[v4_1_esv] Corrects medium impact issues reported by Covertiy

    Merges in rt36933:
    server/dhcp.c -
        changes for CID 753050 (31b97ba1bdd4ddf6dd593b434592d0e17f985d0f)
        were not relevant

    server/omapi.c -
        changes for CID 1194735 (5bab149927ea57d0213e3a9f5d8f53ddc4a4bf56)
        were not relevant

diff --git a/RELNOTES b/RELNOTES
index 022aa11b36986879057b685ecdd4f68e6fa44cb4..8a286d3b39087f01e6c813d0662766bc594fb5bc 100644 (file)
--- a/RELNOTES
+++ b/RELNOTES
@@ -61,6 +61,7 @@ by Eric Young (eay@cryptsoft.com).
 
 - Addressed Coverity issues reported as of 07-31-2014:
   [ISC-Bugs #36712] Corrects Coverity reported "high" impact issues
+  [ISC-Bugs #36933] Corrects Coverity reported "medium" impact issues
 
                        Changes since 4.1-ESV-R10rc1
 

diff --git a/common/options.c b/common/options.c
index b7e5e8c3d44886bf318bf0b378ad19e4ba018c25..db8d8071df9d7e18dd1edb3dae209fc5a48baef0 100644 (file)
--- a/common/options.c
+++ b/common/options.c
@@ -1843,6 +1843,15 @@ const char *pretty_print_option (option, data, len, emit_commas, emit_quotes)
                         * of the last format type and we add 1 to
                         * cover the entire first record.
                         */
+
+                       /* If format string had no valid entries prior to
+                        * 'a' hunkinc will be 0. Ex: "a", "oa", "aA" */
+                       if (hunkinc == 0) {
+                               log_error ("%s: invalid 'a' format: %s",
+                                          option->name, option->format);
+                               return ("<error>");
+                       }
+
                        numhunk = ((len - hunksize) / hunkinc) + 1;
                        len_used = hunksize + ((numhunk - 1) * hunkinc);
                } else {
@@ -1850,6 +1859,15 @@ const char *pretty_print_option (option, data, len, emit_commas, emit_quotes)
                         * It is an 'A' type array - we repeat the
                         * entire record
                         */
+
+                       /* If format string had no valid entries prior to
+                        * 'A' hunksize will be 0. Ex: "A", "oA", "foA" */
+                       if (hunksize == 0) {
+                               log_error ("%s: invalid 'A' format: %s",
+                                          option->name, option->format);
+                               return ("<error>");
+                       }
+
                        numhunk = len / hunksize;
                        len_used = numhunk * hunksize;
                }

diff --git a/common/parse.c b/common/parse.c
index 3ce2b5d6bf7cba6daf7d79dd9e0dff630d473336..e0a49525f97b89177fc6f0a1a6fe7c4465427aae 100644 (file)
--- a/common/parse.c
+++ b/common/parse.c
@@ -4987,14 +4987,6 @@ int parse_expression (expr, cfile, lose, context, plhs, binop)
        tmp = (struct expression *)0;
        rhs = (struct expression *)0;
 
-       /* Recursions don't return until we have parsed the end of the
-          expression, so if we recursed earlier, we can now return what
-          we got. */
-       if (next_op == expr_none) {
-               *expr = lhs;
-               return 1;
-       }
-
        binop = next_op;
        goto new_rhs;
 }      

diff --git a/dst/dst_api.c b/dst/dst_api.c
index 1b334f09683461721b2fa24fb6d4a286d16f5d10..2d9fba2db2cb122ed23aa1761968ed78024aab55 100644 (file)
--- a/dst/dst_api.c
+++ b/dst/dst_api.c
@@ -818,7 +818,7 @@ dst_key_to_buffer(DST_KEY *key, u_char *out_buff, unsigned buf_len)
   /* this function will extract the secret of HMAC into a buffer */
        if(key == NULL) 
                return (0);
-       if(key->dk_func != NULL && key->dk_func != NULL) {
+       if(key->dk_func != NULL && key->dk_func->to_dns_key != NULL) {
                len = key->dk_func->to_dns_key(key, out_buff, buf_len);
                if (len < 0)
                        return (0);

diff --git a/dst/prandom.c b/dst/prandom.c
index 2d29c824750ae3278461215022a2753e829b3309..c0b4e27fdedb7909903bd030d8fd25eec9374aec 100644 (file)
--- a/dst/prandom.c
+++ b/dst/prandom.c
@@ -490,8 +490,7 @@ digest_file(dst_work *work)
                if (i > 0) 
                        work->filled += i;
        }
-       else if (i > 0)
-               my_digest(work, buf, (unsigned)i);
+
        my_digest(work, (const u_char *)name, strlen(name));
        return (no + strlen(name));
 }

diff --git a/omapip/test.c b/omapip/test.c
index b1b07da90dc73af98eeaf33d12214c878e18a1ba..46d367086ecc83686ce55ce16d1091b50da32fde 100644 (file)
--- a/omapip/test.c
+++ b/omapip/test.c
@@ -44,7 +44,12 @@ int main (int argc, char **argv)
        omapi_object_t *connection = (omapi_object_t*)0;
        isc_result_t status;
 
