Tony Finch [Wed, 10 Aug 2022 12:16:24 +0000 (13:16 +0100)]
Don't link a shared library without a -rpath option
A few of the BIND9 programs have common code that is statically
linked. For example `dighost.c` is used by both `dig` and `host`.
`libdighost.la` is specified to automake in noinst_LTLIBRARIES, which
eventually becomes a libtool --mode=link invocation without a -rpath
argument.
GNU libtool interprets a link invocation without -rpath this as an
instruction to make a static library only, which agrees with the
comment in `link_fixup()` in jlibtool. But when cmd->output ==
OUT_LIB, jlibtool still tries to build a dynamic library. This fails
on my Mac; if I remove ERROR("Installation mode requires -rpath")
it links dynamically and fails at runtime.
I am not sure if jlibtool should have worked out the correct
cmd->output mode earlier, but if so the comment would be in the wrong
place.
Tony Finch [Tue, 9 Aug 2022 19:18:56 +0000 (20:18 +0100)]
More flexible library version number format
The BIND9 build system passes its complete version number to libtool
(e.g. 9.19.5-dev) which is not the format expected by jlibtool. This
change allows a wider range of punctuation between version numbers
so that jlibtool can parse out BIND's major and minor versions.
Tony Finch [Tue, 9 Aug 2022 18:02:30 +0000 (19:02 +0100)]
Discard --tag options
The BIND9 build system puts the --tag option at the start of the
libtool command-line. With jlibtool this resulted in the erroneous
command `sh -c "--tag=..."`.
The help text says that jlibtool ignores --tag; this commit changes
jlibtool to strip --tag rather than passing it through.
Alan T. DeKok [Fri, 12 Aug 2022 23:20:25 +0000 (19:20 -0400)]
rearrange code and do some cleanups
the internal functions randomly use public functions or internal
functions. Instead of making everyone try to remember what's what,
we just let them use the public functions most of the time.
It also means that if we accidentally use the public function names,
we avoid a bounce through another function call
The fr_pair_order...() functions are now only used when absolutely
necessary. Most basic used (head / prev / next / num_elements)
can just use the "public" APIs, and get the benefit of using
the internal functions
Alan T. DeKok [Fri, 12 Aug 2022 22:56:54 +0000 (18:56 -0400)]
don't call "find by index" with 0, when another API call would do
All of these calls just find the first da, so fr_pair_find_by_da()
is the better choice. The "find by index" calls shoud be used
when the index is either created at run-time, or is non-zero
James Jones [Thu, 11 Aug 2022 10:32:07 +0000 (05:32 -0500)]
Annotate uses of buffer after fr_base16_decode() (CIDs below) (#4662)
Coverity doesn't recognize that fr_base16_decode() fills in
the output buffer passed to it. (In CID 1503958, coverity
objects to the fr_base16_decode() call itself. Apparently the
buffer has to be initialized before it's initalized.)
James Jones [Tue, 9 Aug 2022 22:46:32 +0000 (17:46 -0500)]
Annotate uses of buffers that really are initialized (CIDs listed below) (#4659)
Declaring a local buffer and passing the address of a temporary
sbuff created to use it is a common idiom, but coverity doesn't
recognize when the functions called always put something in the
buffer, if only a NUL terminator. We therefore annotate the first
use of such buffers.
James Jones [Tue, 9 Aug 2022 22:27:52 +0000 (17:27 -0500)]
Make memmove() copy terminating NUL in add_dotlibs() (#4656)
To end up with buffer holding a proper NUL-terminated
string in the common cases, memmove() must move the
name string and its terminating NUL. This may be the
cause underlying CID #1504058, so that it won't need
an annotation...or not.
Alan T. DeKok [Sun, 7 Aug 2022 20:44:34 +0000 (16:44 -0400)]
add and use tmpl_rules_child_init()
which initializes a tmpl_rules_t from a parent tmpl_rules_t, and
a tmpl_t which is a structural attribute. We want to be able to
parse child attributes in the context of the parent. So that
the user doesn't have to specify the entire list
After the smoke clears, it turns out that (a == &one) is true
iff one was initialized and (b == &two) is true iff two was
initialized, so they're passed to fr_value_box_clear_value()
iff it makes sense.
Alan T. DeKok [Tue, 2 Aug 2022 13:23:12 +0000 (09:23 -0400)]
allow for NULL RHS rules when parsing CONF_PAIR
in which case it tries to figure out the context of the RHS
from the LHS. Since the caller has no idea what the LHS is, the
caller can't set the correct context.
This functionality is needed for things like TLVs and structs,
where the RHS must be contained within the LHS.
1503922, 1503986
Honest, you don't want the NUL terminator in the
FILE open_buffer_as_file() (or more accurately,
fmemopen()) creates. 1503983
curl_escape() call; if you pass 0 for length, the
function itself will call strlen() to determine length.
James Jones [Wed, 3 Aug 2022 13:46:14 +0000 (08:46 -0500)]
Annotate dead code false positive (CID #1504072) (#4646)
Coverity doesn't see that a successful call to fr_base16_decode()
in fr_ldap_util_normalise_dn(), c will be set. Unfortunately, it
appears that each of the ten cases of the switch statement
checking for an escape sequence (other than \\) would then require
annotation.
We therefore use an array of bool const so the check for a valid
escape sequence happens in one line, needing only one annotation.
(Having done this, one might as well use it in fr_ldap_util_is_dn(),
and that is indeed done.)
James Jones [Wed, 3 Aug 2022 13:43:58 +0000 (08:43 -0500)]
Annotate false positive in fr_dict_attr_verify() (CID #1504052) (#4642)
The preceding fr_assert_msg() should keep attributes without
namespaces from reaching the dict_attr_namespace() call, so it
should never return NULL... but coverity doesn't know that.
coverity flags the check whether there are commands to run
with the comment "You might be using variable num_commands
before verifying that it is >=0."