From: Mark Andrews <marka@isc.org>
Date: Mon, 17 Feb 2020 22:40:21 +0000 (+1100)
Subject: Simplify hash computation to prevent pointer being classed as tainted.
X-Git-Tag: v9.17.1~92^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8c983a7ebd562f9e45a2b8ca623167b179bfd98f;p=thirdparty%2Fbind9.git

Simplify hash computation to prevent pointer being classed as tainted.

mem.c:add_trace_entry() -> isc_hash_function() -> isc_siphash24()

129        for (; in != end; in += 8) {

	6. byte_swapping: Performing a byte swapping operation on
	in implies that it came from an external source, and is
	therefore tainted.

130                uint64_t m = U8TO64_LE(in);
---

diff --git a/lib/isc/mem.c b/lib/isc/mem.c
index 9a339b06c97..5e4b3d10046 100644
--- a/lib/isc/mem.c
+++ b/lib/isc/mem.c
@@ -272,7 +272,15 @@ add_trace_entry(isc__mem_t *mctx, const void *ptr, size_t size FLARG) {
 		return;
 	}
 
+#ifdef __COVERITY__
+	/*
+	 * Use simple conversion from pointer to hash to avoid
+	 * tainting 'ptr' due to byte swap in isc_hash_function.
+	 */
+	hash = (uintptr_t)ptr >> 3;
+#else
 	hash = isc_hash_function(&ptr, sizeof(ptr), true);
+#endif
 	idx = hash % DEBUG_TABLE_COUNT;
 
 	dl = malloc(sizeof(debuglink_t));
@@ -308,7 +316,15 @@ delete_trace_entry(isc__mem_t *mctx, const void *ptr, size_t size,
 		return;
 	}
 
+#ifdef __COVERITY__
+	/*
+	 * Use simple conversion from pointer to hash to avoid
+	 * tainting 'ptr' due to byte swap in isc_hash_function.
+	 */
+	hash = (uintptr_t)ptr >> 3;
+#else
 	hash = isc_hash_function(&ptr, sizeof(ptr), true);
+#endif
 	idx = hash % DEBUG_TABLE_COUNT;
 
 	dl = ISC_LIST_HEAD(mctx->debuglist[idx]);