From: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Date: Thu, 27 Feb 2020 14:43:27 +0000 (+0100)
Subject: - Fix more undefined sanitizer issues, in respip copy_rrset null
X-Git-Tag: release-1.11.0~126
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6f4818ebcbfc91705c34b354c21cff450759889e;p=thirdparty%2Funbound.git

- Fix more undefined sanitizer issues, in respip copy_rrset null
  dname, and in the client_info_compare routine for null memcmp.
---

diff --git a/doc/Changelog b/doc/Changelog
index 407c0d34d..68fd123be 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -3,6 +3,8 @@
 	  from snprintf.
 	- Fix #170: Fix gcc undefined sanitizer signed integer overflow
 	  warning in signature expiry RFC1982 serial number arithmetic.
+	- Fix more undefined sanitizer issues, in respip copy_rrset null
+	  dname, and in the client_info_compare routine for null memcmp.
 
 26 February 2020: Wouter
 	- iana portlist updated.
diff --git a/respip/respip.c b/respip/respip.c
index f504f5579..c496653c4 100644
--- a/respip/respip.c
+++ b/respip/respip.c
@@ -502,10 +502,16 @@ copy_rrset(const struct ub_packed_rrset_key* key, struct regional* region)
 	ck->entry.hash = key->entry.hash;
 	ck->entry.key = ck;
 	ck->rk = key->rk;
-	ck->rk.dname = regional_alloc_init(region, key->rk.dname,
-		key->rk.dname_len);
-	if(!ck->rk.dname)
-		return NULL;
+	if(key->rk.dname) {
+		ck->rk.dname = regional_alloc_init(region, key->rk.dname,
+			key->rk.dname_len);
+		if(!ck->rk.dname)
+			return NULL;
+		ck->rk.dname_len = key->rk.dname_len;
+	} else {
+		ck->rk.dname = NULL;
+		ck->rk.dname_len = 0;
+	}
 
 	if((unsigned)data->count >= 0xffff00U)
 		return NULL; /* guard against integer overflow in dsize */
diff --git a/services/mesh.c b/services/mesh.c
index 9114ef4c4..09c51a2be 100644
--- a/services/mesh.c
+++ b/services/mesh.c
@@ -159,16 +159,28 @@ client_info_compare(const struct respip_client_info* ci_a,
 		return 1;
 	if(ci_a->taglen != ci_b->taglen)
 		return (ci_a->taglen < ci_b->taglen) ? -1 : 1;
-	cmp = memcmp(ci_a->taglist, ci_b->taglist, ci_a->taglen);
-	if(cmp != 0)
-		return cmp;
+	if(ci_a->taglist && !ci_b->taglist)
+		return -1;
+	if(!ci_a->taglist && ci_b->taglist)
+		return 1;
+	if(ci_a->taglist && ci_b->taglist) {
+		cmp = memcmp(ci_a->taglist, ci_b->taglist, ci_a->taglen);
+		if(cmp != 0)
+			return cmp;
+	}
 	if(ci_a->tag_actions_size != ci_b->tag_actions_size)
 		return (ci_a->tag_actions_size < ci_b->tag_actions_size) ?
 			-1 : 1;
-	cmp = memcmp(ci_a->tag_actions, ci_b->tag_actions,
-		ci_a->tag_actions_size);
-	if(cmp != 0)
-		return cmp;
+	if(ci_a->tag_actions && !ci_b->tag_actions)
+		return -1;
+	if(!ci_a->tag_actions && ci_b->tag_actions)
+		return 1;
+	if(ci_a->tag_actions && ci_b->tag_actions) {
+		cmp = memcmp(ci_a->tag_actions, ci_b->tag_actions,
+			ci_a->tag_actions_size);
+		if(cmp != 0)
+			return cmp;
+	}
 	if(ci_a->tag_datas != ci_b->tag_datas)
 		return ci_a->tag_datas < ci_b->tag_datas ? -1 : 1;
 	if(ci_a->view != ci_b->view)