Various coverity issues in contrib/ (CID 352903-352921)
When #3310 (closed) is resolved Coverity Scan will identify the following issues in contrib/
sources.
I run Coverity Scan in my private bind-mnowak
project over the 3310-build-contrib-in-ci
branch in advance, should anyone care of these inherently Low issues.
** CID 352921: (USE_AFTER_FREE)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 464 in build_query()
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 464 in build_query()
________________________________________________________________________________________________________
*** CID 352921: (USE_AFTER_FREE)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 464 in build_query()
458 }
459 }
460
461 fail:
462 va_end(ap1);
463
>>> CID 352921: (USE_AFTER_FREE)
>>> Using freed pointer "arglist.head".
464 while ((item = DLZ_LIST_HEAD(arglist)) != NULL) {
465 if (item->arg != NULL) {
466 free(item->arg);
467 }
468 free(item);
469 }
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 464 in build_query()
458 }
459 }
460
461 fail:
462 va_end(ap1);
463
>>> CID 352921: (USE_AFTER_FREE)
>>> Using freed pointer "arglist.head".
464 while ((item = DLZ_LIST_HEAD(arglist)) != NULL) {
465 if (item->arg != NULL) {
466 free(item->arg);
467 }
468 free(item);
469 }
** CID 352919: Integer handling issues (NO_EFFECT)
/contrib/dlz/modules/perl/dlz_perl_callback_clientinfo.c: 268 in boot_DLZ_Perl__clientinfo()
________________________________________________________________________________________________________
*** CID 352919: Integer handling issues (NO_EFFECT)
/contrib/dlz/modules/perl/dlz_perl_callback_clientinfo.c: 268 in boot_DLZ_Perl__clientinfo()
262 XS_EXTERNAL(boot_DLZ_Perl__clientinfo); /* prototype to pass -Wmissing-prototypes */
263 XS_EXTERNAL(boot_DLZ_Perl__clientinfo)
264 {
265 #if PERL_VERSION_LE(5, 21, 5)
266 dVAR; dXSARGS;
267 #else
>>> CID 352919: Integer handling issues (NO_EFFECT)
>>> This less-than-zero comparison of an unsigned value is never true. "0UL > 255UL".
268 dVAR; dXSBOOTARGSXSAPIVERCHK;
269 #endif
270 #if (PERL_REVISION == 5 && PERL_VERSION < 9)
271 char* file = __FILE__;
272 #else
273 const char* file = __FILE__;
** CID 352918: (LOCK)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 1546 in dlz_closeversion()
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 1546 in dlz_closeversion()
________________________________________________________________________________________________________
*** CID 352918: (LOCK)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 1546 in dlz_closeversion()
1540 }
1541 }
1542
1543 /*
1544 * Unlock the mutex for this txn
1545 */
>>> CID 352918: (LOCK)
>>> "pthread_mutex_unlock" unlocks "txn->dbi->mutex" while it is unlocked.
1546 dlz_mutex_unlock(&txn->dbi->mutex);
1547
1548 /*
1549 * Free up other structures
1550 */
1551 free(txn->zone);
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 1499 in dlz_closeversion()
1493 mysql_free_result(res);
1494 }
1495
1496 /*
1497 * Commit the transaction to the database
1498 */
>>> CID 352918: (LOCK)
>>> "db_execute" unlocks "txn->dbi->mutex" while it is unlocked.
1499 result = db_execute(state, txn->dbi, "COMMIT");
1500 if (result != ISC_R_SUCCESS && state->log != NULL) {
1501 state->log(ISC_LOG_INFO,
1502 "%s: (%x) commit transaction on zone %s",
1503 modname, txn, zone);
1504 return;
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 1546 in dlz_closeversion()
1540 }
1541 }
1542
1543 /*
1544 * Unlock the mutex for this txn
1545 */
>>> CID 352918: (LOCK)
>>> "pthread_mutex_unlock" unlocks "txn->dbi->mutex" while it is unlocked.
1546 dlz_mutex_unlock(&txn->dbi->mutex);
1547
1548 /*
1549 * Free up other structures
1550 */
1551 free(txn->zone);
** CID 352917: API usage errors (LOCK)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 655 in db_query()
________________________________________________________________________________________________________
*** CID 352917: API usage errors (LOCK)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 655 in db_query()
649 state->log(ISC_LOG_INFO, "%s: query(%d) returned %d rows",
650 modname, dbi->id, mysql_num_rows(res));
651 }
652
653 fail:
654 if (dbi != NULL && localdbi) {
>>> CID 352917: API usage errors (LOCK)
>>> "pthread_mutex_unlock" unlocks "dbi->mutex" while it is unlocked.
