BIND issueshttps://gitlab.isc.org/isc-projects/bind9/-/issues2020-07-08T03:45:35Zhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2011Off-by-one error in dns_rdatatype_attributes?2020-07-08T03:45:35ZMichael McNallyOff-by-one error in dns_rdatatype_attributes?On [Support #16775](https://support.isc.org/Ticket/Display.html?id=16775), Jinmei writes to let us know:
> I happened to notice one very minor "off-by-one" glitch in lib/dns/rdata.c:dns_rdatatype_attributes, which would be fixed by the ...On [Support #16775](https://support.isc.org/Ticket/Display.html?id=16775), Jinmei writes to let us know:
> I happened to notice one very minor "off-by-one" glitch in lib/dns/rdata.c:dns_rdatatype_attributes, which would be fixed by the following patch. That is, I believe including 255 is more logical according to the meta type range specified by IANA: https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4
>
> This doesn't affect the behavior anyway (hence "very minor"), since RDATATYPE_ATTRIBUTE_SW covers the case of type == 255. But the "fixed" code would be less confusing for code readers.
>
> (BTW: If 255 was intentionally excluded because the type is not "UNKNOWN", I'd say 249-254 should also be excluded).
```
diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c
index c8453aae5c..7a281c2ef7 100644
--- a/lib/dns/rdata.c
+++ b/lib/dns/rdata.c
@@ -1286,7 +1286,7 @@ dns_rdata_checknames(dns_rdata_t *rdata, const dns_name_t *owner,
unsigned int
dns_rdatatype_attributes(dns_rdatatype_t type) {
RDATATYPE_ATTRIBUTE_SW
- if (type >= (dns_rdatatype_t)128 && type < (dns_rdatatype_t)255) {
+ if (type >= (dns_rdatatype_t)128 && type <= (dns_rdatatype_t)255) {
return (DNS_RDATATYPEATTR_UNKNOWN | DNS_RDATATYPEATTR_META);
}
return (DNS_RDATATYPEATTR_UNKNOWN);
```
Has he discovered an error on our part or was this done intentionally (in which case, can we explain why?)August 2020 (9.11.22, 9.11.22-S1, 9.16.6, 9.17.4)https://gitlab.isc.org/isc-projects/bind9/-/issues/2006Coverity reports CHECKED_RETURN defects in keymgr2020-07-15T06:27:32ZMatthijs Mekkingmatthijs@isc.orgCoverity reports CHECKED_RETURN defects in keymgr```
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 304937: (CHECKED_RETURN)
/lib/dns/keymgr.c: 2004 in dns_keymgr_status()
/lib/dns/keymgr.c: 2005 in dns_keymgr_status()
__________________________________...```
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 304937: (CHECKED_RETURN)
/lib/dns/keymgr.c: 2004 in dns_keymgr_status()
/lib/dns/keymgr.c: 2005 in dns_keymgr_status()
________________________________________________________________________________________________________
*** CID 304937: (CHECKED_RETURN)
/lib/dns/keymgr.c: 2004 in dns_keymgr_status()
1998
1999 if (dst_key_is_unused(dkey->key)) {
2000 continue;
2001 }
2002
2003 // key data
>>> CID 304937: (CHECKED_RETURN)
>>> Calling "dst_key_getbool" without checking return value (as is done elsewhere 25 out of 29 times).
2004 dst_key_getbool(dkey->key, DST_BOOL_KSK, &ksk);
2005 dst_key_getbool(dkey->key, DST_BOOL_ZSK, &zsk);
2006 dns_secalg_format((dns_secalg_t)dst_key_alg(dkey->key), algstr,
2007 sizeof(algstr));
2008 isc_buffer_printf(&buf, "\nkey: %d (%s), %s\n",
2009 dst_key_id(dkey->key), algstr,
/lib/dns/keymgr.c: 2005 in dns_keymgr_status()
1999 if (dst_key_is_unused(dkey->key)) {
2000 continue;
2001 }
2002
2003 // key data
2004 dst_key_getbool(dkey->key, DST_BOOL_KSK, &ksk);
>>> CID 304937: (CHECKED_RETURN)
>>> Calling "dst_key_getbool" without checking return value (as is done elsewhere 25 out of 29 times).
2005 dst_key_getbool(dkey->key, DST_BOOL_ZSK, &zsk);
2006 dns_secalg_format((dns_secalg_t)dst_key_alg(dkey->key), algstr,
2007 sizeof(algstr));
2008 isc_buffer_printf(&buf, "\nkey: %d (%s), %s\n",
2009 dst_key_id(dkey->key), algstr,
2010 keymgr_keyrole(dkey->key));
```August 2020 (9.11.22, 9.11.22-S1, 9.16.6, 9.17.4)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/issues/1456always check return from isc_refcount_decrement2020-08-04T09:45:08ZMark Andrewsalways check return from isc_refcount_decrementCoverity, correctly, complains that isc_refcount_decrement return is not always checked.
Additionally isc_refcount_decrement shouldn't be calling inside INSIST, INSIST should not
have side effects as it can be compiled out.Coverity, correctly, complains that isc_refcount_decrement return is not always checked.
Additionally isc_refcount_decrement shouldn't be calling inside INSIST, INSIST should not
have side effects as it can be compiled out.August 2020 (9.11.22, 9.11.22-S1, 9.16.6, 9.17.4)Mark AndrewsMark Andrews