rec: fix time_t truncation warnings from coverity by annotating them.

Mostly they are due to DNS using 32-bit timestamps.

diff --git a/pdns/axfr-retriever.cc b/pdns/axfr-retriever.cc
index ce67f06384b236829d7a957e650390c56724b255..47a909618b7eca412795b160aa4c6bf0bba00426 100644 (file)
--- a/pdns/axfr-retriever.cc
+++ b/pdns/axfr-retriever.cc
@@ -175,7 +175,8 @@ void AXFRRetriever::timeoutReadn(uint16_t bytes, uint16_t timeoutsec)
   int n=0;
   int numread;
   while(n<bytes) {
-    int res=waitForData(d_sock, timeoutsec-(time(nullptr)-start));
+    // coverity[store_truncates_time_t]
+    int res=waitForData(d_sock, timeoutsec - (time(nullptr) - start));
     if(res<0)
       throw ResolverException("Reading data from remote nameserver over TCP: "+stringerror());
     if(!res)

diff --git a/pdns/ixfr.cc b/pdns/ixfr.cc
index 28d773c2503e0f9a2a72be7455de57504b8b16f0..f2a6bcf7c4ef22003461753d7d7fc2492176ae7f 100644 (file)
--- a/pdns/ixfr.cc
+++ b/pdns/ixfr.cc
@@ -185,6 +185,7 @@ vector<pair<vector<DNSRecord>, vector<DNSRecord>>> getIXFRDeltas(const ComboAddr
   s.connect(primary, xfrTimeout);
 
   time_t elapsed = timeoutChecker();
+  // coverity[store_truncates_time_t]
   s.writenWithTimeout(msg.data(), msg.size(), xfrTimeout - elapsed);
 
   // CURRENT PRIMARY SOA

diff --git a/pdns/recursordist/aggressive_nsec.cc b/pdns/recursordist/aggressive_nsec.cc
index b419f5ef2548810c54f22800341cfc83196ab490..f31d2a7704ef1a1c3de7c21527f4064bb3a0d263 100644 (file)
--- a/pdns/recursordist/aggressive_nsec.cc
+++ b/pdns/recursordist/aggressive_nsec.cc
@@ -505,6 +505,7 @@ bool AggressiveNSECCache::synthesizeFromNSEC3Wildcard(time_t now, const DNSName&
 
   addToRRSet(now, wcSet, wcSignatures, name, doDNSSEC, ret, DNSResourceRecord::ANSWER);
   /* no need for closest encloser proof, the wildcard is there */
+  // coverity[store_truncates_time_t]
   addRecordToRRSet(nextCloser.d_owner, QType::NSEC3, nextCloser.d_ttd - now, nextCloser.d_record, nextCloser.d_signatures, doDNSSEC, ret);
   /* and of course we won't deny the wildcard either */
 
@@ -527,6 +528,7 @@ bool AggressiveNSECCache::synthesizeFromNSECWildcard(time_t now, const DNSName&
   }
 
   addToRRSet(now, wcSet, wcSignatures, name, doDNSSEC, ret, DNSResourceRecord::ANSWER);
+  // coverity[store_truncates_time_t]
   addRecordToRRSet(nsec.d_owner, QType::NSEC, nsec.d_ttd - now, nsec.d_record, nsec.d_signatures, doDNSSEC, ret);
 
   VLOG(log, name << ": Synthesized valid answer from NSECs and wildcard!" << endl);
@@ -752,6 +754,7 @@ bool AggressiveNSECCache::getNSEC3Denial(time_t now, std::shared_ptr<LockGuarded
     addRecordToRRSet(nextCloserEntry.d_owner, QType::NSEC3, nextCloserEntry.d_ttd - now, nextCloserEntry.d_record, nextCloserEntry.d_signatures, doDNSSEC, ret);
   }
   if (wcEntry.d_owner != closestNSEC3.d_owner && wcEntry.d_owner != nextCloserEntry.d_owner) {
+    // coverity[store_truncates_time_t]
     addRecordToRRSet(wcEntry.d_owner, QType::NSEC3, wcEntry.d_ttd - now, wcEntry.d_record, wcEntry.d_signatures, doDNSSEC, ret);
   }
 
