From: Vladimír Čunát <vladimir.cunat@nic.cz>
Date: Fri, 13 Sep 2024 08:24:31 +0000 (+0200)
Subject: daemon/session2: more Coverity in *wrap_after()
X-Git-Tag: v6.0.9~15^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0cdbeb51b52bf0325626ffe88d1e851231b8b7e9;p=thirdparty%2Fknot-resolver.git

daemon/session2: more Coverity in *wrap_after()

Let's assert that we don't run over the edge.
If I look right, so far we don't use this in a way
that this could happen, and I can't see how it would make sense.
---

diff --git a/daemon/session2.c b/daemon/session2.c
index 217c06eb5..0be121fae 100644
--- a/daemon/session2.c
+++ b/daemon/session2.c
@@ -1193,8 +1193,9 @@ int session2_unwrap_after(struct session2 *s, enum protolayer_type protocol,
                           protolayer_finished_cb cb, void *baton)
 {
 	ssize_t layer_ix = session2_get_protocol(s, protocol);
-	if (layer_ix < 0)
-		return layer_ix;
+	bool ok = layer_ix >= 0 && layer_ix + 1 < protolayer_grps[s->proto].num_layers;
+	if (kr_fails_assert(ok)) // not found or "last layer"
+		return kr_error(EINVAL);
 	return session2_submit(s, PROTOLAYER_UNWRAP,
 			layer_ix + 1, payload, comm, cb, baton);
 }
@@ -1214,8 +1215,8 @@ int session2_wrap_after(struct session2 *s, enum protolayer_type protocol,
                         protolayer_finished_cb cb, void *baton)
 {
 	ssize_t layer_ix = session2_get_protocol(s, protocol);
-	if (layer_ix < 0)
-		return layer_ix;
+	if (kr_fails_assert(layer_ix > 0)) // not found or "last layer"
+		return kr_error(EINVAL);
 	return session2_submit(s, PROTOLAYER_WRAP, layer_ix - 1,
 			payload, comm, cb, baton);
 }