]> git.ipfire.org Git - thirdparty/pdns.git/commitdiff
projects / thirdparty / pdns.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2ad7365)
rec: avoid implicit truncating cast of inception skew 15715/head
authorOtto Moerbeek <otto.moerbeek@open-xchange.com>
Mon, 23 Jun 2025 07:07:00 +0000 (09:07 +0200)
committerOtto Moerbeek <otto.moerbeek@open-xchange.com>
Mon, 23 Jun 2025 07:08:12 +0000 (09:08 +0200)
Avoid coverity complaint:
store_truncates_time_t: A time_t value is stored in an integer with too few bits to accommodate it.
The expression sig.d_siginception - g_signatureInceptionSkew is cast to unsigned int.

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>
pdns/recursordist/rec-main.cc patch | blob | blame | history
pdns/validate.cc patch | blob | blame | history
pdns/validate.hh patch | blob | blame | history

diff --git a/pdns/recursordist/rec-main.cc b/pdns/recursordist/rec-main.cc
index 64c8e9fe6eda01784182ea51cebb9616869a8e5f..03648b77f787c80841651b9af98b834bd4a76d66 100644 (file)
--- a/pdns/recursordist/rec-main.cc
+++ b/pdns/recursordist/rec-main.cc
@@ -1712,11 +1712,13 @@ static int initDNSSEC(Logr::log_t log)
     return 1;
   }
 
-  g_signatureInceptionSkew = ::arg().asNum("signature-inception-skew");
-  if (g_signatureInceptionSkew < 0) {
-    SLOG(g_log << Logger::Error << "A negative value for 'signature-inception-skew' is not allowed" << endl,
-         log->info(Logr::Error, "A negative value for 'signature-inception-skew' is not allowed"));
-    return 1;
+  {
+    auto value = ::arg().asNum("signature-inception-skew");
+    if (value < 0) {
+      log->info(Logr::Error, "A negative value for 'signature-inception-skew' is not allowed");
+      return 1;
+    }
+    g_signatureInceptionSkew = value;
   }
 
   g_dnssecLogBogus = ::arg().mustDo("dnssec-log-bogus");
diff --git a/pdns/validate.cc b/pdns/validate.cc
index 882f84e2a4b8f661522e7411e57fe610427149e5..6df1564d2275fd0636cec8cd4cb6a8780cf0d7bc 100644 (file)
--- a/pdns/validate.cc
+++ b/pdns/validate.cc
@@ -28,7 +28,7 @@
 #include "base32.hh"
 #include "logger.hh"
 
-time_t g_signatureInceptionSkew{0};
+uint32_t g_signatureInceptionSkew{0};
 uint16_t g_maxNSEC3Iterations{0};
 uint16_t g_maxRRSIGsPerRecordToConsider{0};
 uint16_t g_maxNSEC3sPerRecordToConsider{0};
diff --git a/pdns/validate.hh b/pdns/validate.hh
index 164875981d173ea459f454baf178185a9a0fae76..fed16c330b83068849e8d70479ee6f9f6434be4a 100644 (file)
--- a/pdns/validate.hh
+++ b/pdns/validate.hh
@@ -29,7 +29,7 @@
 #include "dnssecinfra.hh"
 #include "logger.hh"
 
-extern time_t g_signatureInceptionSkew;
+extern uint32_t g_signatureInceptionSkew;
 extern uint16_t g_maxNSEC3Iterations;
 extern uint16_t g_maxRRSIGsPerRecordToConsider;
 extern uint16_t g_maxNSEC3sPerRecordToConsider;
Unnamed repository; edit this file 'description' to name the repository.