- Fixes to please lint checks.

diff --git a/daemon/worker.c b/daemon/worker.c
index 263fcddfe9b0fe98a39fbf41e9ef025a4e859adc..2d592e5526a2f01e12e56f5aec176fad7f36a861 100644 (file)
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -1562,7 +1562,8 @@ send_reply_rc:
 #endif
        if(worker->env.cfg->log_replies)
        {
-               struct timeval tv = {0, 0};
+               struct timeval tv;
+               memset(&tv, 0, sizeof(tv));
                if(qinfo.local_alias && qinfo.local_alias->rrset &&
                        qinfo.local_alias->rrset->rk.dname) {
                        /* log original qname, before the local alias was

diff --git a/dns64/dns64.c b/dns64/dns64.c
index f2834da2bfc43d6fa048e30158831a5aa71dfc5d..4b3c6cee5b67a1e1fc8f207e9eccc6274e9484e0 100644 (file)
--- a/dns64/dns64.c
+++ b/dns64/dns64.c
@@ -195,12 +195,14 @@ uitoa(unsigned n, char* s)
  *               address.
  */
 static uint32_t
-extract_ipv4(const uint8_t ipv6[16], const int offset)
+extract_ipv4(const uint8_t ipv6[], size_t ipv6_len, const int offset)
 {
-    uint32_t ipv4 = (uint32_t)ipv6[offset/8+0] << (24 + (offset%8))
-                  | (uint32_t)ipv6[offset/8+1] << (16 + (offset%8))
-                  | (uint32_t)ipv6[offset/8+2] << ( 8 + (offset%8))
-                  | (uint32_t)ipv6[offset/8+3] << ( 0 + (offset%8));
+    uint32_t ipv4;
+    log_assert(ipv6_len == 16); (void)ipv6_len;
+    ipv4 = (uint32_t)ipv6[offset/8+0] << (24 + (offset%8))
+         | (uint32_t)ipv6[offset/8+1] << (16 + (offset%8))
+         | (uint32_t)ipv6[offset/8+2] << ( 8 + (offset%8))
+         | (uint32_t)ipv6[offset/8+3] << ( 0 + (offset%8));
     if (offset/8+4 < 16)
         ipv4 |= (uint32_t)ipv6[offset/8+4] >> (8 - offset%8);
     return ipv4;
@@ -218,7 +220,7 @@ extract_ipv4(const uint8_t ipv6[16], const int offset)
  * \return The number of characters written.
  */
 static size_t
-ipv4_to_ptr(uint32_t ipv4, char ptr[MAX_PTR_QNAME_IPV4])
+ipv4_to_ptr(uint32_t ipv4, char ptr[], size_t nm_len)
 {
     static const char IPV4_PTR_SUFFIX[] = "\07in-addr\04arpa";
     int i;
@@ -227,9 +229,11 @@ ipv4_to_ptr(uint32_t ipv4, char ptr[MAX_PTR_QNAME_IPV4])
     for (i = 0; i < 4; ++i) {
         *c = uitoa((unsigned int)(ipv4 % 256), c + 1);
         c += *c + 1;
+       log_assert(c < ptr+nm_len);
         ipv4 /= 256;
     }
 
+    log_assert(c + sizeof(IPV4_PTR_SUFFIX) <= ptr+nm_len);
     memmove(c, IPV4_PTR_SUFFIX, sizeof(IPV4_PTR_SUFFIX));
 
     return c + sizeof(IPV4_PTR_SUFFIX) - ptr;
@@ -245,9 +249,10 @@ ipv4_to_ptr(uint32_t ipv4, char ptr[MAX_PTR_QNAME_IPV4])
  * \return 1 on success, 0 on failure.
  */
 static int
-ptr_to_ipv6(const char* ptr, uint8_t ipv6[16])
+ptr_to_ipv6(const char* ptr, uint8_t ipv6[], size_t ipv6_len)
 {
     int i;
+    log_assert(ipv6_len == 16); (void)ipv6_len;
 
     for (i = 0; i < 64; i++) {
         int x;
@@ -280,9 +285,12 @@ ptr_to_ipv6(const char* ptr, uint8_t ipv6[16])
  * \param aaaa        IPv6 address. The result will be written here.
  */
 static void
-synthesize_aaaa(const uint8_t prefix_addr[16], int prefix_net,
-        const uint8_t a[4], uint8_t aaaa[16])
+synthesize_aaaa(const uint8_t prefix_addr[], size_t prefix_addr_len,
+       int prefix_net, const uint8_t a[], size_t a_len, uint8_t aaaa[],
+       size_t aaaa_len)
 {
+    log_assert(prefix_addr_len == 16 && a_len == 4 && aaaa_len == 16);
+    (void)prefix_addr_len; (void)a_len; (void)aaaa_len;
     memcpy(aaaa, prefix_addr, 16);
     aaaa[prefix_net/8+0] |= a[0] >> (0+prefix_net%8);
     aaaa[prefix_net/8+1] |= a[0] << (8-prefix_net%8);
@@ -447,7 +455,8 @@ handle_ipv6_ptr(struct module_qstate* qstate, int id)
     /* Convert the PTR query string to an IPv6 address. */
     memset(&sin6, 0, sizeof(sin6));
     sin6.sin6_family = AF_INET6;
-    if (!ptr_to_ipv6((char*)qstate->qinfo.qname, sin6.sin6_addr.s6_addr))
+    if (!ptr_to_ipv6((char*)qstate->qinfo.qname, sin6.sin6_addr.s6_addr,
+       sizeof(sin6.sin6_addr.s6_addr)))
         return module_wait_module;  /* Let other module handle this. */
 
