From 5a7a3b67445af9cd1d2e8af2d842737a5a1ef398 Mon Sep 17 00:00:00 2001
From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Thu, 22 Jun 2023 09:12:10 +0200
Subject: [PATCH] Fix coverity time_t related warnings

Most are not *really* bad, as we convert tmioe_t or unsigned int, which is good
for quite some time. One case of converting time_t to *signed* int spotted.
---
 modules/bindbackend/bindbackend2.cc | 1 +
 pdns/auth-zonecache.hh              | 1 +
 pdns/dbdnsseckeeper.cc              | 1 +
 pdns/ixplore.cc                     | 2 +-
 pdns/saxfr.cc                       | 1 +
 pdns/serialtweaker.cc               | 2 ++
 pdns/tkey.cc                        | 1 +
 pdns/ws-auth.cc                     | 1 +
 8 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/modules/bindbackend/bindbackend2.cc b/modules/bindbackend/bindbackend2.cc
index 931952d4e8..1a0b01a578 100644
--- a/modules/bindbackend/bindbackend2.cc
+++ b/modules/bindbackend/bindbackend2.cc
@@ -430,6 +430,7 @@ void Bind2Backend::getUnfreshSlaveInfos(vector<DomainInfo>* unfreshDomains)
     catch (...) {
     }
     sd.serial = soadata.serial;
+    // coverity[store_truncates_time_t]
     if (sd.last_check + soadata.refresh < (unsigned int)time(nullptr))
       unfreshDomains->push_back(std::move(sd));
   }
diff --git a/pdns/auth-zonecache.hh b/pdns/auth-zonecache.hh
index c1b91d2b58..c5b052a537 100644
--- a/pdns/auth-zonecache.hh
+++ b/pdns/auth-zonecache.hh
@@ -43,6 +43,7 @@ public:
 
   uint32_t getRefreshInterval() const
   {
+    // coverity[store_truncates_time_t]
     return d_refreshinterval;
   }
 
diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc
index 9d7b85a332..5140252929 100644
--- a/pdns/dbdnsseckeeper.cc
+++ b/pdns/dbdnsseckeeper.cc
@@ -533,6 +533,7 @@ DNSSECKeeper::keyset_t DNSSECKeeper::getEntryPoints(const DNSName& zname)
 DNSSECKeeper::keyset_t DNSSECKeeper::getKeys(const DNSName& zone, bool useCache)
 {
   static int ttl = ::arg().asNum("dnssec-key-cache-ttl");
+  // coverity[store_truncates_time_t]
   unsigned int now = time(nullptr);
 
   if(!((++s_ops) % 100000)) {
diff --git a/pdns/ixplore.cc b/pdns/ixplore.cc
index e6eedf42ce..620402ab0e 100644
--- a/pdns/ixplore.cc
+++ b/pdns/ixplore.cc
@@ -180,7 +180,7 @@ int main(int argc, char** argv) {
       shared_ptr<const SOARecordContent> sr;
       uint32_t serial = getSerialFromMaster(master, zone, sr, tt);
       if(ourSerial == serial) {
-        time_t sleepTime = sr ? sr->d_st.refresh : 60;
+        unsigned int sleepTime = sr ? sr->d_st.refresh : 60;
         cout<<"still up to date, their serial is "<<serial<<", sleeping "<<sleepTime<<" seconds"<<endl;
         sleep(sleepTime);
         continue;
diff --git a/pdns/saxfr.cc b/pdns/saxfr.cc
index fa2335e540..f6d25cfbc6 100644
--- a/pdns/saxfr.cc
+++ b/pdns/saxfr.cc
@@ -105,6 +105,7 @@ try
       DNSPacketWriter pwtkey(packet, gssctx.getLabel(), QType::TKEY, QClass::ANY);
       TKEYRecordContent tkrc;
       tkrc.d_algo = DNSName("gss-tsig.");
+      // coverity[store_truncates_time_t]
       tkrc.d_inception = time((time_t*)NULL);
       tkrc.d_expiration = tkrc.d_inception+15;
       tkrc.d_mode = 3;
diff --git a/pdns/serialtweaker.cc b/pdns/serialtweaker.cc
index 72f31a7d58..771c308895 100644
--- a/pdns/serialtweaker.cc
+++ b/pdns/serialtweaker.cc
@@ -59,6 +59,7 @@ uint32_t calculateEditSOA(uint32_t old_serial, const string& kind, const DNSName
     return (old_serial + (inception / (7*86400)));
   }
   else if(pdns_iequals(kind,"EPOCH")) {
+    // coverity[store_truncates_time_t]
     return time(nullptr);
   }
   else if(pdns_iequals(kind,"INCEPTION-EPOCH")) {
@@ -107,6 +108,7 @@ static uint32_t calculateIncreaseSOA(uint32_t old_serial, const string& increase
     return old_serial + 1;
   }
   else if (pdns_iequals(increaseKind, "EPOCH")) {
+    // coverity[store_truncates_time_t]
     return time(nullptr);
   }
   else if (pdns_iequals(increaseKind, "DEFAULT")) {
diff --git a/pdns/tkey.cc b/pdns/tkey.cc
index a057b196d5..0fabcd2f9a 100644
--- a/pdns/tkey.cc
+++ b/pdns/tkey.cc
@@ -31,6 +31,7 @@ void PacketHandler::tkeyHandler(const DNSPacket& p, std::unique_ptr<DNSPacket>&
   tkey_out->d_error = 0;
   tkey_out->d_mode = tkey_in.d_mode;
   tkey_out->d_algo = tkey_in.d_algo;
+  // coverity[store_truncates_time_t]
   tkey_out->d_inception = inception;
   tkey_out->d_expiration = tkey_out->d_inception+15;
 
diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 20d79875f6..fe7fb50b0c 100644
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -583,6 +583,7 @@ static void gatherComments(const Json& container, const DNSName& qname, const QT
 
   time_t now = time(nullptr);
   for (const auto& comment : container["comments"].array_items()) {
+    // FIXME this is converting to a *signed* int, 2036 issue
     c.modified_at = intFromJson(comment, "modified_at", now);
     c.content = stringFromJson(comment, "content");
     c.account = stringFromJson(comment, "account");
-- 
2.47.2