diff --git a/CHANGES b/CHANGES index 5535b4981542b4566dde18ddab3447d39f558f4c..4e1a19307889a7c227080ba351b5352ae9798919 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +2319. [bug] Silence Coverity warnings in + lib/dns/rdata/in_1/apl_42.c. [RT #174] + 2318. [port] ISC_PLATFORM_NEEDTIMESPEC missing from lib/bind/config.h.in. [RT #17514] diff --git a/lib/dns/rdata/in_1/apl_42.c b/lib/dns/rdata/in_1/apl_42.c index d09e9b0abfc31f319a1fd2e3786921cc250f38e4..f6cfe1ccabc1962132a3b5ee120567dced692ef5 100644 --- a/lib/dns/rdata/in_1/apl_42.c +++ b/lib/dns/rdata/in_1/apl_42.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: apl_42.c,v 1.12 2007/06/19 23:47:17 tbox Exp $ */ +/* $Id: apl_42.c,v 1.13 2008/01/22 23:17:31 marka Exp $ */ /* RFC3123 */ @@ -306,37 +306,88 @@ freestruct_in_apl(ARGS_FREESTRUCT) { isc_result_t dns_rdata_apl_first(dns_rdata_in_apl_t *apl) { + isc_uint32_t length; + + REQUIRE(apl != NULL); REQUIRE(apl->common.rdtype == 42); REQUIRE(apl->common.rdclass == 1); REQUIRE(apl->apl != NULL || apl->apl_len == 0); + /* + * If no APL return ISC_R_NOMORE. + */ + if (apl->apl == NULL) + return (ISC_R_NOMORE); + + /* + * Sanity check data. + */ + INSIST(apl->apl_len > 3U); + length = apl->apl[apl->offset + 3] & 0x7f; + INSIST(length <= apl->apl_len); + apl->offset = 0; - return ((apl->apl_len != 0) ? ISC_R_SUCCESS : ISC_R_NOMORE); + return (ISC_R_SUCCESS); } isc_result_t dns_rdata_apl_next(dns_rdata_in_apl_t *apl) { + isc_uint32_t length; + + REQUIRE(apl != NULL); REQUIRE(apl->common.rdtype == 42); REQUIRE(apl->common.rdclass == 1); REQUIRE(apl->apl != NULL || apl->apl_len == 0); - if (apl->offset + 3 < apl->apl_len) + /* + * No APL or have already reached the end return ISC_R_NOMORE. + */ + if (apl->apl == NULL || apl->offset == apl->apl_len) return (ISC_R_NOMORE); + + /* + * Sanity check data. + */ + INSIST(apl->offset < apl->apl_len); + INSIST(apl->apl_len > 3U); + INSIST(apl->offset <= apl->apl_len - 4U); + length = apl->apl[apl->offset + 3] & 0x7f; + /* + * 16 to 32 bits promotion as 'length' is 32 bits so there is + * no overflow problems. + */ + INSIST(length + apl->offset <= apl->apl_len); + apl->offset += apl->apl[apl->offset + 3] & 0x7f; return ((apl->offset >= apl->apl_len) ? ISC_R_SUCCESS : ISC_R_NOMORE); } isc_result_t dns_rdata_apl_current(dns_rdata_in_apl_t *apl, dns_rdata_apl_ent_t *ent) { + isc_uint32_t length; + REQUIRE(apl != NULL); REQUIRE(apl->common.rdtype == 42); REQUIRE(apl->common.rdclass == 1); REQUIRE(ent != NULL); REQUIRE(apl->apl != NULL || apl->apl_len == 0); + REQUIRE(apl->offset <= apl->apl_len); - if (apl->offset >= apl->apl_len) + if (apl->offset == apl->apl_len) return (ISC_R_NOMORE); + /* + * Sanity check data. + */ + INSIST(apl->apl_len > 3U); + INSIST(apl->offset <= apl->apl_len - 4U); + length = apl->apl[apl->offset + 3] & 0x7f; + /* + * 16 to 32 bits promotion as 'length' is 32 bits so there is + * no overflow problems. + */ + INSIST(length + apl->offset <= apl->apl_len); + ent->family = (apl->apl[apl->offset] << 8) + apl->apl[apl->offset + 1]; ent->prefix = apl->apl[apl->offset + 2]; ent->length = apl->apl[apl->offset + 3] & 0x7f;