From: James Jones <jejones3141@gmail.com>
Date: Wed, 3 Aug 2022 13:46:14 +0000 (-0500)
Subject: Annotate dead code false positive (CID #1504072) (#4646)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=56718521fce67d488dc00a5e9cf9a768f7a9d5b1;p=thirdparty%2Ffreeradius-server.git

Annotate dead code false positive (CID #1504072) (#4646)

Coverity doesn't see that a successful call to fr_base16_decode()
in fr_ldap_util_normalise_dn(), c will be set. Unfortunately, it
appears that each of the ten cases of the switch statement
checking for an escape sequence (other than \\) would then require
annotation.

We therefore use an array of bool const so the check for a valid
escape sequence happens in one line, needing only one annotation.
(Having done this, one might as well use it in fr_ldap_util_is_dn(),
and that is indeed done.)
---

diff --git a/src/lib/ldap/util.c b/src/lib/ldap/util.c
index 4ef649038a6..c988f0f51fb 100644
--- a/src/lib/ldap/util.c
+++ b/src/lib/ldap/util.c
@@ -35,6 +35,18 @@ USES_APPLE_DEPRECATED_API
 
 static const char specials[] = ",+\"\\<>;*=()";
 static const char hextab[] = "0123456789abcdef";
+static const bool escapes[UINT8_MAX + 1] = {
+	[' '] = true,
+	['#'] = true,
+	['='] = true,
+	['"'] = true,
+	['+'] = true,
+	[','] = true,
+	[';'] = true,
+	['<'] = true,
+	['>'] = true,
+	['\''] = true
+};
 
 /** Converts "bad" strings into ones which are safe for LDAP
  *
@@ -189,23 +201,10 @@ bool fr_ldap_util_is_dn(char const *in, size_t inlen)
 			/*
 			 *	Special, consume two chars
 			 */
-			switch (p[1]) {
-			case ' ':
-			case '#':
-			case '=':
-			case '"':
-			case '+':
-			case ',':
-			case ';':
-			case '<':
-			case '>':
-			case '\'':
+			if (escapes[(uint8_t) p[1]]) {
 				inlen -= 1;
 				p += 1;
 				continue;
-
-			default:
-				break;
 			}
 
 			/*
@@ -423,26 +422,13 @@ size_t fr_ldap_util_normalise_dn(char *out, char const *in)
 			 *	special encoding, get rewritten to the
 			 *	special encoding.
 			 */
-			if (fr_base16_decode(NULL, &FR_DBUFF_TMP((uint8_t *) &c, 1), &FR_SBUFF_IN(p + 1, 2), false) == 1) {
-				switch (c) {
-				case ' ':
-				case '#':
-				case '=':
-				case '"':
-				case '+':
-				case ',':
-				case ';':
-				case '<':
-				case '>':
-				case '\'':
-					*o++ = '\\';
-					*o++ = c;
-					p += 2;
-					continue;
-
-				default:
-					break;
-				}
+			/* coverity[dead_error_condition] */
+			if (fr_base16_decode(NULL, &FR_DBUFF_TMP((uint8_t *) &c, 1), &FR_SBUFF_IN(p + 1, 2), false) == 1 &&
+			    escapes[(uint8_t) c]) {
+				*o++ = '\\';
+				*o++ = c;
+				p += 2;
+				continue;
 			}
 		}
 		*o++ = *p;