From: W.C.A. Wijngaards Date: Tue, 19 Nov 2019 11:10:03 +0000 (+0100) Subject: - Fixes to please lint checks. X-Git-Tag: release-1.9.6rc1~66 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=79a6e9fbe2017848281d39f6b5e93e4ab3b7027e;p=thirdparty%2Funbound.git - Fixes to please lint checks. --- diff --git a/daemon/worker.c b/daemon/worker.c index 263fcddfe..2d592e552 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -1562,7 +1562,8 @@ send_reply_rc: #endif if(worker->env.cfg->log_replies) { - struct timeval tv = {0, 0}; + struct timeval tv; + memset(&tv, 0, sizeof(tv)); if(qinfo.local_alias && qinfo.local_alias->rrset && qinfo.local_alias->rrset->rk.dname) { /* log original qname, before the local alias was diff --git a/dns64/dns64.c b/dns64/dns64.c index f2834da2b..4b3c6cee5 100644 --- a/dns64/dns64.c +++ b/dns64/dns64.c @@ -195,12 +195,14 @@ uitoa(unsigned n, char* s) * address. */ static uint32_t -extract_ipv4(const uint8_t ipv6[16], const int offset) +extract_ipv4(const uint8_t ipv6[], size_t ipv6_len, const int offset) { - uint32_t ipv4 = (uint32_t)ipv6[offset/8+0] << (24 + (offset%8)) - | (uint32_t)ipv6[offset/8+1] << (16 + (offset%8)) - | (uint32_t)ipv6[offset/8+2] << ( 8 + (offset%8)) - | (uint32_t)ipv6[offset/8+3] << ( 0 + (offset%8)); + uint32_t ipv4; + log_assert(ipv6_len == 16); (void)ipv6_len; + ipv4 = (uint32_t)ipv6[offset/8+0] << (24 + (offset%8)) + | (uint32_t)ipv6[offset/8+1] << (16 + (offset%8)) + | (uint32_t)ipv6[offset/8+2] << ( 8 + (offset%8)) + | (uint32_t)ipv6[offset/8+3] << ( 0 + (offset%8)); if (offset/8+4 < 16) ipv4 |= (uint32_t)ipv6[offset/8+4] >> (8 - offset%8); return ipv4; @@ -218,7 +220,7 @@ extract_ipv4(const uint8_t ipv6[16], const int offset) * \return The number of characters written. */ static size_t -ipv4_to_ptr(uint32_t ipv4, char ptr[MAX_PTR_QNAME_IPV4]) +ipv4_to_ptr(uint32_t ipv4, char ptr[], size_t nm_len) { static const char IPV4_PTR_SUFFIX[] = "\07in-addr\04arpa"; int i; @@ -227,9 +229,11 @@ ipv4_to_ptr(uint32_t ipv4, char ptr[MAX_PTR_QNAME_IPV4]) for (i = 0; i < 4; ++i) { *c = uitoa((unsigned int)(ipv4 % 256), c + 1); c += *c + 1; + log_assert(c < ptr+nm_len); ipv4 /= 256; } + log_assert(c + sizeof(IPV4_PTR_SUFFIX) <= ptr+nm_len); memmove(c, IPV4_PTR_SUFFIX, sizeof(IPV4_PTR_SUFFIX)); return c + sizeof(IPV4_PTR_SUFFIX) - ptr; @@ -245,9 +249,10 @@ ipv4_to_ptr(uint32_t ipv4, char ptr[MAX_PTR_QNAME_IPV4]) * \return 1 on success, 0 on failure. */ static int -ptr_to_ipv6(const char* ptr, uint8_t ipv6[16]) +ptr_to_ipv6(const char* ptr, uint8_t ipv6[], size_t ipv6_len) { int i; + log_assert(ipv6_len == 16); (void)ipv6_len; for (i = 0; i < 64; i++) { int x; @@ -280,9 +285,12 @@ ptr_to_ipv6(const char* ptr, uint8_t ipv6[16]) * \param aaaa IPv6 address. The result will be written here. */ static void -synthesize_aaaa(const uint8_t prefix_addr[16], int prefix_net, - const uint8_t a[4], uint8_t aaaa[16]) +synthesize_aaaa(const uint8_t prefix_addr[], size_t prefix_addr_len, + int prefix_net, const uint8_t a[], size_t a_len, uint8_t aaaa[], + size_t aaaa_len) { + log_assert(prefix_addr_len == 16 && a_len == 4 && aaaa_len == 16); + (void)prefix_addr_len; (void)a_len; (void)aaaa_len; memcpy(aaaa, prefix_addr, 