Fix several issues reported by coverity

diff --git a/pdns/iputils.hh b/pdns/iputils.hh
index e15d26a9547295e8627a4e27d606b93d9e147c6c..e2b9741f69fd4adfb0ea2c10c4739f2b02a7392c 100644 (file)
--- a/pdns/iputils.hh
+++ b/pdns/iputils.hh
@@ -657,7 +657,7 @@ public:
       }
       if (node) {
         for(auto it = _nodes.begin(); it != _nodes.end(); it++)
-           if (node->node4.get() == *it) _nodes.erase(it);
+           if (node->node6.get() == *it) _nodes.erase(it);
         node->node6.reset();
       }
     }

diff --git a/pdns/lua-pdns.cc b/pdns/lua-pdns.cc
index 22eaaacf2f8ab79476e83a6c37f4e2fa6f183cfb..879d0c1a5e4efbe6bd18db130b8c5e1c3983ad0d 100644 (file)
--- a/pdns/lua-pdns.cc
+++ b/pdns/lua-pdns.cc
@@ -230,7 +230,7 @@ void popResourceRecordsTable(lua_State *lua, const DNSName &query, vector<DNSRec
     if(!getFromTable(lua, "qclass", tmpnum))
       rr.d_class = QClass::IN;
     else {
-      rr.d_class = static_cast<DNSResourceRecord::Place>(tmpnum);
+      rr.d_class = tmpnum;
     }
 
 

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 83991f7c97185587894154afd2fd9a315a84abf5..42f2e239cad410bbf32b3f47c88e223971fc99e6 100644 (file)
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -945,7 +945,7 @@ void startDoResolve(void *p)
       g_stats.answersSlow++;
 
     uint64_t newLat=(uint64_t)(spent*1000000);
-    newLat = min(newLat,(uint64_t)(g_networkTimeoutMsec*1000)); // outliers of several minutes exist..
+    newLat = min(newLat,(uint64_t)(((uint64_t) g_networkTimeoutMsec)*1000)); // outliers of several minutes exist..
     g_stats.avgLatencyUsec=(1-1.0/g_latencyStatSize)*g_stats.avgLatencyUsec + (float)newLat/g_latencyStatSize;
     // no worries, we do this for packet cache hits elsewhere
     //    cout<<dc->d_mdp.d_qname<<"\t"<<MT->getUsec()<<"\t"<<sr.d_outqueries<<endl;
@@ -1005,7 +1005,7 @@ void handleRunningTCPQuestion(int fd, FDMultiplexer::funcparam_t& var)
   shared_ptr<TCPConnection> conn=any_cast<shared_ptr<TCPConnection> >(var);
 
   if(conn->state==TCPConnection::BYTE0) {
-    int bytes=recv(conn->getFD(), conn->data, 2, 0);
+    ssize_t bytes=recv(conn->getFD(), conn->data, 2, 0);
     if(bytes==1)
       conn->state=TCPConnection::BYTE1;
     if(bytes==2) {
@@ -1019,7 +1019,7 @@ void handleRunningTCPQuestion(int fd, FDMultiplexer::funcparam_t& var)
     }
   }
   else if(conn->state==TCPConnection::BYTE1) {
-    int bytes=recv(conn->getFD(), conn->data+1, 1, 0);
+    ssize_t bytes=recv(conn->getFD(), conn->data+1, 1, 0);
     if(bytes==1) {
       conn->state=TCPConnection::GETQUESTION;
       conn->qlen=(((unsigned char)conn->data[0]) << 8)+ (unsigned char)conn->data[1];
@@ -1033,13 +1033,13 @@ void handleRunningTCPQuestion(int fd, FDMultiplexer::funcparam_t& var)
     }
   }
   else if(conn->state==TCPConnection::GETQUESTION) {
-    int bytes=recv(conn->getFD(), conn->data + conn->bytesread, conn->qlen - conn->bytesread, 0);
-    if(!bytes || bytes < 0) {
+    ssize_t bytes=recv(conn->getFD(), conn->data + conn->bytesread, conn->qlen - conn->bytesread, 0);
+    if(!bytes || bytes < 0 || bytes > UINT16_MAX) {
       L<<Logger::Error<<"TCP client "<< conn->d_remote.toString() <<" disconnected while reading question body"<<endl;
       t_fdm->removeReadFD(fd);
       return;
     }
-    conn->bytesread+=bytes;
+    conn->bytesread+=(uint16_t)bytes;
     if(conn->bytesread==conn->qlen) {
       t_fdm->removeReadFD(fd); // should no longer awake ourselves when there is data to read
 
