From: Victor Julien Date: Tue, 6 Sep 2016 08:20:38 +0000 (+0200) Subject: dns: fix coverity warning X-Git-Tag: suricata-3.1.2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bbcc22d2ad8e99e377a4d713de251d08a4cf15b2;p=thirdparty%2Fsuricata.git dns: fix coverity warning ** CID 1372324: Null pointer dereferences (FORWARD_NULL) /src/output-json-dns.c: 532 in OutputAnswer() ________________________________________________________________________________________________________ *** CID 1372324: Null pointer dereferences (FORWARD_NULL) /src/output-json-dns.c: 532 in OutputAnswer() 526 } 527 } 528 529 /* reset */ 530 MemBufferReset(aft->buffer); 531 json_object_set_new(djs, "dns", js); >>> CID 1372324: Null pointer dereferences (FORWARD_NULL) >>> Dereferencing null pointer "entry". 532 if (likely(DNSRRTypeEnabled(entry->type, aft->dnslog_ctx->flags))) { 533 OutputJSONBuffer(djs, aft->dnslog_ctx->file_ctx, &aft->buffer); 534 } 535 json_object_del(djs, "dns"); 536 537 return; Move checks to the top of the functions. Should be more efficient too. --- diff --git a/src/output-json-dns.c b/src/output-json-dns.c index 5b35949318..42fa975b35 100644 --- a/src/output-json-dns.c +++ b/src/output-json-dns.c @@ -391,6 +391,11 @@ static void LogQuery(LogDnsLogThread *aft, json_t *js, DNSTransaction *tx, { SCLogDebug("got a DNS request and now logging !!"); + if (entry != NULL && + !DNSRRTypeEnabled(entry->type, aft->dnslog_ctx->flags)) { + return; + } + json_t *djs = json_object(); if (djs == NULL) { return; @@ -423,14 +428,17 @@ static void LogQuery(LogDnsLogThread *aft, json_t *js, DNSTransaction *tx, /* dns */ json_object_set_new(js, "dns", djs); - if (likely(DNSRRTypeEnabled(entry->type, aft->dnslog_ctx->flags))) { - OutputJSONBuffer(js, aft->dnslog_ctx->file_ctx, &aft->buffer); - } + OutputJSONBuffer(js, aft->dnslog_ctx->file_ctx, &aft->buffer); json_object_del(js, "dns"); } static void OutputAnswer(LogDnsLogThread *aft, json_t *djs, DNSTransaction *tx, DNSAnswerEntry *entry) { + if (entry != NULL && + !DNSRRTypeEnabled(entry->type, aft->dnslog_ctx->flags)) { + return; + } + json_t *js = json_object(); if (js == NULL) return; @@ -529,9 +537,7 @@ static void OutputAnswer(LogDnsLogThread *aft, json_t *djs, DNSTransaction *tx, /* reset */ MemBufferReset(aft->buffer); json_object_set_new(djs, "dns", js); - if (likely(DNSRRTypeEnabled(entry->type, aft->dnslog_ctx->flags))) { - OutputJSONBuffer(djs, aft->dnslog_ctx->file_ctx, &aft->buffer); - } + OutputJSONBuffer(djs, aft->dnslog_ctx->file_ctx, &aft->buffer); json_object_del(djs, "dns"); return; @@ -539,6 +545,11 @@ static void OutputAnswer(LogDnsLogThread *aft, json_t *djs, DNSTransaction *tx, static void OutputFailure(LogDnsLogThread *aft, json_t *djs, DNSTransaction *tx, DNSQueryEntry *entry) { + if (entry != NULL && + !DNSRRTypeEnabled(entry->type, aft->dnslog_ctx->flags)) { + return; + } + json_t *js = json_object(); if (js == NULL) return; @@ -565,9 +576,7 @@ static void OutputFailure(LogDnsLogThread *aft, json_t *djs, DNSTransaction *tx, /* reset */ MemBufferReset(aft->buffer); json_object_set_new(djs, "dns", js); - if (likely(DNSRRTypeEnabled(entry->type, aft->dnslog_ctx->flags))) { - OutputJSONBuffer(djs, aft->dnslog_ctx->file_ctx, &aft->buffer); - } + OutputJSONBuffer(djs, aft->dnslog_ctx->file_ctx, &aft->buffer); json_object_del(djs, "dns"); return;