655 dlz_mutex_unlock(&dbi->mutex);
656 }
657 return (res);
658 }
659
660 /*
** CID 352916: (STRING_OVERFLOW)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 901 in makerecord()
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 902 in makerecord()
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 900 in makerecord()
________________________________________________________________________________________________________
*** CID 352916: (STRING_OVERFLOW)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 901 in makerecord()
895 data = strtok_r(NULL, "\t", &saveptr);
896 if (data == NULL) {
897 goto error;
898 }
899
900 strcpy(new_record->name, name);
>>> CID 352916: (STRING_OVERFLOW)
>>> You might overrun the 10-character fixed-size string "new_record->type" by copying "type" without checking the length.
901 strcpy(new_record->type, type);
902 strcpy(new_record->data, data);
903 sprintf(new_record->ttl, "%d", ttlvalue);
904
905 free(buf);
906 return (new_record);
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 902 in makerecord()
896 if (data == NULL) {
897 goto error;
898 }
899
900 strcpy(new_record->name, name);
901 strcpy(new_record->type, type);
>>> CID 352916: (STRING_OVERFLOW)
>>> You might overrun the 200-character fixed-size string "new_record->data" by copying "data" without checking the length.
902 strcpy(new_record->data, data);
903 sprintf(new_record->ttl, "%d", ttlvalue);
904
905 free(buf);
906 return (new_record);
907
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 900 in makerecord()
894
895 data = strtok_r(NULL, "\t", &saveptr);
896 if (data == NULL) {
897 goto error;
898 }
899
>>> CID 352916: (STRING_OVERFLOW)
>>> You might overrun the 100-character fixed-size string "new_record->name" by copying "name" without checking the length.
900 strcpy(new_record->name, name);
901 strcpy(new_record->type, type);
902 strcpy(new_record->data, data);
903 sprintf(new_record->ttl, "%d", ttlvalue);
904
905 free(buf);
** CID 352915: Security best practices violations (DC.WEAK_CRYPTO)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 686 in make_notify()
________________________________________________________________________________________________________
*** CID 352915: Security best practices violations (DC.WEAK_CRYPTO)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 686 in make_notify()
680 }
681
682 *packetlen = strlen(zone) + 18;
683 memset(packet, 0, *packetlen);
684
685 /* Random query ID */
>>> CID 352915: Security best practices violations (DC.WEAK_CRYPTO)
>>> "rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
686 i = rand();
687 packet[0] = htons(i) & 0xff;
688 packet[1] = htons(i) >> 8;
689
690 /* Flags (OpCode '4' in bits 14-11), Auth Answer set in bit 10 */
691 i = 0x2400;
** CID 352914: Null pointer dereferences (FORWARD_NULL)
/contrib/dlz/modules/sqlite3/dlz_sqlite3_dynamic.c: 414 in sqlite3_get_resultset()
________________________________________________________________________________________________________
*** CID 352914: Null pointer dereferences (FORWARD_NULL)
/contrib/dlz/modules/sqlite3/dlz_sqlite3_dynamic.c: 414 in sqlite3_get_resultset()
408
409 if (rsp != NULL) {
410 *rsp = rs;
411 }
412
413 cleanup:
>>> CID 352914: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "dbi".
414 if (dbi->zone != NULL) {
415 free(dbi->zone);
416 dbi->zone = NULL;
417 }
418 if (dbi->record != NULL) {
419 free(dbi->record);
** CID 352913: Integer handling issues (NO_EFFECT)
/contrib/dlz/modules/perl/dlz_perl_callback.c: 317 in boot_DLZ_Perl()
________________________________________________________________________________________________________
*** CID 352913: Integer handling issues (NO_EFFECT)
/contrib/dlz/modules/perl/dlz_perl_callback.c: 317 in boot_DLZ_Perl()
311 XS_EXTERNAL(boot_DLZ_Perl); /* prototype to pass -Wmissing-prototypes */
312 XS_EXTERNAL(boot_DLZ_Perl)
313 {
314 #if PERL_VERSION_LE(5, 21, 5)
315 dVAR; dXSARGS;
316 #else
>>> CID 352913: Integer handling issues (NO_EFFECT)
>>> This less-than-zero comparison of an unsigned value is never true. "0UL > 255UL".