@@ -1085,7 +1085,7 @@ void handleNewTCPQuestion(int fd, FDMultiplexer::funcparam_t& )
   ComboAddress addr;
   socklen_t addrlen=sizeof(addr);
   int newsock=(int)accept(fd, (struct sockaddr*)&addr, &addrlen);
-  if(newsock>0) {
+  if(newsock>=0) {
     if(MT->numProcesses() > g_maxMThreads) {
       g_stats.overCapacityDrops++;
       closesocket(newsock);
@@ -1639,8 +1639,10 @@ void broadcastFunction(const pipefunc_t& func, bool skipSelf)
     ThreadMSG* tmsg = new ThreadMSG();
     tmsg->func = func;
     tmsg->wantAnswer = true;
-    if(write(tps.writeToThread, &tmsg, sizeof(tmsg)) != sizeof(tmsg))
+    if(write(tps.writeToThread, &tmsg, sizeof(tmsg)) != sizeof(tmsg)) {
+      delete tmsg;
       unixDie("write to thread pipe returned wrong size or error");
+    }
 
     string* resp;
     if(read(tps.readFromThread, &resp, sizeof(resp)) != sizeof(resp))
@@ -1668,8 +1670,10 @@ void distributeAsyncFunction(const string& packet, const pipefunc_t& func)
   tmsg->func = func;
   tmsg->wantAnswer = false;
 
-  if(write(tps.writeToThread, &tmsg, sizeof(tmsg)) != sizeof(tmsg))
+  if(write(tps.writeToThread, &tmsg, sizeof(tmsg)) != sizeof(tmsg)) {
+    delete tmsg;
     unixDie("write to thread pipe returned wrong size or error");
+  }
 }
 
 void handlePipeRequest(int fd, FDMultiplexer::funcparam_t& var)
@@ -1743,9 +1747,10 @@ template<class T> T broadcastAccFunction(const boost::function<T*()>& func, bool
     tmsg->func = boost::bind(voider<T>, func);
     tmsg->wantAnswer = true;
 
-    if(write(tps.writeToThread, &tmsg, sizeof(tmsg)) != sizeof(tmsg))
+    if(write(tps.writeToThread, &tmsg, sizeof(tmsg)) != sizeof(tmsg)) {
+      delete tmsg;
       unixDie("write to thread pipe returned wrong size or error");
-
+    }
 
     T* resp;
     if(read(tps.readFromThread, &resp, sizeof(resp)) != sizeof(resp))

diff --git a/pdns/pubsuffix.hh b/pdns/pubsuffix.hh
index abf9570aaf43c3accd397a22fed0d8b3a091af31..a91cd12f87398bd862c378fb951c5776d62f904d 100644 (file)
--- a/pdns/pubsuffix.hh
+++ b/pdns/pubsuffix.hh
@@ -1,3 +1,3 @@
 #ifndef PDNS_PUBSUFFIX_HH
-extern const char* g_pubsuffix;
+extern const char* g_pubsuffix[];
 #endif

diff --git a/pdns/rec_channel.cc b/pdns/rec_channel.cc
index a539643e488901823d0a95e7886f5a26a6ce6204..50ddcef444295ce582ae87d3a94854a1640fc55e 100644 (file)
--- a/pdns/rec_channel.cc
+++ b/pdns/rec_channel.cc
@@ -114,7 +114,8 @@ void RecursorControlChannel::send(const std::string& msg, const std::string* rem
     memset(&remoteaddr, 0, sizeof(remoteaddr));
   