@@ -884,6 +887,7 @@ bool AggressiveNSECCache::getDenial(time_t now, const DNSName& name, const QType
   addRecordToRRSet(entry.d_owner, QType::NSEC, entry.d_ttd - now, entry.d_record, entry.d_signatures, doDNSSEC, ret);
 
   if (needWildcard) {
+    // coverity[store_truncates_time_t]
     addRecordToRRSet(wcEntry.d_owner, QType::NSEC, wcEntry.d_ttd - now, wcEntry.d_record, wcEntry.d_signatures, doDNSSEC, ret);
   }
 

diff --git a/pdns/recursordist/rec-zonetocache.cc b/pdns/recursordist/rec-zonetocache.cc
index 32bae21b5a0fe9a4f524d75fc7c8e49d442f93c3..a8692a987833eee213108907bc9c29035e0276b4 100644 (file)
--- a/pdns/recursordist/rec-zonetocache.cc
+++ b/pdns/recursordist/rec-zonetocache.cc
@@ -152,6 +152,7 @@ pdns::ZoneMD::Result ZoneData::getByAXFR(const RecZoneToCache::Config& config, p
   time_t axfrStart = time(nullptr);
   time_t axfrNow = time(nullptr);
 
+  // coverity[store_truncates_time_t]
   while (axfr.getChunk(nop, &chunk, (axfrStart + axfrTimeout - axfrNow)) != 0) {
     for (auto& dnsRecord : chunk) {
       if (config.d_zonemd != pdns::ZoneMD::Config::Ignore) {

diff --git a/pdns/recursordist/rec_channel.cc b/pdns/recursordist/rec_channel.cc
index 7cc46b8bebebb1ea191ba4307feb0970b5f2479b..3d78cd96c14a21c556fda68cb207eec1e61afa79 100644 (file)
--- a/pdns/recursordist/rec_channel.cc
+++ b/pdns/recursordist/rec_channel.cc
@@ -159,6 +159,7 @@ static void waitForRead(int fd, unsigned int timeout, time_t start)
   if (elapsed >= timeout) {
     throw PDNSException("Timeout waiting for control channel data");
   }
+  // coverity[store_truncates_time_t]
   int ret = waitForData(fd, timeout - elapsed, 0);
   if (ret == 0) {
     throw PDNSException("Timeout waiting for control channel data");

diff --git a/pdns/recursordist/recpacketcache.cc b/pdns/recursordist/recpacketcache.cc
index 0b54090e058a9e7b28ec86ca7bce677d562d2789..c372ee186221887dde67fff030d8e17b277da1e6 100644 (file)
--- a/pdns/recursordist/recpacketcache.cc
+++ b/pdns/recursordist/recpacketcache.cc
@@ -123,6 +123,7 @@ bool RecursorPacketCache::checkResponseMatches(MapCombo::LockedContent& shard, s
     }
 
     if (now < iter->d_ttd) { // it is right, it is fresh!
+      // coverity[store_truncates_time_t]
       *age = static_cast<uint32_t>(now - iter->d_creation);
       // we know ttl is > 0
       auto ttl = static_cast<uint32_t>(iter->d_ttd - now);

diff --git a/pdns/recursordist/recursor_cache.cc b/pdns/recursordist/recursor_cache.cc
index 95cfdc1658a2f5b4972289e8176b94f1ffe04cd3..fd40434011916e582ac6a125c35c292b922f9717 100644 (file)
--- a/pdns/recursordist/recursor_cache.cc
+++ b/pdns/recursordist/recursor_cache.cc
@@ -606,6 +606,7 @@ void MemRecursorCache::replace(time_t now, const DNSName& qname, const QType qty
        prior to calling this function, so the TTL actually holds a TTD. */
     cacheEntry.d_ttd = min(maxTTD, static_cast<time_t>(record.d_ttl)); // XXX this does weird things if TTLs differ in the set
 
