase_scanname(dns_rdatatype_t type, dns_rdatatype_t covers, check_result(result, "dns_name_totext"); isc_buffer_usedregion(b, &r); r.base[r.length] = '\0'; - strcpy(lookup->textname, (char*)r.base); + strlcpy(lookup->textname, (char*)r.base, sizeof(lookup->textname)); isc_buffer_free(&b); if (type == dns_rdatatype_rrsig) @@ -4204,7 +4204,7 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) { return (ISC_R_NOMEMORY); memset(tempnamekey, 0, tempnamekeylen); - strncpy(tempnamekey, tempname, tempnamelen); + strlcpy(tempnamekey, tempname, tempnamelen); strcat(tempnamekey ,".key"); @@ -4338,7 +4338,7 @@ prepare_lookup(dns_name_t *name) lookup->new_search = ISC_TRUE; lookup->trace_root_sigchase = ISC_FALSE; - strncpy(lookup->textname, lookup->textnamesigchase, MXNAME); + strlcpy(lookup->textname, lookup->textnamesigchase, MXNAME); lookup->rdtype = lookup->rdtype_sigchase; lookup->rdtypeset = ISC_TRUE; @@ -4397,7 +4397,7 @@ prepare_lookup(dns_name_t *name) dns_rdata_totext(&aaaa, &ns.name, b); isc_buffer_usedregion(b, &r); r.base[r.length] = '\0'; - strncpy(namestr, (char*)r.base, + strlcpy(namestr, (char*)r.base, DNS_NAME_FORMATSIZE); isc_buffer_free(&b); dns_rdata_reset(&aaaa); @@ -4426,7 +4426,7 @@ prepare_lookup(dns_name_t *name) dns_rdata_totext(&a, &ns.name, b); isc_buffer_usedregion(b, &r); r.base[r.length] = '\0'; - strncpy(namestr, (char*)r.base, + strlcpy(namestr, (char*)r.base, DNS_NAME_FORMATSIZE); isc_buffer_free(&b); dns_rdata_reset(&a); @@ -4605,7 +4605,6 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset, { isc_result_t result; dns_rdata_t rdata = DNS_RDATA_INIT; - dst_key_t *trustedKey = NULL; dst_key_t *dnsseckey = NULL; int i; @@ -4649,10 +4648,6 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset, dst_key_free(&dnsseckey); } while (dns_rdataset_next(rdataset) == ISC_R_SUCCESS); - if (trustedKey != NULL) - dst_key_free(&trustedKey); - trustedKey = NULL; - return (ISC_R_NOTFOUND); } diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c index a23938502a..720e9a6ce2 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c @@ -2590,7 +2590,7 @@ set_nsec3params(isc_boolean_t update_chain, isc_boolean_t set_salt, dns_rdata_nsec3_t nsec3; dns_fixedname_t fname; dns_name_t *hashname; - unsigned char orig_salt[256]; + unsigned char orig_salt[255]; size_t orig_saltlen; dns_hash_t orig_hash; isc_uint16_t orig_iter; diff --git a/bin/named/query.c b/bin/named/query.c index d0b7e696da..6fa0a76fb8 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -5297,10 +5297,12 @@ dns64_ttl(dns_db_t *db, dns_dbversion_t *version) { isc_result_t result; isc_uint32_t ttl = ISC_UINT32_MAX; + dns_rdataset_init(&rdataset); + result = dns_db_getoriginnode(db, &node); if (result != ISC_R_SUCCESS) goto cleanup; - dns_rdataset_init(&rdataset); + result = dns_db_findrdataset(db, node, version, dns_rdatatype_soa, 0, 0, &rdataset, NULL); if (result != ISC_R_SUCCESS) diff --git a/bin/named/server.c b/bin/named/server.c index 5264042a4c..1d7984dec6 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -7871,8 +7871,7 @@ ns_server_del_zone(ns_server_t *server, char *args) { /* Parse parameters */ CHECK(zone_from_args(server, args, NULL, &zone, &zonename, ISC_TRUE)); - if (result != ISC_R_SUCCESS) - return (result); + if (zone == NULL) { result = ISC_R_UNEXPECTEDEND; goto cleanup; diff --git a/bin/named/unix/dlz_dlopen_driver.c b/bin/named/unix/dlz_dlopen_driver.c index 5bac27373f..a96495ebf2 100644 --- a/bin/named/unix/dlz_dlopen_driver.c +++ b/bin/named/unix/dlz_dlopen_driver.c @@ -228,7 +228,9 @@ dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[], return (ISC_R_FAILURE); } - isc_mem_create(0, 0, &mctx); + result = isc_mem_create(0, 0, &mctx); + if (result != ISC_R_SUCCESS) + return (result); cd = isc_mem_get(mctx, sizeof(*cd)); if (cd == NULL) { diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c index db1b7df5e1..4dc9c130ce 100644 --- a/bin/named/zoneconf.c +++ b/bin/named/zoneconf.c @@ -936,7 +936,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, INSIST(0); } - if (raw != NULL) { + if (raw != NULL && filename != NULL) { #define SIGNED ".signed" size_t signedlen = strlen(filename) + sizeof(SIGNED); char *signedname; diff --git a/contrib/dlz/drivers/dlz_filesystem_driver.c b/contrib/dlz/drivers/dlz_filesystem_driver.c index aa7f1835fa..534a7d3729 100644 --- a/contrib/dlz/drivers/dlz_filesystem_driver.c +++ b/contrib/dlz/drivers/dlz_filesystem_driver.c @@ -407,12 +407,20 @@ process_dir(isc_dir_t dir, void *passback, config_data_t *cd, */ while ((tmpPtr = strrchr(tmpString, cd->pathsep)) - != NULL) { + != NULL) + { + if ((strlen(host) + + strlen(tmpPtr + 1) + 2) + > ISC_DIR_NAMEMAX) + continue; strcat(host, tmpPtr + 1); strcat(host, "."); tmpPtr[0] = '\0'; } - strcat(host, tmpString); + if ((strlen(host) + + strlen(tmpString) + 1) + <= ISC_DIR_NAMEMAX) + strcat(host, tmpString); } foundHost = ISC_TRUE; diff --git a/contrib/dlz/drivers/dlz_ldap_driver.c b/contrib/dlz/drivers/dlz_ldap_driver.c index d84dbb4792..160895a190 100644 --- a/contrib/dlz/drivers/dlz_ldap_driver.c +++ b/contrib/dlz/drivers/dlz_ldap_driver.c @@ -439,18 +439,17 @@ ldap_process_results(LDAP *dbc, LDAPMessage *msg, char ** attrs, break; case 2: j++; - if (allnodes == isc_boolean_true) { + if (allnodes) host = isc_mem_strdup(ns_g_mctx, vals[0]); - } else { + else strcpy(data, vals[0]); - } break; case 3: j++; - if (allnodes == isc_boolean_true) { + if (allnodes) strcpy(data, vals[0]); - } else { + else { strcat(data, " "); strcat(data, vals[0]); } @@ -487,7 +486,7 @@ ldap_process_results(LDAP *dbc, LDAPMessage *msg, char ** attrs, goto cleanup; } - if (allnodes == isc_boolean_true) { + if (allnodes && host != NULL) { if (strcasecmp(host, "~") == 0) result = dns_sdlz_putnamedrr( (dns_sdlzallnodes_t *) ptr, diff --git a/contrib/dlz/drivers/dlz_mysql_driver.c b/contrib/dlz/drivers/dlz_mysql_driver.c index 08c2adbde3..00e472799a 100644 --- a/contrib/dlz/drivers/dlz_mysql_driver.c +++ b/contrib/dlz/drivers/dlz_mysql_driver.c @@ -963,7 +963,8 @@ mysql_create(const char *dlzname, unsigned int argc, char *argv[], full_cleanup: - destroy_sqldbinstance(dbi); + if (dbi != NULL) + destroy_sqldbinstance(dbi); cleanup: diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c index 05403d5f90..2841eb2023 100644 --- a/lib/dns/dispatch.c +++ b/lib/dns/dispatch.c @@ -2891,9 +2891,10 @@ dns_dispatch_getudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr, unsigned int attributes, unsigned int mask, dns_dispatch_t **dispp) { - return dns_dispatch_getudp_dup(mgr, sockmgr, taskmgr, localaddr, - buffersize, maxbuffers, maxrequests, buckets, increment, - attributes, mask, dispp, NULL); + return (dns_dispatch_getudp_dup(mgr, sockmgr, taskmgr, localaddr, + buffersize, maxbuffers, maxrequests, + buckets, increment, attributes, + mask, dispp, NULL)); } /* diff --git a/lib/dns/gen.c b/lib/dns/gen.c index a0b4df3759..91b27ce5b8 100644 --- a/lib/dns/gen.c +++ b/lib/dns/gen.c @@ -340,10 +340,10 @@ insert_into_typenames(int type, const char *typename, const char *attr) { typename); exit(1); } - strcpy(ttn->typename, typename); + strncpy(ttn->typename, typename, TYPECLASSLEN); ttn->type = type; - strcpy(ttn->macroname, ttn->typename); + strncpy(ttn->macroname, ttn->typename, TYPECLASSLEN); c = strlen(ttn->macroname); while (c > 0) { if (ttn->macroname[c - 1] == '-') @@ -352,7 +352,8 @@ insert_into_typenames(int type, const char *typename, const char *attr) { } if (attr == NULL) { - sprintf(tmp, "RRTYPE_%s_ATTRIBUTES", upper(ttn->macroname)); + snprintf(tmp, sizeof(tmp), + "RRTYPE_%s_ATTRIBUTES", upper(ttn->macroname)); attr = tmp; } @@ -367,7 +368,7 @@ insert_into_typenames(int type, const char *typename, const char *attr) { attr, typename); exit(1); } - strcpy(ttn->attr, attr); + strncpy(ttn->attr, attr, sizeof(ttn->attr)); ttn->sorted = 0; if (maxtype < type) maxtype = type; @@ -392,11 +393,11 @@ add(int rdclass, const char *classname, int type, const char *typename, newtt->next = NULL; newtt->rdclass = rdclass; newtt->type = type; - strcpy(newtt->classname, classname); - strcpy(newtt->typename, typename); + strncpy(newtt->classname, classname, TYPECLASSLEN); + strncpy(newtt->typename, typename, TYPECLASSLEN); if (strncmp(dirname, "./", 2) == 0) dirname += 2; - strcpy(newtt->dirname, dirname); + strncpy(newtt->dirname, dirname, 256); tt = types; oldtt = NULL; @@ -430,7 +431,7 @@ add(int rdclass, const char *classname, int type, const char *typename, newcc = (struct cc *)malloc(sizeof(*newcc)); newcc->rdclass = rdclass; - strcpy(newcc->classname, classname); + strncpy(newcc->classname, classname, TYPECLASSLEN); cc = classes; oldcc = NULL; @@ -462,14 +463,15 @@ sd(int rdclass, const char *classname, const char *dirname, char filetype) { if (!start_directory(dirname, &dir)) return; - sprintf(fmt,"%s%c", "%20[-0-9a-z]_%d.", filetype); + snprintf(fmt, sizeof(fmt), "%s%c", "%20[-0-9a-z]_%d.", filetype); while (next_file(&dir)) { if (sscanf(dir.filename, fmt, typename, &type) != 2) continue; if ((type > 65535) || (type < 0)) continue; - sprintf(buf, "%s_%d.%c", typename, type, filetype); + snprintf(buf, sizeof(buf), + "%s_%d.