     /*
@@ -470,7 +479,8 @@ handle_ipv6_ptr(struct module_qstate* qstate, int id)
     if (!(qinfo.qname = regional_alloc(qstate->region, MAX_PTR_QNAME_IPV4)))
         return module_error;
     qinfo.qname_len = ipv4_to_ptr(extract_ipv4(sin6.sin6_addr.s6_addr,
-                dns64_env->prefix_net), (char*)qinfo.qname);
+               sizeof(sin6.sin6_addr.s6_addr), dns64_env->prefix_net),
+               (char*)qinfo.qname, MAX_PTR_QNAME_IPV4);
 
     /* Create the new sub-query. */
     fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub));
@@ -740,8 +750,10 @@ dns64_synth_aaaa_data(const struct ub_packed_rrset_key* fk,
                dd->rr_data[i][1] = 16;
                synthesize_aaaa(
                                ((struct sockaddr_in6*)&dns64_env->prefix_addr)->sin6_addr.s6_addr,
+                               sizeof(((struct sockaddr_in6*)&dns64_env->prefix_addr)->sin6_addr.s6_addr),
                                dns64_env->prefix_net, &fd->rr_data[i][2],
-                               &dd->rr_data[i][2] );
+                               fd->rr_len[i]-2, &dd->rr_data[i][2],
+                               dd->rr_len[i]-2);
                dd->rr_ttl[i] = fd->rr_ttl[i];
        }
 

diff --git a/doc/Changelog b/doc/Changelog
index 8debaf4a9ccbfdb6f14b5ac8bc5d9e12bedc12b0..7a69009299380ec1ed0c6d6487ea7e4e4fc76b85 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -2,6 +2,7 @@
        - Fix CVE-2019-18934, shell execution in ipsecmod.
        - 1.9.5 is 1.9.4 with bugfix, trunk is 1.9.6 in development.
        - Fix authzone printout buffer length check.
+       - Fixes to please lint checks.
 
 18 November 2019: Wouter
        - In unbound-host use separate variable for get_option to please

diff --git a/smallapp/unbound-anchor.c b/smallapp/unbound-anchor.c
index 817cf69274d502facf09acf07e8e810cd2703d37..c8258f130bd0d763fd7b5eca11370e310a40b993 100644 (file)
--- a/smallapp/unbound-anchor.c
+++ b/smallapp/unbound-anchor.c
@@ -355,7 +355,7 @@ read_cert_bio(BIO* bio)
                exit(0);
        }
        while(!BIO_eof(bio)) {
-               X509* x = PEM_read_bio_X509(bio, NULL, 0, NULL);
+               X509* x = PEM_read_bio_X509(bio, NULL, NULL, NULL);
                if(x == NULL) {
                        if(verb) {
                                printf("failed to read X509\n");
@@ -396,7 +396,7 @@ read_cert_file(const char* file)
                return NULL;
        }
        while(!feof(in)) {
-               X509* x = PEM_read_X509(in, NULL, 0, NULL);
+               X509* x = PEM_read_X509(in, NULL, NULL, NULL);
                if(x == NULL) {
                        if(verb) {
                                printf("failed to read X509 file\n");
@@ -943,7 +943,7 @@ read_data_chunk(SSL* ssl, size_t len)
        size_t got = 0;
        int r;
        char* data;
-       if(len >= 0xfffffff0)
+       if(len >= (size_t)0xfffffff0)
                return NULL; /* to protect against integer overflow in malloc*/
        data = malloc(len+1);
        if(!data) {

diff --git a/testcode/delayer.c b/testcode/delayer.c
index 655e4a1e7f136f43ba123580d9f8cfe8b84898a3..ebf883926cba60e82fb0da04aebb00ea17301e19 100644 (file)
--- a/testcode/delayer.c
+++ b/testcode/delayer.c
@@ -1042,7 +1042,7 @@ service(const char* bind_str, int bindport, const char* serv_str,
        }
        i=0;
        if(bindport == 0) {
-               bindport = 1024 + arc4random()%64000;
+               bindport = 1024 + ((int)arc4random())%64000;
                i = 100;
        }
        while(1) {
@@ -1058,7 +1058,7 @@ service(const char* bind_str, int bindport, const char* serv_str,
 #endif
                        if(i--==0)
                                fatal_exit("cannot bind any port");
-                       bindport = 1024 + arc4random()%64000;
+                       bindport = 1024 + ((int)arc4random())%64000;
                } else break;
        }
        fd_set_nonblock(s);

