CID 465566-465575: Passing tainted expression "*name.ndata" to "name_prefix"
Coverity Scan claims several TAINTED_SCALAR
CIDs on main
in lib/dns/rdata/
.
** CID 465575: (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 465575: (TAINTED_SCALAR)
/lib/dns/rdata/generic/afsdb_18.c: 88 in totext_afsdb()
82 dns_rdata_toregion(rdata, ®ion);
83 num = uint16_fromregion(®ion);
84 isc_region_consume(®ion, 2);
85 snprintf(buf, sizeof(buf), "%u ", num);
86 RETERR(str_totext(buf, target));
87 dns_name_fromregion(&name, ®ion);
>>> CID 465575: (TAINTED_SCALAR)
>>> Passing tainted expression "*name.ndata" to "name_prefix", which uses it as a loop boundary.
88 opts = name_prefix(&name, tctx->origin, &prefix) ? DNS_NAME_OMITFINALDOT
89 : 0;
90 return (dns_name_totext(&prefix, opts, target));
91 }
92
93 static isc_result_t
/lib/dns/rdata/generic/afsdb_18.c: 88 in totext_afsdb()
82 dns_rdata_toregion(rdata, ®ion);
83 num = uint16_fromregion(®ion);
84 isc_region_consume(®ion, 2);
85 snprintf(buf, sizeof(buf), "%u ", num);
86 RETERR(str_totext(buf, target));
87 dns_name_fromregion(&name, ®ion);
>>> CID 465575: (TAINTED_SCALAR)
>>> Passing tainted expression "*name.ndata" to "name_prefix", which uses it as a loop boundary.
88 opts = name_prefix(&name, tctx->origin, &prefix) ? DNS_NAME_OMITFINALDOT
89 : 0;
90 return (dns_name_totext(&prefix, opts, target));
91 }
92
93 static isc_result_t
** CID 465574: (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 465574: (TAINTED_SCALAR)
/lib/dns/rdata/in_1/svcb_64.c: 689 in generic_totext_in_svcb()
683
684 /*
685 * TargetName.
686 */
687 dns_name_fromregion(&name, ®ion);
688 isc_region_consume(®ion, name_length(&name));
>>> CID 465574: (TAINTED_SCALAR)
>>> Passing tainted expression "*name.ndata" to "name_prefix", which uses it as a loop boundary.
689 opts = name_prefix(&name, tctx->origin, &prefix) ? DNS_NAME_OMITFINALDOT
690 : 0;
691 RETERR(dns_name_totext(&prefix, opts, target));
692
693 while (region.length > 0) {
694 isc_region_t r;
/lib/dns/rdata/in_1/svcb_64.c: 689 in generic_totext_in_svcb()
683
684 /*
685 * TargetName.
686 */
687 dns_name_fromregion(&name, ®ion);
688 isc_region_consume(®ion, name_length(&name));
>>> CID 465574: (TAINTED_SCALAR)
>>> Passing tainted expression "*name.ndata" to "name_prefix", which uses it as a loop boundary.
689 opts = name_prefix(&name, tctx->origin, &prefix) ? DNS_NAME_OMITFINALDOT
690 : 0;
691 RETERR(dns_name_totext(&prefix, opts, target));
692
693 while (region.length > 0) {
694 isc_region_t r;
** CID 465573: (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 465573: (TAINTED_SCALAR)
/lib/dns/rdata/in_1/kx_36.c: 77 in totext_in_kx()
71 snprintf(buf, sizeof(buf), "%u", num);
72 RETERR(str_totext(buf, target));
73
74 RETERR(str_totext(" ", target));
75
76 dns_name_fromregion(&name, ®ion);
>>> CID 465573: (TAINTED_SCALAR)
>>> Passing tainted expression "*name.ndata" to "name_prefix", which uses it as a loop boundary.
77 opts = name_prefix(&name, tctx->origin, &prefix) ? DNS_NAME_OMITFINALDOT
78 : 0;
79 return (dns_name_totext(&prefix, opts, target));
80 }
81
82 static isc_result_t
/lib/dns/rdata/in_1/kx_36.c: 77 in totext_in_kx()
71 snprintf(buf, sizeof(buf), "%u", num);
72 RETERR(str_totext(buf, target));
73
74 RETERR(str_totext(" ", target));
75
76 dns_name_fromregion(&name, ®ion);
>>> CID 465573: (TAINTED_SCALAR)
>>> Passing tainted expression "*name.ndata" to "name_prefix", which uses it as a loop boundary.
77 opts = name_prefix(&name, tctx->origin, &prefix) ? DNS_NAME_OMITFINALDOT
78 : 0;
79 return (dns_name_totext(&prefix, opts, target));
80 }
81
82 static isc_result_t
** CID 465572: (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 465572: (TAINTED_SCALAR)
/lib/dns/rdata/generic/mx_15.c: 123 in totext_mx()
117 snprintf(buf, sizeof(buf), "%u", num);
118 RETERR(str_totext(buf, target));
119
120 RETERR(str_totext(" ", target));
121
122 dns_name_fromregion(&name, ®ion);
>>> CID 465572: (TAINTED_SCALAR)
>>> Passing tainted expression "*name.ndata" to "name_prefix", which uses it as a loop boundary.
123 opts = name_prefix(&name, tctx->origin, &prefix) ? DNS_NAME_OMITFINALDOT
124 : 0;
125 return (dns_name_totext(&prefix, opts, target));
126 }
127
128 static isc_result_t
/lib/dns/rdata/generic/mx_15.c: 123 in totext_mx()
117 snprintf(buf, sizeof(buf), "%u", num);
118 RETERR(str_totext(buf, target));
119
120 RETERR(str_totext(" ", target));
121
122 dns_name_fromregion(&name, ®ion);
>>> CID 465572: (TAINTED_SCALAR)
>>> Passing tainted expression "*name.ndata" to "name_prefix", which uses it as a loop boundary.
123 opts = name_prefix(&name, tctx->origin, &prefix) ? DNS_NAME_OMITFINALDOT
124 : 0;
125 return (dns_name_totext(&prefix, opts, target));
126 }
127
128 static isc_result_t
** CID 465571: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 465571: Insecure data handling (TAINTED_SCALAR)
/lib/dns/rdata/any_255/tsig_250.c: 525 in tostruct_any_tsig()
519 isc_region_consume(&sr, 2);
520
521 /*
522 * Other.
523 */
524 INSIST(sr.length == tsig->otherlen);
>>> CID 465571: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted expression "tsig->otherlen" to "mem_maybedup", which uses it as an offset.
525 tsig->other = mem_maybedup(mctx, sr.base, tsig->otherlen);
526
527 tsig->mctx = mctx;
528 return (ISC_R_SUCCESS);
529 }
530
** CID 465570: (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 465570: (TAINTED_SCALAR)
/lib/dns/rdata/generic/lp_107.c: 77 in totext_lp()
71 snprintf(buf, sizeof(buf), "%u", num);
72 RETERR(str_totext(buf, target));
73
74 RETERR(str_totext(" ", target));
75
76 dns_name_fromregion(&name, ®ion);
>>> CID 465570: (TAINTED_SCALAR)
>>> Passing tainted expression "*name.ndata" to "name_prefix", which uses it as a loop boundary.
77 opts = name_prefix(&name, tctx->origin, &prefix) ? DNS_NAME_OMITFINALDOT
78 : 0;
79 return (dns_name_totext(&prefix, opts, target));
80 }
81
82 static isc_result_t
/lib/dns/rdata/generic/lp_107.c: 77 in totext_lp()
71 snprintf(buf, sizeof(buf), "%u", num);
72 RETERR(str_totext(buf, target));
73
74 RETERR(str_totext(" ", target));
75
76 dns_name_fromregion(&name, ®ion);
>>> CID 465570: (TAINTED_SCALAR)
>>> Passing tainted expression "*name.ndata" to "name_prefix", which uses it as a loop boundary.
77 opts = name_prefix(&name, tctx->origin, &prefix) ? DNS_NAME_OMITFINALDOT
78 : 0;
79 return (dns_name_totext(&prefix, opts, target));
80 }
81
82 static isc_result_t
** CID 465569: (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 465569: (TAINTED_SCALAR)
/lib/dns/rdata/in_1/px_26.c: 98 in totext_in_px()
92 RETERR(str_totext(" ", target));
93
94 /*
95 * MAP822.
96 */
97 dns_name_fromregion(&name, ®ion);
>>> CID 465569: (TAINTED_SCALAR)
>>> Passing tainted expression "*name.ndata" to "name_prefix", which uses it as a loop boundary.
98 opts = name_prefix(&name, tctx->origin, &prefix) ? DNS_NAME_OMITFINALDOT
99 : 0;
100 isc_region_consume(®ion, name_length(&name));
101 RETERR(dns_name_totext(&prefix, opts, target));
102 RETERR(str_totext(" ", target));
103
/lib/dns/rdata/in_1/px_26.c: 98 in totext_in_px()
92 RETERR(str_totext(" ", target));
93
94 /*
95 * MAP822.