     remoteaddr.sun_family=AF_UNIX;
-    strcpy(remoteaddr.sun_path, remote->c_str());
+    strncpy(remoteaddr.sun_path, remote->c_str(), sizeof(remoteaddr.sun_path));
+    remoteaddr.sun_path[sizeof(remoteaddr.sun_path)-1] = '\0';
 
     if(::sendto(d_fd, msg.c_str(), msg.length(), 0, (struct sockaddr*) &remoteaddr, sizeof(remoteaddr) ) < 0)
       throw PDNSException("Unable to send message over control channel '"+*remote+"': "+string(strerror(errno)));

diff --git a/pdns/rec_channel_rec.cc b/pdns/rec_channel_rec.cc
index 15a33ab9a8696f1c5dfba2f9834d5f86c7c0d4e1..e1f7a4130a1982924c0053f3ec8f8d173e8119ad 100644 (file)
--- a/pdns/rec_channel_rec.cc
+++ b/pdns/rec_channel_rec.cc
@@ -776,7 +776,7 @@ namespace {
 
 void sortPublicSuffixList()
 {
-  for(const char** p=&g_pubsuffix; *p; ++p) {
+  for(const char** p=g_pubsuffix; *p; ++p) {
     string low=toLower(*p);
 
     vector<string> parts;

diff --git a/pdns/resolver.cc b/pdns/resolver.cc
index d0eafe6ecbae74dd5baf88ca259d844834b282b0..9c35d28655006f51ae2347107672965ff3244c2f 100644 (file)
--- a/pdns/resolver.cc
+++ b/pdns/resolver.cc
@@ -158,6 +158,8 @@ uint16_t Resolver::sendResolve(const ComboAddress& remote, const ComboAddress& l
     } else {
       // try to make socket
       sock = makeQuerySocket(local, true);
+      if (sock < 0)
+        throw ResolverException("Unable to create socket to "+remote.toStringWithPort()+": "+stringerror());
       setNonBlocking( sock );
       locals[lstr] = sock;
     }
@@ -385,6 +387,8 @@ AXFRRetriever::AXFRRetriever(const ComboAddress& remote,
   d_sock = -1;
   try {
     d_sock = makeQuerySocket(local, false); // make a TCP socket
+    if (d_sock < 0)
+      throw ResolverException("Error creating socket for AXFR request to "+d_remote.toStringWithPort());
     d_buf = shared_array<char>(new char[65536]);
     d_remote = remote; // mostly for error reporting
     this->connect();
@@ -430,6 +434,7 @@ AXFRRetriever::AXFRRetriever(const ComboAddress& remote,
   catch(...) {
     if(d_sock >= 0)
       close(d_sock);
+    d_sock = -1;
     throw;
   }
 }

diff --git a/pdns/syncres.hh b/pdns/syncres.hh
index 17d4ede5fea397353f0a94df8f8c5c92704e80c2..d892dd0c518236ea5e778620a3c19ca95bd25279 100644 (file)
--- a/pdns/syncres.hh
+++ b/pdns/syncres.hh
@@ -610,9 +610,9 @@ public:
   {
     return d_fd;
   }
-  enum stateenum {BYTE0, BYTE1, GETQUESTION, DONE} state;
-  int qlen;
-  int bytesread;
+  enum stateenum {BYTE0, BYTE1, GETQUESTION, DONE} state{BYTE0};
+  uint16_t qlen{0};
+  uint16_t bytesread{0};
   const ComboAddress d_remote;
   char data[65535]; // damn
 

diff --git a/pdns/validate.cc b/pdns/validate.cc
index e37933eaf59386080282f5cf1538ba96b04e5183..7714f2e09a80a9e48040b9dc95811d97edd1307b 100644 (file)
--- a/pdns/validate.cc
+++ b/pdns/validate.cc
@@ -69,7 +69,10 @@ static dState getDenial(cspmap_t &validrrsets, DNSName qname, uint16_t qtype)
         if(qtype == QType::DS && optout) return INSECURE;
       }
   }
-  dState ret;
+  /* NODATA is not really appropriate here, but we
+     just need to return something else than INSECURE.
+  */
+  dState ret = NODATA;
   return ret;
 }