Commit bf24832e authored by Thomas Markwalder's avatar Thomas Markwalder
Browse files

[v4_1_esv] Corrects medium impact issues reported by Covertiy

    Merges in rt36933:
    server/dhcp.c -
        changes for CID 753050 (31b97ba1bdd4ddf6dd593b434592d0e17f985d0f)
        were not relevant

    server/omapi.c -
        changes for CID 1194735 (5bab149927ea57d0213e3a9f5d8f53ddc4a4bf56)
        were not relevant
parent d3ceab90
......@@ -61,6 +61,7 @@ by Eric Young (eay@cryptsoft.com).
- Addressed Coverity issues reported as of 07-31-2014:
[ISC-Bugs #36712] Corrects Coverity reported "high" impact issues
[ISC-Bugs #36933] Corrects Coverity reported "medium" impact issues
Changes since 4.1-ESV-R10rc1
......
......@@ -1843,6 +1843,15 @@ const char *pretty_print_option (option, data, len, emit_commas, emit_quotes)
* of the last format type and we add 1 to
* cover the entire first record.
*/
/* If format string had no valid entries prior to
* 'a' hunkinc will be 0. Ex: "a", "oa", "aA" */
if (hunkinc == 0) {
log_error ("%s: invalid 'a' format: %s",
option->name, option->format);
return ("<error>");
}
numhunk = ((len - hunksize) / hunkinc) + 1;
len_used = hunksize + ((numhunk - 1) * hunkinc);
} else {
......@@ -1850,6 +1859,15 @@ const char *pretty_print_option (option, data, len, emit_commas, emit_quotes)
* It is an 'A' type array - we repeat the
* entire record
*/
/* If format string had no valid entries prior to
* 'A' hunksize will be 0. Ex: "A", "oA", "foA" */
if (hunksize == 0) {
log_error ("%s: invalid 'A' format: %s",
option->name, option->format);
return ("<error>");
}
numhunk = len / hunksize;
len_used = numhunk * hunksize;
}
......
......@@ -4987,14 +4987,6 @@ int parse_expression (expr, cfile, lose, context, plhs, binop)
tmp = (struct expression *)0;
rhs = (struct expression *)0;
/* Recursions don't return until we have parsed the end of the
expression, so if we recursed earlier, we can now return what
we got. */
if (next_op == expr_none) {
*expr = lhs;
return 1;
}
binop = next_op;
goto new_rhs;
}
......
......@@ -818,7 +818,7 @@ dst_key_to_buffer(DST_KEY *key, u_char *out_buff, unsigned buf_len)
/* this function will extract the secret of HMAC into a buffer */
if(key == NULL)
return (0);
if(key->dk_func != NULL && key->dk_func != NULL) {
if(key->dk_func != NULL && key->dk_func->to_dns_key != NULL) {
len = key->dk_func->to_dns_key(key, out_buff, buf_len);
if (len < 0)
return (0);
......
......@@ -490,8 +490,7 @@ digest_file(dst_work *work)
if (i > 0)
work->filled += i;
}
else if (i > 0)
my_digest(work, buf, (unsigned)i);
my_digest(work, (const u_char *)name, strlen(name));
return (no + strlen(name));
}
......
......@@ -44,7 +44,12 @@ int main (int argc, char **argv)
omapi_object_t *connection = (omapi_object_t*)0;
isc_result_t status;
omapi_init ();
status = omapi_init ();
if (status != ISC_R_SUCCESS) {
fprintf(stderr, "omapi_init failed: %s\n",
isc_result_totext(status));
exit(1);
}
if (argc > 1 && !strcmp (argv [1], "listen")) {
if (argc < 3) {
......
......@@ -578,7 +578,9 @@ isc_result_t trace_get_next_packet (trace_type_t **ttp,
paylen = tpkt -> length;
if (paylen % 8)
paylen += 8 - (tpkt -> length % 8);
if (paylen > (*bufmax)) {
/* allocate a buffer if we need one or current buffer is too small */
if ((*buf == NULL) || (paylen > (*bufmax))) {
if ((*buf))
dfree ((*buf), MDL);
(*bufmax) = ((paylen + 1023) & ~1023U);
......@@ -589,7 +591,7 @@ isc_result_t trace_get_next_packet (trace_type_t **ttp,
return ISC_R_NOMEMORY;
}
}
status = fread ((*buf), 1, paylen, traceinfile);
if (status < paylen) {
if (ferror (traceinfile))
......
......@@ -1167,7 +1167,7 @@ int new_lease_file ()
fail:
lease_file_is_corrupt = db_validity;
fdfail:
unlink (newfname);
(void)unlink (newfname);
return 0;
}
......
......@@ -343,10 +343,9 @@ ddns_updates(struct packet *packet, struct lease *lease, struct lease *old,
goto out;
}
buffer_allocate (&ddns_fwd_name.buffer,
if (buffer_allocate (&ddns_fwd_name.buffer,
ddns_hostname.len + ddns_domainname.len + 2,
MDL);
if (ddns_fwd_name.buffer) {
MDL)) {
ddns_fwd_name.data = ddns_fwd_name.buffer -> data;
data_string_append (&ddns_fwd_name, &ddns_hostname);
ddns_fwd_name.buffer -> data [ddns_fwd_name.len] = '.';
......@@ -518,8 +517,8 @@ ddns_updates(struct packet *packet, struct lease *lease, struct lease *old,
}
if (s1) {
buffer_allocate(&ddns_rev_name.buffer, rev_name_len, MDL);
if (ddns_rev_name.buffer != NULL) {
if (buffer_allocate(&ddns_rev_name.buffer,
rev_name_len, MDL)) {
ddns_rev_name.data = ddns_rev_name.buffer->data;
if (addr.len == 4) {
......
......@@ -3188,6 +3188,8 @@ lease_compare(struct iasubopt *alpha, struct iasubopt *beta) {
if (alpha->hard_lifetime_end_time <
beta->hard_lifetime_end_time)
return alpha;
else
return beta;
default:
log_fatal("Impossible condition at %s:%d.", MDL);
......@@ -4245,6 +4247,8 @@ prefix_compare(struct reply_state *reply,
if (alpha->hard_lifetime_end_time <
beta->hard_lifetime_end_time)
return alpha;
else
return beta;
default:
log_fatal("Impossible condition at %s:%d.", MDL);
......
......@@ -720,7 +720,10 @@ static isc_result_t do_a_failover_option (c, link)
/* FT_DDNS* are special - one or two bytes of status
followed by the client FQDN. */
if (ft_options [option_code].type == FT_DDNS1 ||
/* Note: FT_DDNS* option support appears to be incomplete.
ISC-Bugs #36996 has been opened to address this. */
if (ft_options [option_code].type == FT_DDNS ||
ft_options [option_code].type == FT_DDNS1) {
ddns_fqdn_t *ddns =
((ddns_fqdn_t *)
......@@ -2248,6 +2251,8 @@ isc_result_t dhcp_failover_peer_state_changed (dhcp_failover_state_t *state,
switch (new_state) {
case recover_done:
log_error("Both servers have entered recover-done!");
/* Fall through and tranistion to normal anyway */
case normal:
dhcp_failover_set_state (state, normal);
break;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment