From 127701d9d32e568f09c775e722286e9c0b8c72ec Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Fri, 22 May 2015 16:56:25 +0200
Subject: [PATCH] Fix coverity issues

http://cov01.lab.eng.brq.redhat.com/covscanhub/waiving/9377/
Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
 bin/named/server.c |  8 +++-----
 lib/dns/dispatch.c |  5 +++--
 lib/dns/dst_api.c  |  6 ++++++
 lib/dns/gen.c      | 16 +++++++++++++++-
 lib/dns/name.c     |  8 ++------
 lib/dns/nsec3.c    |  4 ++--
 lib/dns/rcode.c    |  4 +++-
 lib/isc/netaddr.c  |  1 +
 lib/isc/pk11.c     | 21 ++++++++++++++-------
 9 files changed, 49 insertions(+), 24 deletions(-)

diff --git a/bin/named/server.c b/bin/named/server.c
index 227c646..5e94660 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -8018,9 +8018,11 @@ ns_server_sync(ns_server_t *server, char *args, isc_buffer_t *text) {
 	dns_zone_t *zone = NULL;
 	char classstr[DNS_RDATACLASS_FORMATSIZE];
 	char zonename[DNS_NAME_FORMATSIZE];
-	const char *vname, *sep, *msg = NULL, *arg;
+	const char *vname, *sep, *arg;
 	isc_boolean_t cleanup = ISC_FALSE;
 
+	UNUSED(text);
+
 	(void) next_token(&args, " \t");
 
 	arg = next_token(&args, " \t");
@@ -8061,10 +8063,6 @@ ns_server_sync(ns_server_t *server, char *args, isc_buffer_t *text) {
 	result = synczone(zone, &cleanup);
 	isc_task_endexclusive(server->task);
 
-	if (msg != NULL && strlen(msg) < isc_buffer_availablelength(text))
-		isc_buffer_putmem(text, (const unsigned char *)msg,
-				  strlen(msg) + 1);
-
 	view = dns_zone_getview(zone);
 	if (strcmp(view->name, "_default") == 0 ||
 	    strcmp(view->name, "_bind") == 0)
diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c
index 5063914..c93651d 100644
--- a/lib/dns/dispatch.c
+++ b/lib/dns/dispatch.c
@@ -2278,9 +2278,10 @@ dns_dispatchmgr_setudp(dns_dispatchmgr_t *mgr,
 
 	/* Create or adjust socket pool */
 	if (mgr->spool != NULL) {
-		if (maxrequests < DNS_DISPATCH_POOLSOCKS * 2)
+		if (maxrequests < DNS_DISPATCH_POOLSOCKS * 2) {
 		  isc_mempool_setmaxalloc(mgr->spool, DNS_DISPATCH_POOLSOCKS * 2);
 		  isc_mempool_setfreemax(mgr->spool, DNS_DISPATCH_POOLSOCKS * 2);
+		}
 		UNLOCK(&mgr->buffer_lock);
 		return (ISC_R_SUCCESS);
 	}
@@ -3765,7 +3766,7 @@ dns_dispatchset_create(isc_mem_t *mctx, isc_socketmgr_t *sockmgr,
 		goto fail_alloc;
 
 	dset->dispatches = isc_mem_get(mctx, sizeof(dns_dispatch_t *) * n);
-	if (dset == NULL) {
+	if (dset->dispatches == NULL) {
 		result = ISC_R_NOMEMORY;
 		goto fail_lock;
 	}
diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
index d96473f..e71f202 100644
--- a/lib/dns/dst_api.c
+++ b/lib/dns/dst_api.c
@@ -1882,6 +1882,9 @@ dst__entropy_getdata(void *buf, unsigned int len, isc_boolean_t pseudo) {
 #ifdef BIND9
 	unsigned int flags = dst_entropy_flags;
 
+	if (dst_entropy_pool == NULL)
+		return (ISC_R_FAILURE);
+
 	if (len == 0)
 		return (ISC_R_SUCCESS);
 
@@ -1914,6 +1917,9 @@ dst__entropy_status(void) {
 	unsigned char buf[32];
 	static isc_boolean_t first = ISC_TRUE;
 
+	if (dst_entropy_pool == NULL)
+		return (0);
+
 	if (first) {
 		/* Someone believes RAND_status() initializes the PRNG */
 		flags &= ~ISC_ENTROPY_GOODONLY;
diff --git a/lib/dns/gen.c b/lib/dns/gen.c
index 6b533dd..548f892 100644
--- a/lib/dns/gen.c
+++ b/lib/dns/gen.c
@@ -335,10 +335,14 @@ insert_into_typenames(int type, const char *typename, const char *attr) {
 			typename);
 		exit(1);
 	}
+
 	strncpy(ttn->typename, typename, sizeof(ttn->typename));
-	ttn->type = type;
+	ttn->typename[sizeof(ttn->typename) - 1] = '\0';
 
 	strncpy(ttn->macroname, ttn->typename, sizeof(ttn->macroname));
+	ttn->macroname[sizeof(ttn->macroname) - 1] = '\0';
+
+	ttn->type = type;
 	c = strlen(ttn->macroname);
 	while (c > 0) {
 		if (ttn->macroname[c - 1] == '-')
@@ -364,7 +368,10 @@ insert_into_typenames(int type, const char *typename, const char *attr) {
 			attr, typename);
 		exit(1);
 	}
+
 	strncpy(ttn->attr, attr, sizeof(ttn->attr));
+	ttn->attr[sizeof(ttn->attr) - 1] = '\0';
+
 	ttn->sorted = 0;
 	if (maxtype < type)
 		maxtype = type;
@@ -393,11 +400,17 @@ add(int rdclass, const char *classname, int type, const char *typename,
 	newtt->next = NULL;
 	newtt->rdclass = rdclass;
 	newtt->type = type;
+
 	strncpy(newtt->classname, classname, sizeof(newtt->classname));
+	newtt->classname[sizeof(newtt->classname) - 1] = '\0';
+
 	strncpy(newtt->typename, typename, sizeof(newtt->typename));
+	newtt->typename[sizeof(newtt->typename) - 1] = '\0';
+
 	if (strncmp(dirname, "./", 2) == 0)
 		dirname += 2;
 	strncpy(newtt->dirname, dirname, sizeof(newtt->dirname));
+	newtt->dirname[sizeof(newtt->dirname) - 1] = '\0';
 
 	tt = types;
 	oldtt = NULL;
@@ -436,6 +449,7 @@ add(int rdclass, const char *classname, int type, const char *typename,
 	}
 	newcc->rdclass = rdclass;
 	strncpy(newcc->classname, classname, sizeof(newcc->classname));
+	newcc->classname[sizeof(newcc->classname) - 1] = '\0';
 	cc = classes;
 	oldcc = NULL;
 
diff --git a/lib/dns/name.c b/lib/dns/name.c
index 4fcabb1..93173ee 100644
--- a/lib/dns/name.c
+++ b/lib/dns/name.c
@@ -1859,7 +1859,6 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source,
 				    0)
 					return (DNS_R_DISALLOWED);
 				new_current = c & 0x3F;
-				n = 1;
 				state = fw_newcurrent;
 			} else
 				return (DNS_R_BADLABELTYPE);
@@ -1867,8 +1866,6 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source,
 		case fw_ordinary:
 			if (downcase)
 				c = maptolower[c];
-			/* FALLTHROUGH */
-		case fw_copy:
 			*ndata++ = c;
 			n--;
 			if (n == 0)
@@ -1877,9 +1874,6 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source,
 		case fw_newcurrent:
 			new_current *= 256;
 			new_current += c;
-			n--;
-			if (n != 0)
-				break;
 			if (new_current >= biggest_pointer)
 				return (DNS_R_BADPOINTER);
 			biggest_pointer = new_current;
@@ -2398,6 +2392,8 @@ dns_name_tostring(dns_name_t *name, char **target, isc_mem_t *mctx) {
 
 	isc_buffer_usedregion(&buf, &reg);
 	p = isc_mem_allocate(mctx, reg.length + 1);
+	if (p == NULL)
+		return (ISC_R_NOMEMORY);
 	memcpy(p, (char *) reg.base, (int) reg.length);
 	p[reg.length] = '\0';
 
diff --git a/lib/dns/nsec3.c b/lib/dns/nsec3.c
index 935f515..86fad33 100644
--- a/lib/dns/nsec3.c
+++ b/lib/dns/nsec3.c
@@ -842,8 +842,8 @@ dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version,
 		dns_db_detachnode(db, &newnode);
 	} while (1);
 