16); aaaa[prefix_net/8+0] |= a[0] >> (0+prefix_net%8); aaaa[prefix_net/8+1] |= a[0] << (8-prefix_net%8); @@ -447,7 +455,8 @@ handle_ipv6_ptr(struct module_qstate* qstate, int id) /* Convert the PTR query string to an IPv6 address. */ memset(&sin6, 0, sizeof(sin6)); sin6.sin6_family = AF_INET6; - if (!ptr_to_ipv6((char*)qstate->qinfo.qname, sin6.sin6_addr.s6_addr)) + if (!ptr_to_ipv6((char*)qstate->qinfo.qname, sin6.sin6_addr.s6_addr, + sizeof(sin6.sin6_addr.s6_addr))) return module_wait_module; /* Let other module handle this. */ /* @@ -470,7 +479,8 @@ handle_ipv6_ptr(struct module_qstate* qstate, int id) if (!(qinfo.qname = regional_alloc(qstate->region, MAX_PTR_QNAME_IPV4))) return module_error; qinfo.qname_len = ipv4_to_ptr(extract_ipv4(sin6.sin6_addr.s6_addr, - dns64_env->prefix_net), (char*)qinfo.qname); + sizeof(sin6.sin6_addr.s6_addr), dns64_env->prefix_net), + (char*)qinfo.qname, MAX_PTR_QNAME_IPV4); /* Create the new sub-query. */ fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub)); @@ -740,8 +750,10 @@ dns64_synth_aaaa_data(const struct ub_packed_rrset_key* fk, dd->rr_data[i][1] = 16; synthesize_aaaa( ((struct sockaddr_in6*)&dns64_env->prefix_addr)->sin6_addr.s6_addr, + sizeof(((struct sockaddr_in6*)&dns64_env->prefix_addr)->sin6_addr.s6_addr), dns64_env->prefix_net, &fd->rr_data[i][2], - &dd->rr_data[i][2] ); + fd->rr_len[i]-2, &dd->rr_data[i][2], + dd->rr_len[i]-2); dd->rr_ttl[i] = fd->rr_ttl[i]; } diff --git a/doc/Changelog b/doc/Changelog index 8debaf4a9..7a6900929 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -2,6 +2,7 @@ - Fix CVE-2019-18934, shell execution in ipsecmod. - 1.9.5 is 1.9.4 with bugfix, trunk is 1.9.6 in development. - Fix authzone printout buffer length check. + - Fixes to please lint checks. 18 November 2019: Wouter - In unbound-host use separate variable for get_option to please diff --git a/smallapp/unbound-anchor.c b/smallapp/unbound-anchor.c index 817cf6927..c8258f130 100644 --- a/smallapp/unbound-anchor.c +++ b/smallapp/unbound-anchor.c @@ -355,7 +355,7 @@ read_cert_bio(BIO* bio) exit(0); } while(!BIO_eof(bio)) { - X509* x = PEM_read_bio_X509(bio, NULL, 0, NULL); + X509* x = PEM_read_bio_X509(bio, NULL, NULL, NULL); if(x == NULL) { if(verb) { printf("failed to read X509\n"); @@ -396,7 +396,7 @@ read_cert_file(const char* file) return NULL; } while(!feof(in)) { - X509* x = PEM_read_X509(in, NULL, 0, NULL); + X509* x = PEM_read_X509(in, NULL, NULL, NULL); if(x == NULL) { if(verb) { printf("failed to read X509 file\n"); @@ -943,7 +943,7 @@ read_data_chunk(SSL* ssl, size_t len) size_t got = 0; int r; char* data; - if(len >= 0xfffffff0) + if(len >= (size_t)0xfffffff0) return NULL; /* to protect against integer overflow in malloc*/ data = malloc(len+1); if(!data) { diff --git a/testcode/delayer.c b/testcode/delayer.c index 655e4a1e7..ebf883926 100644 --- a/testcode/delayer.c +++ b/testcode/delayer.c @@ -1042,7 +1042,7 @@ service(const char* bind_str, int bindport, const char* serv_str, } i=0; if(bindport == 0) { - bindport = 1024 + arc4random()%64000; + bindport = 1024 + ((int)arc4random())%64000; i = 100; } while(1) { @@ -1058,7 +1058,7 @@ service(const char* bind_str, int bindport, const char* serv_str, #endif if(i--==0) fatal_exit("cannot bind any port"); - bindport = 1024 + arc4random()%64000; + bindport = 1024 + ((int)arc4random())%64000; } else break; } fd_set_nonblock(s); diff --git a/testcode/mini_tdir.sh b/testcode/mini_tdir.sh index 96745515e..5f02b0862 100755 --- a/testcode/mini_tdir.sh +++ b/testcode/mini_tdir.sh @@ -119,7 +119,11 @@ fi # Copy echo "minitdir copy $1 to $dir" mkdir $dir +if cp --help 2>&1 | grep -- "-a" >/dev/null; then cp -a $name.tdir/* $dir/ +else +cp -R $name.tdir/* $dir/ +fi cd $dir # EXE diff --git a/testcode/streamtcp.c b/testcode/streamtcp.c index 64a169f8b..65ea8d4bc 100644 --- a/testcode/streamtcp.c +++ b/testcode/streamtcp.c @@ -314,7 +314,7 @@ static int get_random(void) if (RAND_bytes((unsigned char*)&r, (int)sizeof(r)) == 1) { return r; } - return arc4random(); + return (int)arc4random(); } /** send the TCP queries and print answers */ diff --git a/util/shm_side/shm_main.c b/util/shm_side/shm_main.c index a783c099b..374dd7fd8 100644 --- a/util/shm_side/shm_main.c +++ b/util/shm_side/shm_main.c @@ -223,8 +223,10 @@ void shm_main_run(struct worker *worker) struct ub_stats_info *stat_info; int offset; +#ifndef S_SPLINT_S verbose(VERB_DETAIL, "SHM run - worker [%d] - daemon [%p] - timenow(%u) - timeboot(%u)", worker->thread_num, worker->daemon, (unsigned)worker->env.now_tv->tv_sec, (unsigned)worker->daemon->time_boot.tv_sec); +#endif offset = worker->thread_num + 1; stat_total = worker->daemon->shm_info->ptr_arr; @@ -240,9 +242,11 @@ void shm_main_run(struct worker *worker) memset(stat_total, 0, sizeof(struct ub_stats_info)); /* Point to data into SHM */ +#ifndef S_SPLINT_S shm_stat = worker->daemon->shm_info->ptr_ctl; shm_stat->time.now_sec = (long long)worker->env.now_tv->tv_sec; shm_stat->time.now_usec = (long long)worker->env.now_tv->tv_usec; +#endif stat_timeval_subtract(&shm_stat->time.up_sec, &shm_stat->time.up_usec, worker->env.now_tv, &worker->daemon->time_boot); stat_timeval_subtract(&shm_stat->time.elapsed_sec, &shm_stat->time.elapsed_usec, worker->env.now_tv, &worker->daemon->time_last_stat); diff --git a/util/ub_event.c b/util/ub_event.c index e097fbc40..9af476ad4 100644 --- a/util/ub_event.c +++ b/util/ub_event.c @@ -458,7 +458,9 @@ void ub_comm_base_now(struct comm_base* cb) if(gettimeofday(tv, NULL) < 0) { log_err("gettimeofday: %s", strerror(errno)); } +#ifndef S_SPLINT_S *tt = tv->tv_sec; +#endif #endif /* USE_MINI_EVENT */ } diff --git a/util/ub_event_pluggable.c b/util/ub_event_pluggable.c index 4a9451263..235bba6ba 100644 --- a/util/ub_event_pluggable.c +++ b/util/ub_event_pluggable.c @@ -453,7 +453,7 @@ ub_get_event_sys(struct ub_event_base* ub_base, const char** n, const char** s, * ub_base is guaranteed to exist and to be the default * event base. */ - assert(b); + assert(b != NULL); *n = "pluggable-event"; *s = event_get_version(); # if defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP) @@ -687,6 +687,8 @@ void ub_comm_base_now(struct comm_base* cb) if(gettimeofday(tv, NULL) < 0) { log_err("gettimeofday: %s", strerror(errno)); } +#ifndef S_SPLINT_S *tt = tv->tv_sec; +#endif }