96 */
97 dns_name_fromregion(&name, ®ion);
>>> CID 465569: (TAINTED_SCALAR)
>>> Passing tainted expression "*name.ndata" to "name_prefix", which uses it as a loop boundary.
98 opts = name_prefix(&name, tctx->origin, &prefix) ? DNS_NAME_OMITFINALDOT
99 : 0;
100 isc_region_consume(®ion, name_length(&name));
101 RETERR(dns_name_totext(&prefix, opts, target));
102 RETERR(str_totext(" ", target));
103
** CID 465568: (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 465568: (TAINTED_SCALAR)
/lib/dns/rdata/generic/rt_21.c: 85 in totext_rt()
79 num = uint16_fromregion(®ion);
80 isc_region_consume(®ion, 2);
81 snprintf(buf, sizeof(buf), "%u", num);
82 RETERR(str_totext(buf, target));
83 RETERR(str_totext(" ", target));
84 dns_name_fromregion(&name, ®ion);
>>> CID 465568: (TAINTED_SCALAR)
>>> Passing tainted expression "*name.ndata" to "name_prefix", which uses it as a loop boundary.
85 opts = name_prefix(&name, tctx->origin, &prefix) ? DNS_NAME_OMITFINALDOT
86 : 0;
87 return (dns_name_totext(&prefix, opts, target));
88 }
89
90 static isc_result_t
/lib/dns/rdata/generic/rt_21.c: 85 in totext_rt()
79 num = uint16_fromregion(®ion);
80 isc_region_consume(®ion, 2);
81 snprintf(buf, sizeof(buf), "%u", num);
82 RETERR(str_totext(buf, target));
83 RETERR(str_totext(" ", target));
84 dns_name_fromregion(&name, ®ion);
>>> CID 465568: (TAINTED_SCALAR)
>>> Passing tainted expression "*name.ndata" to "name_prefix", which uses it as a loop boundary.
85 opts = name_prefix(&name, tctx->origin, &prefix) ? DNS_NAME_OMITFINALDOT
86 : 0;
87 return (dns_name_totext(&prefix, opts, target));
88 }
89
90 static isc_result_t
** CID 465567: (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 465567: (TAINTED_SCALAR)
/lib/dns/rdata/in_1/srv_33.c: 137 in totext_in_srv()
131 RETERR(str_totext(" ", target));
132
133 /*
134 * Target.
135 */
136 dns_name_fromregion(&name, ®ion);
>>> CID 465567: (TAINTED_SCALAR)
>>> Passing tainted expression "*name.ndata" to "name_prefix", which uses it as a loop boundary.
137 opts = name_prefix(&name, tctx->origin, &prefix) ? DNS_NAME_OMITFINALDOT
138 : 0;
139 return (dns_name_totext(&prefix, opts, target));
140 }
141
142 static isc_result_t
/lib/dns/rdata/in_1/srv_33.c: 137 in totext_in_srv()
131 RETERR(str_totext(" ", target));
132
133 /*
134 * Target.
135 */
136 dns_name_fromregion(&name, ®ion);
>>> CID 465567: (TAINTED_SCALAR)
>>> Passing tainted expression "*name.ndata" to "name_prefix", which uses it as a loop boundary.
137 opts = name_prefix(&name, tctx->origin, &prefix) ? DNS_NAME_OMITFINALDOT
138 : 0;
139 return (dns_name_totext(&prefix, opts, target));
140 }
141
142 static isc_result_t
** CID 465566: (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 465566: (TAINTED_SCALAR)
/lib/dns/rdata/generic/naptr_35.c: 299 in totext_naptr()
293 RETERR(str_totext(" ", target));
294
295 /*
296 * Replacement.
297 */
298 dns_name_fromregion(&name, ®ion);
>>> CID 465566: (TAINTED_SCALAR)
>>> Passing tainted expression "*name.ndata" to "name_prefix", which uses it as a loop boundary.
299 opts = name_prefix(&name, tctx->origin, &prefix) ? DNS_NAME_OMITFINALDOT
300 : 0;
301 return (dns_name_totext(&prefix, opts, target));
302 }
303
304 static isc_result_t
/lib/dns/rdata/generic/naptr_35.c: 299 in totext_naptr()
293 RETERR(str_totext(" ", target));
294
295 /*
296 * Replacement.
297 */
298 dns_name_fromregion(&name, ®ion);
>>> CID 465566: (TAINTED_SCALAR)
>>> Passing tainted expression "*name.ndata" to "name_prefix", which uses it as a loop boundary.
299 opts = name_prefix(&name, tctx->origin, &prefix) ? DNS_NAME_OMITFINALDOT
300 : 0;
301 return (dns_name_totext(&prefix, opts, target));
302 }
303
304 static isc_result_t