317 dVAR; dXSBOOTARGSXSAPIVERCHK;
318 #endif
319 #if (PERL_REVISION == 5 && PERL_VERSION < 9)
320 char* file = __FILE__;
321 #else
322 const char* file = __FILE__;
** CID 352912: API usage errors (LOCK)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 480 in build_query()
________________________________________________________________________________________________________
*** CID 352912: API usage errors (LOCK)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 480 in build_query()
474 }
475 if (querystr != NULL) {
476 free(querystr);
477 }
478
479 if (dbi != NULL && localdbi) {
>>> CID 352912: API usage errors (LOCK)
>>> "pthread_mutex_unlock" unlocks "dbi->mutex" while it is unlocked.
480 dlz_mutex_unlock(&dbi->mutex);
481 }
482
483 return (query);
484 }
485
** CID 352911: Error handling issues (CHECKED_RETURN)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 739 in send_notify()
________________________________________________________________________________________________________
*** CID 352911: Error handling issues (CHECKED_RETURN)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 739 in send_notify()
733 addr->sin_port = htons(53);
734
735 if ((s = socket(PF_INET, SOCK_DGRAM, 0)) < 0) {
736 return;
737 }
738
>>> CID 352911: Error handling issues (CHECKED_RETURN)
>>> Calling "sendto(s, p, plen, 0, (struct sockaddr *)addr, 16U)" without checking return value. This library function may fail and return an error code.
739 sendto(s, p, plen, 0, (struct sockaddr *)addr, sizeof(*addr));
740 close(s);
741 return;
742 }
743
744 /*
** CID 352910: Memory - illegal accesses (UNINIT)
/contrib/dlz/modules/bdbhpt/dlz_bdbhpt_dynamic.c: 272 in dlz_allowzonexfr()
________________________________________________________________________________________________________
*** CID 352910: Memory - illegal accesses (UNINIT)
/contrib/dlz/modules/bdbhpt/dlz_bdbhpt_dynamic.c: 272 in dlz_allowzonexfr()
266 /* free any memory duplicate string in the key field */
267 if (key.data != NULL) {
268 free(key.data);
269 }
270
271 /* free any memory allocated to the data field. */
>>> CID 352910: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "data.data".
272 if (data.data != NULL) {
273 free(data.data);
274 }
275
276 return (result);
277 }
** CID 352909: (RESOURCE_LEAK)
/contrib/dlz/modules/bdbhpt/dlz_bdbhpt_dynamic.c: 727 in dlz_create()
/contrib/dlz/modules/bdbhpt/dlz_bdbhpt_dynamic.c: 687 in dlz_create()
________________________________________________________________________________________________________
*** CID 352909: (RESOURCE_LEAK)
/contrib/dlz/modules/bdbhpt/dlz_bdbhpt_dynamic.c: 727 in dlz_create()
721 default:
722 db->log(ISC_LOG_ERROR,
723 "bdbhpt_dynamic: "
724 "operating mode must be set to P or C or T. "
725 "You specified '%s'",
726 argv[1]);
>>> CID 352909: (RESOURCE_LEAK)
>>> Variable "db" going out of scope leaks the storage it points to.
727 return (ISC_R_FAILURE);
728 }
729
730 /*
731 * create bdbhpt environment
732 * Basically bdbhpt allocates and assigns memory to db->dbenv
/contrib/dlz/modules/bdbhpt/dlz_bdbhpt_dynamic.c: 687 in dlz_create()
681 /* verify we have 4 arg's passed to the driver */
682 if (argc != 4) {
683 db->log(ISC_LOG_ERROR,
684 "bdbhpt_dynamic: please supply 3 command line args. "
685 "You supplied: %s",
686 argc);
>>> CID 352909: (RESOURCE_LEAK)
>>> Variable "db" going out of scope leaks the storage it points to.
687 return (ISC_R_FAILURE);
688 }
689
690 switch ((char)*argv[1]) {
691 /*
692 * Transactional mode. Highest safety - lowest speed.
