Two Coverity issues, the truncation is meant to be

author Otto Moerbeek <otto.moerbeek@open-xchange.com>

Fri, 20 Jun 2025 07:15:34 +0000 (09:15 +0200)

committer Otto Moerbeek <otto.moerbeek@open-xchange.com>

Fri, 20 Jun 2025 07:35:35 +0000 (09:35 +0200)
author Otto Moerbeek <otto.moerbeek@open-xchange.com>
Fri, 20 Jun 2025 07:15:34 +0000 (09:15 +0200)
committer Otto Moerbeek <otto.moerbeek@open-xchange.com>
Fri, 20 Jun 2025 07:35:35 +0000 (09:35 +0200)
diff --git a/pdns/validate.cc b/pdns/validate.cc

index 2f83e1fb759c06be0b93f4485c8e8f2cfb13b63c..882f84e2a4b8f661522e7411e57fe610427149e5 100644 (file)
--- a/pdns/validate.cc
+++ b/pdns/validate.cc
@@ -973,12 +973,16 @@ dState getDenial(const cspmap_t &validrrsets, const DNSName& qname, const uint16
  
  bool isRRSIGNotExpired(const time_t now, const RRSIGRecordContent& sig)
  {
-  return rfc1982LessThanOrEqual<uint32_t>(now, sig.d_sigexpire);
+  // it's an uint32_t rfc1982 compare, explicitly cast now to uint32_t to avoid Coverity warning
+  // implicitly converting a time_t to a smaller int.
+  return rfc1982LessThanOrEqual<uint32_t>(static_cast<uint32_t>(now), sig.d_sigexpire);
  }
  
  bool isRRSIGIncepted(const time_t now, const RRSIGRecordContent& sig)
  {
-  return rfc1982LessThanOrEqual<uint32_t>(sig.d_siginception - g_signatureInceptionSkew, now);
+  // it's an uint32_t rfc1982 compare, explicitly cast now to uint32_t to avoid Coverity warning
+  // implicitly converting a time_t to a smaller int.
+  return rfc1982LessThanOrEqual<uint32_t>(sig.d_siginception - g_signatureInceptionSkew, static_cast<uint32_t>(now));
  }
  
  namespace {
author	Otto Moerbeek <otto.moerbeek@open-xchange.com>
	Fri, 20 Jun 2025 07:15:34 +0000 (09:15 +0200)
committer	Otto Moerbeek <otto.moerbeek@open-xchange.com>
	Fri, 20 Jun 2025 07:35:35 +0000 (09:35 +0200)