-	if (result == ISC_R_NOMORE)
-		result = ISC_R_SUCCESS;
+	/* result cannot be ISC_R_NOMORE here */
+	INSIST(result != ISC_R_NOMORE);
 
  failure:
 	if (dbit != NULL)
diff --git a/lib/dns/rcode.c b/lib/dns/rcode.c
index 0b7fe8c..091b3c7 100644
--- a/lib/dns/rcode.c
+++ b/lib/dns/rcode.c
@@ -216,7 +216,9 @@ maybe_numeric(unsigned int *valuep, isc_textregion_t *source,
 	 * isc_parse_uint32().  isc_parse_uint32() requires
 	 * null termination, so we must make a copy.
 	 */
-	strncpy(buffer, source->base, NUMBERSIZE);
+	strncpy(buffer, source->base, sizeof(buffer));
+	buffer[sizeof(buffer) - 1] = '\0';
+
 	INSIST(buffer[source->length] == '\0');
 
 	result = isc_parse_uint32(&n, buffer, 10);
diff --git a/lib/isc/netaddr.c b/lib/isc/netaddr.c
index 5cce1bc..6706542 100644
--- a/lib/isc/netaddr.c
+++ b/lib/isc/netaddr.c
@@ -235,6 +235,7 @@ isc_netaddr_prefixok(const isc_netaddr_t *na, unsigned int prefixlen) {
 	nbytes = prefixlen / 8;
 	nbits = prefixlen % 8;
 	if (nbits != 0) {
+		INSIST(nbytes < ipbytes);
 		if ((p[nbytes] & (0xff>>nbits)) != 0U)
 			return (ISC_R_FAILURE);
 		nbytes++;
diff --git a/lib/isc/pk11.c b/lib/isc/pk11.c
index 015bff2..de4479b 100644
--- a/lib/isc/pk11.c
+++ b/lib/isc/pk11.c
@@ -130,7 +130,10 @@
 #include <pkcs11/cryptoki.h>
 #include <pkcs11/pkcs11.h>
 
-#define PINLEN	32
+/* was 32 octets, Petr Spacek suggested 1024, SoftHSMv2 uses 256... */
+#ifndef PINLEN
+#define PINLEN	256
+#endif
 
 #ifndef PK11_NO_LOGERR
 #define PK11_NO_LOGERR 1
@@ -163,7 +166,7 @@ struct pk11_token {
 	char			manuf[32];
 	char			model[16];
 	char			serial[16];
-	char			pin[PINLEN];
+	char			pin[PINLEN + 1];
 };
 static ISC_LIST(pk11_token_t) tokens;
 
@@ -498,7 +501,9 @@ pk11_get_session(pk11_context_t *ctx, pk11_optype_t optype,
 
 	/* Override the token's PIN */
 	if (logon && pin != NULL && *pin != '\0') {
-		memset(token->pin, 0, PINLEN);
+		if (strlen(pin) > PINLEN)
+			return ISC_R_RANGE;
+		memset(token->pin, 0, PINLEN + 1);
 		strncpy(token->pin, pin, PINLEN);
 	}
 
@@ -1099,7 +1104,7 @@ pk11_parse_uri(pk11_object_t *obj, const char *label,
 	char *uri, *p, *a, *na, *v;
 	size_t len, l;
 	FILE *stream = NULL;
-	char pin[PINLEN];
+	char pin[PINLEN + 1];
 	isc_boolean_t gotpin = ISC_FALSE;
 	isc_result_t ret;
 
@@ -1207,10 +1212,12 @@ pk11_parse_uri(pk11_object_t *obj, const char *label,
 			ret = isc_stdio_open(v, "r", &stream);
 			if (ret != ISC_R_SUCCESS)
 				goto err;
-			memset(pin, 0, PINLEN);
-			ret = isc_stdio_read(pin, 1, PINLEN - 1, stream, NULL);
+			memset(pin, 0, PINLEN + 1);
+			ret = isc_stdio_read(pin, 1, PINLEN + 1, stream, &l);
 			if ((ret != ISC_R_SUCCESS) && (ret != ISC_R_EOF))
 				goto err;
+			if (l > PINLEN)
+				DST_RET(ISC_R_RANGE);
 			ret = isc_stdio_close(stream);
 			stream = NULL;
 			if (ret != ISC_R_SUCCESS)
@@ -1238,7 +1245,7 @@ pk11_parse_uri(pk11_object_t *obj, const char *label,
 		DST_RET(ISC_R_NOTFOUND);
 	obj->slot = token->slotid;
 	if (gotpin) {
-		memmove(token->pin, pin, PINLEN);
+		memmove(token->pin, pin, PINLEN + 1);
 		obj->reqlogon = ISC_TRUE;
 	}
 
-- 
2.1.0