%c", typename, type, filetype); if (strcmp(buf, dir.filename) != 0) continue; add(rdclass, classname, type, typename, dirname); @@ -561,7 +563,8 @@ main(int argc, char **argv) { filetype = 'h'; break; case 's': - sprintf(srcdir, "%s/", isc_commandline_argument); + snprintf(srcdir, sizeof(srcdir), + "%s/", isc_commandline_argument); break; case 'F': file = isc_commandline_argument; @@ -576,7 +579,7 @@ main(int argc, char **argv) { exit(1); } - sprintf(buf, "%srdata", srcdir); + snprintf(buf, sizeof(buf), "%srdata", srcdir); if (!start_directory(buf, &dir)) exit(1); @@ -588,18 +591,19 @@ main(int argc, char **argv) { if ((rdclass > 65535) || (rdclass < 0)) continue; - sprintf(buf, "%srdata/%s_%d", srcdir, classname, rdclass); + snprintf(buf, sizeof(buf), + "%srdata/%s_%d", srcdir, classname, rdclass); if (strcmp(buf + 6 + strlen(srcdir), dir.filename) != 0) continue; sd(rdclass, classname, buf, filetype); } end_directory(&dir); - sprintf(buf, "%srdata/generic", srcdir); + snprintf(buf, sizeof(buf), "%srdata/generic", srcdir); sd(0, "", buf, filetype); if (time(&now) != -1) { if ((tm = localtime(&now)) != NULL && tm->tm_year > 104) - sprintf(year, "-%d", tm->tm_year + 1900); + snprintf(year, sizeof(year), "-%d", tm->tm_year + 1900); else year[0] = 0; } else @@ -862,7 +866,7 @@ main(int argc, char **argv) { } } for (tt = types; tt != NULL; tt = tt->next) { - sprintf(buf, "%s/%s_%d.h", + snprintf(buf, sizeof(buf), "%s/%s_%d.h", tt->dirname, tt->typename, tt->type); if ((fd = fopen(buf,"r")) != NULL) { while (fgets(buf, sizeof(buf), fd) != NULL) diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index 0659c6ca62..cd0667cfbe 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -2491,7 +2491,7 @@ findname(fetchctx_t *fctx, dns_name_t *name, in_port_t port, isc_result_t result; res = fctx->res; - unshared = ISC_TF((fctx->options | DNS_FETCHOPT_UNSHARED) != 0); + unshared = ISC_TF((fctx->options & DNS_FETCHOPT_UNSHARED) != 0); /* * If this name is a subdomain of the query domain, tell * the ADB to start looking using zone/hint data. This keeps us diff --git a/lib/dns/rpz.c b/lib/dns/rpz.c index 78658590ae..5ed2d2c00d 100644 --- a/lib/dns/rpz.c +++ b/lib/dns/rpz.c @@ -508,7 +508,7 @@ ip2name(dns_rpz_cidr_t *cidr, const dns_rpz_cidr_key_t *tgt_ip, while (i < DNS_RPZ_CIDR_WORDS * 2 && w[i] == 0) ++i; } - if (len > (int)sizeof(str)) + if (len >= (int)sizeof(str)) return (ISC_R_FAILURE); } } diff --git a/lib/dns/ssu_external.c b/lib/dns/ssu_external.c index 65ba1b53f6..43d231d63e 100644 --- a/lib/dns/ssu_external.c +++ b/lib/dns/ssu_external.c @@ -79,7 +79,7 @@ ux_socket_connect(const char *path) { memset(&addr, 0, sizeof(addr)); addr.sun_family = AF_UNIX; - strncpy(addr.sun_path, path, sizeof(addr.sun_path)); + strlcpy(addr.sun_path, path, sizeof(addr.sun_path)); fd = socket(AF_UNIX, SOCK_STREAM, 0); if (fd == -1) { diff --git a/lib/dns/validator.c b/lib/dns/validator.c index ebbda29517..e3c52d10e5 100644 --- a/lib/dns/validator.c +++ b/lib/dns/validator.c @@ -2970,16 +2970,17 @@ findnsec3proofs(dns_validator_t *val) { setclosest = setnearest = ISC_FALSE; optout = ISC_FALSE; unknown = ISC_FALSE; - (void)nsec3noexistnodata(val, val->event->name, name, rdataset, - zonename, &exists, &data, &optout, - &unknown, setclosestp, &setnearest, - closestp, nearest); - if (setclosest) - proofs[DNS_VALIDATOR_CLOSESTENCLOSER] = name; + result = nsec3noexistnodata(val, val->event->name, name, + rdataset, zonename, &exists, + &data, &optout, &unknown, + setclosestp, &setnearest, + closestp, nearest); if (unknown) val->attributes |= VALATTR_FOUNDUNKNOWN; if (result != ISC_R_SUCCESS) continue; + if (setclosest) + proofs[DNS_VALIDATOR_CLOSESTENCLOSER] = name; if (exists && !data && NEEDNODATA(val)) { val->attributes |= VALATTR_FOUNDNODATA; proofs[DNS_VALIDATOR_NODATAPROOF] = name; diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 1abe2b8734..02a89a0ba8 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -12418,7 +12418,6 @@ receive_secure_serial(isc_task_t *task, isc_event_t *event) { isc_uint32_t start, end; dns_zone_t *zone; dns_db_t *db = NULL; - dns_dbnode_t *node = NULL; dns_dbversion_t *newver = NULL, *oldver = NULL; dns_diff_t diff; dns_difftuple_t *tuple = NULL, *soatuple = NULL; @@ -12559,8 +12558,6 @@ receive_secure_serial(isc_task_t *task, isc_event_t *event) { dns_db_closeversion(db, &oldver, ISC_FALSE); if (newver != NULL) dns_db_closeversion(db, &newver, ISC_FALSE); - if (node != NULL) - dns_db_detachnode(db, &node); dns_db_detach(&db); } if (rjournal != NULL) diff --git a/lib/export/samples/sample-gai.c b/lib/export/samples/sample-gai.c index 6dc4014ed5..f6e7c51268 100644 --- a/lib/export/samples/sample-gai.c +++ b/lib/export/samples/sample-gai.c @@ -61,7 +61,7 @@ do_gai(int family, char *hostname) { } } - freeaddrinfo(res); + freeaddrinfo(res0); } int diff --git a/lib/export/samples/sample-update.c b/lib/export/samples/sample-update.c index e54d154424..b8e405b19a 100644 --- a/lib/export/samples/sample-update.c +++ b/lib/export/samples/sample-update.c @@ -372,7 +372,7 @@ parse_name(char **cmdlinep, dns_name_t *name) { isc_buffer_t source; word = nsu_strsep(cmdlinep, " \t\r\n"); - if (*word == 0) { + if (word == NULL || *word == 0) { fprintf(stderr, "could not read owner name\n"); exit(1); } diff --git a/lib/export/samples/sample.c b/lib/export/samples/sample.c index 7fc6a303ff..08c2963a2d 100644 --- a/lib/export/samples/sample.c +++ b/lib/export/samples/sample.c @@ -196,8 +196,8 @@ addserver(dns_client_t *client, const char *addrstr, const char *namespace) { } INSIST(res->ai_addrlen <= sizeof(sa.type)); memcpy(&sa.type, res->ai_addr, res->ai_addrlen); - freeaddrinfo(res); sa.length = res->ai_addrlen; + freeaddrinfo(res); ISC_LINK_INIT(&sa, link); ISC_LIST_INIT(servers); ISC_LIST_APPEND(servers, &sa, link); diff --git a/lib/irs/getaddrinfo.c b/lib/irs/getaddrinfo.c index 4b1f4a9221..682826af9f 100644 --- a/lib/irs/getaddrinfo.c +++ b/lib/irs/getaddrinfo.c @@ -136,6 +136,7 @@ #include #include #include +#include #include #include @@ -479,8 +480,10 @@ getaddrinfo(const char *hostname, const char *servname, err = (net_order[i])(hostname, flags, &ai_list, socktype, port); if (err != 0) { - if (ai_list != NULL) + if (ai_list != NULL) { freeaddrinfo(ai_list); + ai_list = NULL; + } break; } } @@ -1186,7 +1189,7 @@ get_local(const char *name, int socktype, struct addrinfo **res) { return (EAI_MEMORY); slocal = SLOCAL(ai->ai_addr); - strncpy(slocal->sun_path, name, sizeof(slocal->sun_path)); + strlcpy(slocal->sun_path, name, sizeof(slocal->sun_path)); ai->ai_socktype = socktype; /* diff --git a/lib/isc/unix/entropy.c b/lib/isc/unix/entropy.c index ab53faf675..5f5378f3e7 100644 --- a/lib/isc/unix/entropy.c +++ b/lib/isc/unix/entropy.c @@ -536,8 +536,7 @@ isc_entropy_createfilesource(isc_entropy_t *ent, const char *fname) { memset(&sname, 0, sizeof(sname)); sname.sun_family = AF_UNIX; - strncpy(sname.sun_path, fname, sizeof(sname.sun_path)); - sname.sun_path[sizeof(sname.sun_path)-1] = '0'; + strlcpy(sname.sun_path, fname, sizeof(sname.sun_path)); #ifdef ISC_PLATFORM_HAVESALEN #if !defined(SUN_LEN) #define SUN_LEN(su) \ diff --git a/lib/isc/unix/file.c b/lib/isc/unix/file.c index 9688dc28e4..e30f85134e 100644 --- a/lib/isc/unix/file.c +++ b/lib/isc/unix/file.c @@ -625,6 +625,9 @@ isc_file_splitpath(isc_mem_t *mctx, char *path, char **dirname, char **basename) { char *dir, *file, *slash; + if (path == NULL) + return (ISC_R_INVALIDFILE); + slash = strrchr(path, '/'); if (slash == path) { diff --git a/lib/isccc/cc.c b/lib/isccc/cc.c index 1ab9479855..e4998a2413 100644 --- a/lib/isccc/cc.c +++ b/lib/isccc/cc.c @@ -561,8 +561,10 @@ isccc_cc_createack(isccc_sexpr_t *message, isc_boolean_t ok, return (result); _ctrl = isccc_alist_lookup(ack, "_ctrl"); - if (_ctrl == NULL) - return (ISC_R_FAILURE); + if (_ctrl == NULL) { + result = ISC_R_FAILURE; + goto bad; + } if (isccc_cc_definestring(ack, "_ack", (ok) ? "1" : "0") == NULL) { result = ISC_R_NOMEMORY; goto bad; @@ -617,8 +619,7 @@ isccc_cc_createresponse(isccc_sexpr_t *message, isccc_time_t now, _ctrl = isccc_alist_lookup(message, "_ctrl"); _data = isccc_alist_lookup(message, "_data"); - if (_ctrl == NULL || - _data == NULL || + if (_ctrl == NULL || _data == NULL || isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS || isccc_cc_lookupstring(_data, "type", &type) != ISC_R_SUCCESS) return (ISC_R_FAILURE); @@ -637,21 +638,33 @@ isccc_cc_createresponse(isccc_sexpr_t *message, isccc_time_t now, &alist); if (result != ISC_R_SUCCESS) return (result); + _ctrl = isccc_alist_lookup(alist, "_ctrl"); - if (_ctrl == NULL) - return (ISC_R_FAILURE); + if (_ctrl == NULL) { + result = ISC_R_FAILURE; + goto bad; + } + _data = isccc_alist_lookup(alist, "_data"); - if (_data == NULL) - return (ISC_R_FAILURE); + if (_data == NULL) { + result = ISC_R_FAILURE; + goto bad; + } + if (isccc_cc_definestring(_ctrl, "_rpl", "1") == NULL || - isccc_cc_definestring(_data, "type", type) == NULL) { - isccc_sexpr_free(&alist); - return (ISC_R_NOMEMORY); + isccc_cc_definestring(_data, "type", type) == NULL) + { + result = ISC_R_NOMEMORY; + goto bad; } *alistp = alist; return (ISC_R_SUCCESS); + + bad: + isccc_sexpr_free(&alist); + return (result); } isccc_sexpr_t * diff --git a/lib/lwres/getipnode.c b/lib/lwres/getipnode.c index 3bd82177b1..967e7bf41d 100644 --- a/lib/lwres/getipnode.c +++ b/lib/lwres/getipnode.c @@ -950,7 +950,8 @@ copyandmerge(struct hostent *he1, struct hostent *he2, int af, int *error_num) * Copy aliases. */ npp = he->h_aliases; - cpp = (he1 != NULL) ? he1->h_aliases : he2->h_aliases; + cpp = (he1 != NULL) ? he1->h_aliases + : ((he2 != NULL) ? he2->h_aliases : NULL); while (*cpp != NULL) { len = strlen (*cpp) + 1; *npp = malloc(len);