diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ba73dbe835c95a7289a871a50ee0fb65ca6131b6..89cd470ac6bbc0e03bd63310f79c6d042db3f4f4 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -16,6 +16,8 @@ variables: TEST_PARALLEL_JOBS: 6 MAKE: make + CONFIGURE: ./configure + SCAN_BUILD: scan-build-9 stages: - precheck @@ -88,7 +90,7 @@ stages: .debian-buster-amd64: &debian_buster_amd64_image image: "$CI_REGISTRY_IMAGE:debian-buster-amd64" - <<: *linux_i386 + <<: *linux_amd64 .debian-sid-amd64: &debian_sid_amd64_image image: "$CI_REGISTRY_IMAGE:debian-sid-amd64" @@ -158,7 +160,7 @@ stages: expire_in: "1 week" .configure: &configure | - ./configure \ + ${CONFIGURE} \ --disable-maintainer-mode \ --enable-developer \ --with-libtool \ @@ -507,6 +509,38 @@ unit:gcc:buster:amd64: - gcc:buster:amd64 needs: ["gcc:buster:amd64"] +# Jobs for scan-build builds on Debian Buster (amd64) + +.scan_build: &scan_build | + ${SCAN_BUILD} --html-title="BIND 9 ($CI_COMMIT_SHORT_SHA)" \ + --keep-cc \ + --status-bugs \ + --keep-going \ + -o scan-build.reports \ + make -j${BUILD_PARALLEL_JOBS:-1} all V=1 + +scan-build:buster:amd64: + <<: *default_triggering_rules + <<: *debian_buster_amd64_image + stage: postcheck + variables: + CC: clang-9 + CFLAGS: "-Wall -Wextra -O2 -g" + CONFIGURE: "${SCAN_BUILD} ./configure" + EXTRA_CONFIGURE: "--enable-dnstap --with-libidn2" + script: + - *configure + - *scan_build + dependencies: + - autoreconf:sid:amd64 + needs: + - autoreconf:sid:amd64 + artifacts: + paths: + - scan-build.reports/ + expire_in: "1 week" + when: on_failure + # Jobs for regular GCC builds on Debian Sid (amd64) gcc:sid:amd64: diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c index 8f3e74cb2c8a27ab709733491e5250696a23b9b2..47b7c257c07ed2d969c94ebb1dc74ba7dd3bb443 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c @@ -787,7 +787,10 @@ hashlist_comp(const void *a, const void *b) { static void hashlist_sort(hashlist_t *l) { - qsort(l->hashbuf, l->entries, l->length, hashlist_comp); + INSIST(l->hashbuf != NULL || l->length == 0); + if (l->length > 0) { + qsort(l->hashbuf, l->entries, l->length, hashlist_comp); + } } static bool diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h index 8c73379834f3325b17172f7108254f021ad1ae67..eac0fe18be39e03a28e307046cb091f3f5f0b852 100644 --- a/bin/named/include/named/globals.h +++ b/bin/named/include/named/globals.h @@ -135,14 +135,6 @@ EXTERN const char * named_g_defaultpidfile INIT(NAMED_LOCALSTATEDIR "/run/named.pid"); #endif -#ifdef HAVE_DNSTAP -EXTERN const char * named_g_defaultdnstap - INIT(NAMED_LOCALSTATEDIR "/run/named/" - "dnstap.sock"); -#else -EXTERN const char * named_g_defaultdnstap INIT(NULL); -#endif /* HAVE_DNSTAP */ - EXTERN const char * named_g_username INIT(NULL); EXTERN const char * named_g_engine INIT(NULL); diff --git a/bin/named/server.c b/bin/named/server.c index 2cd6b10d88fabfab79734eec1ced745e5abe5905..0cbd462b1de49e3b089fb5a6e2f667ada3dd10a0 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -3473,7 +3473,7 @@ configure_dnstap(const cfg_obj_t **maps, dns_view_t *view) { isc_result_t result; const cfg_obj_t *obj, *obj2; const cfg_listelt_t *element; - const char *dpath = named_g_defaultdnstap; + const