+    // coverity[store_truncates_time_t]
     cacheEntry.d_orig_ttl = cacheEntry.d_ttd - ttl_time;
     // Even though we record the time the ttd was computed, there still seems to be a case where the computed
     // d_orig_ttl can wrap.
@@ -707,6 +708,7 @@ bool MemRecursorCache::doAgeCache(time_t now, const DNSName& name, const QType q
     return false; // would be dead anyhow
   }
 
+  // coverity[store_truncates_time_t]
   auto maxTTL = static_cast<uint32_t>(cacheEntry.d_ttd - now);
   if (maxTTL > newTTL) {
     lockedShard->d_cachecachevalid = false;

diff --git a/pdns/recursordist/reczones-helpers.cc b/pdns/recursordist/reczones-helpers.cc
index 12770b636d51a4fdb4793bf3b05c43e80b14dc1a..2326054f3f6d5fa67b3dbfb1d84328d0ab8f5aa2 100644 (file)
--- a/pdns/recursordist/reczones-helpers.cc
+++ b/pdns/recursordist/reczones-helpers.cc
@@ -133,6 +133,7 @@ void putDefaultHintsIntoCache(time_t now, std::vector<DNSRecord>& nsvec)
   arr.d_type = QType::A;
   aaaarr.d_type = QType::AAAA;
   nsrr.d_type = QType::NS;
+  // coverity[store_truncates_time_t]
   arr.d_ttl = aaaarr.d_ttl = nsrr.d_ttl = now + 3600000;
 
   string templ = "a.root-servers.net.";

diff --git a/pdns/recursordist/rpzloader.cc b/pdns/recursordist/rpzloader.cc
index 9ebae34c21741bc1c72999dd3dad14f55c3e31f4..62368bb519d4ed74cba558166a91d75447029c99 100644 (file)
--- a/pdns/recursordist/rpzloader.cc
+++ b/pdns/recursordist/rpzloader.cc
@@ -217,6 +217,7 @@ static shared_ptr<const SOARecordContent> loadRPZFromServer(Logr::log_t plogger,
   time_t axfrStart = time(nullptr);
   time_t axfrNow = time(nullptr);
   shared_ptr<const SOARecordContent> sr;
+  // coverity[store_truncates_time_t]
   while (axfr.getChunk(nop, &chunk, (axfrStart + axfrTimeout - axfrNow))) {
     for (auto& dr : chunk) {
       if (dr.d_type == QType::NS || dr.d_type == QType::TSIG) {

diff --git a/pdns/recursordist/syncres.cc b/pdns/recursordist/syncres.cc
index 9f2964fffb823b516a6def96b5c362a836d8210c..0e9fdc0a2bc686109ad261c09c125fe74a309a58 100644 (file)
--- a/pdns/recursordist/syncres.cc
+++ b/pdns/recursordist/syncres.cc
@@ -3130,6 +3130,7 @@ static uint32_t getRRSIGTTL(const time_t now, const std::shared_ptr<const RRSIGR
 {
   uint32_t res = 0;
   if (now < rrsig->d_sigexpire) {
+    // coverity[store_truncates_time_t]
     res = static_cast<uint32_t>(rrsig->d_sigexpire) - now;
   }
   return res;

diff --git a/pdns/unix_utility.cc b/pdns/unix_utility.cc
index 60a15d9eecb3eabba37ebdea72850ae9a6675747..c58bf404221cd97cf42289459ff9bddbe38f5874 100644 (file)
--- a/pdns/unix_utility.cc
+++ b/pdns/unix_utility.cc
@@ -274,6 +274,7 @@ time_t Utility::timegm(struct tm *const t)
 
   /* day is now the number of days since 'Jan 1 1970' */
   i = 7;
+  // coverity[store_truncates_time_t]
   t->tm_wday = (day + 4) % i;                        /* Sunday=0, Monday=1, ..., Saturday=6 */
 
   i = 24;