** CID 352908: API usage errors (LOCK)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 1043 in dlz_create()
________________________________________________________________________________________________________
*** CID 352908: API usage errors (LOCK)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 1043 in dlz_create()
1037 }
1038
1039 free(state->db_name);
1040 free(state->db_host);
1041 free(state->db_user);
1042 free(state->db_pass);
>>> CID 352908: API usage errors (LOCK)
>>> "pthread_mutex_destroy" destroys "state->tx_mutex" while it is locked.
1043 dlz_mutex_destroy(&state->tx_mutex);
1044 free(state);
1045 return (ISC_R_FAILURE);
1046 }
1047
1048 /*
** CID 352907: Error handling issues (CHECKED_RETURN)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 1023 in dlz_create()
________________________________________________________________________________________________________
*** CID 352907: Error handling issues (CHECKED_RETURN)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 1023 in dlz_create()
1017 /*
1018 * Populate DB instances
1019 */
1020 if (mysql_thread_safe()) {
1021 for (n = 0; n < MAX_DBI; n++) {
1022 dlz_mutex_init(&state->db[n].mutex, NULL);
>>> CID 352907: Error handling issues (CHECKED_RETURN)
>>> Calling "pthread_mutex_lock" without checking return value (as is done elsewhere 24 out of 29 times).
1023 dlz_mutex_lock(&state->db[n].mutex);
1024 state->db[n].id = n;
1025 state->db[n].connected = 0;
1026 state->db[n].sock = mysql_init(NULL);
1027 mysql_options(state->db[n].sock,
1028 MYSQL_READ_DEFAULT_GROUP, modname);
** CID 352906: Memory - illegal accesses (UNINIT)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 464 in build_query()
________________________________________________________________________________________________________
*** CID 352906: Memory - illegal accesses (UNINIT)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 464 in build_query()
458 }
459 }
460
461 fail:
462 va_end(ap1);
463
>>> CID 352906: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "arglist.head".
464 while ((item = DLZ_LIST_HEAD(arglist))) {
465 item = DLZ_LIST_NEXT(item, link);
466 if (item->arg != NULL) {
467 free(item->arg);
468 }
469 free(item);
** CID 352905: Incorrect expression (COPY_PASTE_ERROR)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 1419 in dlz_newversion()
________________________________________________________________________________________________________
*** CID 352905: Incorrect expression (COPY_PASTE_ERROR)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 1419 in dlz_newversion()
1413 } else {
1414 dlz_mutex_unlock(&state->tx_mutex);
1415 if (newtx != NULL) {
1416 if (newtx->zone != NULL) {
1417 free(newtx->zone);
1418 }
>>> CID 352905: Incorrect expression (COPY_PASTE_ERROR)
>>> "zone" in "newtx->zone" looks like a copy-paste error.
1419 if (newtx->zone != NULL) {
1420 free(newtx->zone_id);
1421 }
1422 free(newtx);
1423 }
1424 }
** CID 352904: Error handling issues (CHECKED_RETURN)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 567 in validate_txn()
________________________________________________________________________________________________________
*** CID 352904: Error handling issues (CHECKED_RETURN)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 567 in validate_txn()
561
562 static isc_result_t
563 validate_txn(mysql_data_t *state, mysql_transaction_t *txn) {
564 isc_result_t result = ISC_R_FAILURE;
565 mysql_transaction_t *txp;
566
>>> CID 352904: Error handling issues (CHECKED_RETURN)
>>> Calling "pthread_mutex_lock" without checking return value (as is done elsewhere 24 out of 29 times).
567 dlz_mutex_lock(&state->tx_mutex);
568 for (txp = state->transactions; txp != NULL; txp = txp->next) {
569 if (txn == txp) {
570 result = ISC_R_SUCCESS;
571 break;
572 }
** CID 352903: Error handling issues (CHECKED_RETURN)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 1445 in dlz_closeversion()
________________________________________________________________________________________________________
*** CID 352903: Error handling issues (CHECKED_RETURN)
/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c: 1445 in dlz_closeversion()
1439 MYSQL_RES *res;
1440 MYSQL_ROW row;
1441
1442 /*
1443 * Find the transaction
1444 */
>>> CID 352903: Error handling issues (CHECKED_RETURN)
>>> Calling "pthread_mutex_lock" without checking return value (as is done elsewhere 24 out of 29 times).
1445 dlz_mutex_lock(&state->tx_mutex);
1446 if (state->transactions == txn) {
1447 /* Tx is first in list; remove it. */
1448 state->transactions = txn->next;
1449 } else {
1450 txp = state->transactions;