char *dpath; const cfg_obj_t *dlist = NULL; dns_dtmsgtype_t dttypes = 0; unsigned int i; @@ -8098,6 +8098,7 @@ load_configuration(const char *filename, named_server_t *server, INSIST(result == ISC_R_SUCCESS); CHECKM(setstring(server, &server->bindkeysfile, cfg_obj_asstring(obj)), "strdup"); + INSIST(server->bindkeysfile != NULL); if (access(server->bindkeysfile, R_OK) == 0) { isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, diff --git a/bin/named/win32/os.c b/bin/named/win32/os.c index 2bed9223104c115b218d38c4489e02b476578dd3..2365a6cc0aeaecace866b2347a6b8801d1d050cc 100644 --- a/bin/named/win32/os.c +++ b/bin/named/win32/os.c @@ -59,7 +59,6 @@ named_paths_init(void) { named_g_keyfile = isc_ntpaths_get(RNDC_KEY_PATH); named_g_defaultsessionkeyfile = isc_ntpaths_get(SESSION_KEY_PATH); named_g_defaultbindkeys = isc_ntpaths_get(BIND_KEYS_PATH); - named_g_defaultdnstap = NULL; Initialized = TRUE; } diff --git a/bin/tests/optional/zone_test.c b/bin/tests/optional/zone_test.c index 9a266e979e75118b7f5847864b5950207f6b4a7e..914a4341f2dfe37bb9daccb8e3f856d622d2e893 100644 --- a/bin/tests/optional/zone_test.c +++ b/bin/tests/optional/zone_test.c @@ -146,12 +146,11 @@ query(void) { dns_fixedname_t name; dns_fixedname_t found; dns_db_t *db; - char *s; isc_buffer_t buffer; isc_result_t result; dns_rdataset_t rdataset; dns_rdataset_t sigset; - fd_set rfdset; + fd_set rfdset = { { 0 } }; db = NULL; result = dns_zone_getdb(zone, &db); @@ -166,7 +165,7 @@ query(void) { dns_rdataset_init(&sigset); do { - + char *s; fprintf(stdout, "zone_test "); fflush(stdout); FD_ZERO(&rfdset); diff --git a/bin/tests/system/dlzexternal/driver.c b/bin/tests/system/dlzexternal/driver.c index 310220b1b703c11d5223fb5af1d84eb57e9a2c43..b969b9e053c74bb38dddddebb95c69d35d54030d 100644 --- a/bin/tests/system/dlzexternal/driver.c +++ b/bin/tests/system/dlzexternal/driver.c @@ -99,6 +99,7 @@ add_name(struct dlz_example_data *state, struct record *list, int first_empty = -1; for (i = 0; i < MAX_RECORDS; i++) { + INSIST(list[i].name != NULL); if (first_empty == -1 && strlen(list[i].name) == 0U) { first_empty = i; } diff --git a/lib/dns/client.c b/lib/dns/client.c index 4cff788e2d6f57023478a24b199b025edc41a942..48ed6aa88c90490f18b952b9625c56fa8ac79590 100644 --- a/lib/dns/client.c +++ b/lib/dns/client.c @@ -885,21 +885,12 @@ client_resfind(resctx_t *rctx, dns_fetchevent_t *event) { * Otherwise, get some resource for copying the * result. */ + dns_name_t *aname = dns_fixedname_name(&rctx->name); + ansname = isc_mem_get(mctx, sizeof(*ansname)); - if (ansname == NULL) - tresult = ISC_R_NOMEMORY; - else { - dns_name_t *aname; - - aname = dns_fixedname_name(&rctx->name); - dns_name_init(ansname, NULL); - tresult = dns_name_dup(aname, mctx, ansname); - if (tresult != ISC_R_SUCCESS) - isc_mem_put(mctx, ansname, - sizeof(*ansname)); - } - if (tresult != ISC_R_SUCCESS) - result = tresult; + dns_name_init(ansname, NULL); + + (void)dns_name_dup(aname, mctx, ansname); } switch (result) { diff --git a/lib/dns/tests/dnstap_test.c b/lib/dns/tests/dnstap_test.c index da71a6c546739280e06fca99e084f225482c2233..963f290e71ff9f06f3a6419fb551f1d0e07882e9 100644 --- a/lib/dns/tests/dnstap_test.c +++ b/lib/dns/tests/dnstap_test.c @@ -167,6 +167,7 @@ send_test(void **state) { cleanup(); result = dns_test_makeview("test", &view); + assert_int_equal(result, ISC_R_SUCCESS); fopt = fstrm_iothr_options_init(); assert_non_null(fopt); @@ -191,6 +192,7 @@ send_test(void **state) { memset(&zr, 0, sizeof(zr)); isc_buffer_init(&zb, zone, sizeof(zone)); result = dns_compress_init(&cctx, -1, dt_mctx); + assert_int_equal(result, ISC_R_SUCCESS); dns_compress_setmethods(&cctx, DNS_COMPRESS_NONE); result = dns_name_towire(zname, &cctx, &zb); assert_int_equal(result, ISC_R_SUCCESS); diff --git a/lib/dns/zoneverify.c b/lib/dns/zoneverify.c index 267f0bf50ce6a5da4a0ebd6cb68a7a7bbef70bb8..a1d43d9496eac0bab0598eee94b5957b5782f116 100644 --- a/lib/dns/zoneverify.c +++ b/lib/dns/zoneverify.c @@ -1499,7 +1499,7 @@ check_apex_rrsets(vctx_t *vctx) { * The variables to update are chosen based on 'is_ksk', which is true when * 'dnskey' is a KSK and false otherwise. */ -static isc_result_t +static void check_dnskey_sigs(vctx_t *vctx, const dns_rdata_dnskey_t *dnskey, dns_rdata_t *rdata, bool is_ksk) { @@ -1513,25 +1513,26 @@ check_dnskey_sigs(vctx_t *vctx, const dns_rdata_dnskey_t *dnskey, standby_keys = (is_ksk ? vctx->standby_ksk : vctx->standby_zsk); goodkey = (is_ksk ? &vctx->goodksk : &vctx->goodzsk); - if (dns_dnssec_selfsigns(rdata, vctx->origin, &vctx->keyset, + if (!dns_dnssec_selfsigns(rdata, vctx->origin, &vctx->keyset, &vctx->keysigs, false, vctx->mctx)) { - if (active_keys[dnskey->algorithm] != 255) { - active_keys[dnskey->algorithm]++; - } - } else if (!is_ksk && - dns_dnssec_signs(rdata, vctx->origin, &vctx->soaset, - &vctx->soasigs, false, vctx->mctx)) - { - if (active_keys[dnskey->algorithm] != 255) { - active_keys[dnskey->algorithm]++; - } - return (ISC_R_SUCCESS); - } else { - if (standby_keys[dnskey->algorithm] != 255) { - standby_keys[dnskey->algorithm]++; + if (!is_ksk && + dns_dnssec_signs(rdata, vctx->origin, &vctx->soaset, + &vctx->soasigs, false, vctx->mctx)) + { + if (active_keys[dnskey->algorithm] != 255) { + active_keys[dnskey->algorithm]++; + } + } else { + if (standby_keys[dnskey->algorithm] != 255) { + standby_keys[dnskey->algorithm]++; + } } - return (ISC_R_SUCCESS); + return; + } + + if (active_keys[dnskey->algorithm] != 255) { + active_keys[dnskey->algorithm]++; } /* @@ -1540,7 +1541,7 @@ check_dnskey_sigs(vctx_t *vctx, const dns_rdata_dnskey_t *dnskey, */ if (vctx->secroots == NULL) { *goodkey = true; - return (ISC_R_SUCCESS); + return; } /* @@ -1549,7 +1550,7 @@ check_dnskey_sigs(vctx_t *vctx, const dns_rdata_dnskey_t *dnskey, result = dns_dnssec_keyfromrdata(vctx->origin, rdata, vctx->mctx, &key); if (result != ISC_R_SUCCESS) { - return (result); + goto cleanup; } result = dns_keytable_findkeynode(vctx->secroots, vctx->origin, @@ -1560,10 +1561,6 @@ check_dnskey_sigs(vctx_t *vctx, const dns_rdata_dnskey_t *dnskey, * No such trust anchor. */ if (result != ISC_R_SUCCESS) { - if (result == DNS_R_PARTIALMATCH || result == ISC_R_NOTFOUND) { - result = ISC_R_SUCCESS; - } - goto cleanup; } @@ -1592,7 +1589,6 @@ check_dnskey_sigs(vctx_t *vctx, const dns_rdata_dnskey_t *dnskey, if (key != NULL) { dst_key_free(&key); } - return (ISC_R_SUCCESS); } /*%