diff --git a/testcode/mini_tdir.sh b/testcode/mini_tdir.sh
index 96745515e3e4a31be6dfaedc08bc1718a993da04..5f02b0862ee2b848a2548752128a820e9d09e27c 100755 (executable)
--- a/testcode/mini_tdir.sh
+++ b/testcode/mini_tdir.sh
@@ -119,7 +119,11 @@ fi
 # Copy
 echo "minitdir copy $1 to $dir"
 mkdir $dir
+if cp --help 2>&1 | grep -- "-a" >/dev/null; then
 cp -a $name.tdir/* $dir/
+else
+cp -R $name.tdir/* $dir/
+fi
 cd $dir
 
 # EXE

diff --git a/testcode/streamtcp.c b/testcode/streamtcp.c
index 64a169f8b118c9344e1eda09826db6fab14eaebc..65ea8d4bcae96317a190db032e625010dcaca8dd 100644 (file)
--- a/testcode/streamtcp.c
+++ b/testcode/streamtcp.c
@@ -314,7 +314,7 @@ static int get_random(void)
        if (RAND_bytes((unsigned char*)&r, (int)sizeof(r)) == 1) {
                return r;
        }
-       return arc4random();
+       return (int)arc4random();
 }
 
 /** send the TCP queries and print answers */

diff --git a/util/shm_side/shm_main.c b/util/shm_side/shm_main.c
index a783c099b5a489b0f27dfee9a3f4959f57ec0b04..374dd7fd85f454dd50fff1123f481fbec6688d74 100644 (file)
--- a/util/shm_side/shm_main.c
+++ b/util/shm_side/shm_main.c
@@ -223,8 +223,10 @@ void shm_main_run(struct worker *worker)
        struct ub_stats_info *stat_info;
        int offset;
 
+#ifndef S_SPLINT_S
        verbose(VERB_DETAIL, "SHM run - worker [%d] - daemon [%p] - timenow(%u) - timeboot(%u)",
                worker->thread_num, worker->daemon, (unsigned)worker->env.now_tv->tv_sec, (unsigned)worker->daemon->time_boot.tv_sec);
+#endif
 
        offset = worker->thread_num + 1;
        stat_total = worker->daemon->shm_info->ptr_arr;
@@ -240,9 +242,11 @@ void shm_main_run(struct worker *worker)
                memset(stat_total, 0, sizeof(struct ub_stats_info));
 
                /* Point to data into SHM */
+#ifndef S_SPLINT_S
                shm_stat = worker->daemon->shm_info->ptr_ctl;
                shm_stat->time.now_sec = (long long)worker->env.now_tv->tv_sec;
                shm_stat->time.now_usec = (long long)worker->env.now_tv->tv_usec;
+#endif
 
                stat_timeval_subtract(&shm_stat->time.up_sec, &shm_stat->time.up_usec, worker->env.now_tv, &worker->daemon->time_boot);
                stat_timeval_subtract(&shm_stat->time.elapsed_sec, &shm_stat->time.elapsed_usec, worker->env.now_tv, &worker->daemon->time_last_stat);

diff --git a/util/ub_event.c b/util/ub_event.c
index e097fbc4015883745ff0a411986bf7f94777490d..9af476ad40841f0693d5164cae4f56bb07819672 100644 (file)
--- a/util/ub_event.c
+++ b/util/ub_event.c
@@ -458,7 +458,9 @@ void ub_comm_base_now(struct comm_base* cb)
        if(gettimeofday(tv, NULL) < 0) {
                log_err("gettimeofday: %s", strerror(errno));
        }
+#ifndef S_SPLINT_S
        *tt = tv->tv_sec;
+#endif
 #endif /* USE_MINI_EVENT */
 }
 

diff --git a/util/ub_event_pluggable.c b/util/ub_event_pluggable.c
index 4a9451263b7ce047418ff28c27fd78c32f5689bd..235bba6ba7973f8e131b972e0f9906b27e6eb6fc 100644 (file)
--- a/util/ub_event_pluggable.c
+++ b/util/ub_event_pluggable.c
@@ -453,7 +453,7 @@ ub_get_event_sys(struct ub_event_base* ub_base, const char** n, const char** s,
         * ub_base is guaranteed to exist and to be the default
         * event base.
         */
-       assert(b);
+       assert(b != NULL);
        *n = "pluggable-event";
        *s = event_get_version();
 #  if defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)
@@ -687,6 +687,8 @@ void ub_comm_base_now(struct comm_base* cb)
        if(gettimeofday(tv, NULL) < 0) {
                log_err("gettimeofday: %s", strerror(errno));
        }
+#ifndef S_SPLINT_S
        *tt = tv->tv_sec;
+#endif
 }