-       omapi_init ();
+       status = omapi_init ();
+       if (status != ISC_R_SUCCESS) {
+               fprintf(stderr, "omapi_init failed: %s\n",
+                       isc_result_totext(status));
+               exit(1);
+       }
 
        if (argc > 1 && !strcmp (argv [1], "listen")) {
                if (argc < 3) {

diff --git a/omapip/trace.c b/omapip/trace.c
index a7c643e9dc986a49046cc592f75a3d7f6a42ca3f..1562449f1540812e3888d4f164dd4f3ae5ce3b40 100644 (file)
--- a/omapip/trace.c
+++ b/omapip/trace.c
@@ -578,7 +578,9 @@ isc_result_t trace_get_next_packet (trace_type_t **ttp,
        paylen = tpkt -> length;
        if (paylen % 8)
                paylen += 8 - (tpkt -> length % 8);
-       if (paylen > (*bufmax)) {
+
+       /* allocate a buffer if we need one or current buffer is too small */
+       if ((*buf == NULL) || (paylen > (*bufmax))) {
                if ((*buf))
                        dfree ((*buf), MDL);
                (*bufmax) = ((paylen + 1023) & ~1023U);
@@ -589,7 +591,7 @@ isc_result_t trace_get_next_packet (trace_type_t **ttp,
                        return ISC_R_NOMEMORY;
                }
        }
-       
+
        status = fread ((*buf), 1, paylen, traceinfile);
        if (status < paylen) {
                if (ferror (traceinfile))

diff --git a/server/db.c b/server/db.c
index d4c182ccddc43219338ae1ba2c2390506f6bcec5..0ba711479fba097f6694862106e96d77e4705442 100644 (file)
--- a/server/db.c
+++ b/server/db.c
@@ -1167,7 +1167,7 @@ int new_lease_file ()
       fail:
        lease_file_is_corrupt = db_validity;
       fdfail:
-       unlink (newfname);
+       (void)unlink (newfname);
        return 0;
 }
 

diff --git a/server/ddns.c b/server/ddns.c
index a590ba93cc454bf43c7721e4d4f37cf001c5cd16..048d38c34a50e779ad2aeb3b6aa8dc6fbe2073c9 100644 (file)
--- a/server/ddns.c
+++ b/server/ddns.c
@@ -343,10 +343,9 @@ ddns_updates(struct packet *packet, struct lease *lease, struct lease *old,
                        goto out;
                }
 
-               buffer_allocate (&ddns_fwd_name.buffer,
+               if (buffer_allocate (&ddns_fwd_name.buffer,
                                 ddns_hostname.len + ddns_domainname.len + 2,
-                                MDL);
-               if (ddns_fwd_name.buffer) {
+                                MDL)) {
                        ddns_fwd_name.data = ddns_fwd_name.buffer -> data;
                        data_string_append (&ddns_fwd_name, &ddns_hostname);
                        ddns_fwd_name.buffer -> data [ddns_fwd_name.len] = '.';
@@ -518,8 +517,8 @@ ddns_updates(struct packet *packet, struct lease *lease, struct lease *old,
        }
 
        if (s1) {
-               buffer_allocate(&ddns_rev_name.buffer, rev_name_len, MDL);
-               if (ddns_rev_name.buffer != NULL) {
+               if (buffer_allocate(&ddns_rev_name.buffer,
+                                   rev_name_len, MDL)) {
                        ddns_rev_name.data = ddns_rev_name.buffer->data;
 
                        if (addr.len == 4) {

diff --git a/server/dhcpv6.c b/server/dhcpv6.c
index f6ec37cd7fdbeb9050ef7635e1f602c8b9ca136d..72d9dea632c07cb3302cdd477ae592d37506659d 100644 (file)
--- a/server/dhcpv6.c
+++ b/server/dhcpv6.c
@@ -3188,6 +3188,8 @@ lease_compare(struct iasubopt *alpha, struct iasubopt *beta) {
                        if (alpha->hard_lifetime_end_time <
                            beta->hard_lifetime_end_time)
                                return alpha;
+                       else
+                               return beta;
 
                      default:
                        log_fatal("Impossible condition at %s:%d.", MDL);
@@ -4245,6 +4247,8 @@ prefix_compare(struct reply_state *reply,
                        if (alpha->hard_lifetime_end_time <
                            beta->hard_lifetime_end_time)
                                return alpha;
+                       else
+                               return beta;
 
                      default:
                        log_fatal("Impossible condition at %s:%d.", MDL);

diff --git a/server/failover.c b/server/failover.c
index 4e5977c27926a5c199e52878c7d62504569af931..923b41904cf5b234408e9f233b39dc345e159945 100644 (file)
--- a/server/failover.c
+++ b/server/failover.c
@@ -720,7 +720,10 @@ static isc_result_t do_a_failover_option (c, link)
 
                /* FT_DDNS* are special - one or two bytes of status
                   followed by the client FQDN. */
-               if (ft_options [option_code].type == FT_DDNS1 ||
+
+               /* Note: FT_DDNS* option support appears to be incomplete.
+                  ISC-Bugs #36996 has been opened to address this. */
+               if (ft_options [option_code].type == FT_DDNS ||
                    ft_options [option_code].type == FT_DDNS1) {
                        ddns_fqdn_t *ddns =
                                ((ddns_fqdn_t *)
@@ -2248,6 +2251,8 @@ isc_result_t dhcp_failover_peer_state_changed (dhcp_failover_state_t *state,
                switch (new_state) {
                      case recover_done:
                        log_error("Both servers have entered recover-done!");
+                       /* Fall through and tranistion to normal anyway */
+
                      case normal:
                        dhcp_failover_set_state (state, normal);
                        break;