Ineffective DbC protections

Dereference before NULL checks.  Thanks to Eric Sesterhenn from X41
D-Sec GmbH for reporting this.

(cherry picked from commit decc17d3b0e0a30d9fdae6ed4b7efec46e30dd9b)

diff --git a/lib/dns/stats.c b/lib/dns/stats.c
index 390a3978ea2a9cb618f258bd70a184713d33270f..238efacdda7f5bd60f458f1ae6574083e335c31d 100644 (file)
--- a/lib/dns/stats.c
+++ b/lib/dns/stats.c
@@ -367,11 +367,12 @@ void
 dns_dnssecsignstats_increment(dns_stats_t *stats, dns_keytag_t id, uint8_t alg,
                              dnssecsignstats_type_t operation) {
        uint32_t kval;
-       int num_keys = isc_stats_ncounters(stats->counters) /
-                      dnssecsign_block_size;
 
        REQUIRE(DNS_STATS_VALID(stats) && stats->type == dns_statstype_dnssec);
 
+       int num_keys = isc_stats_ncounters(stats->counters) /
+                      dnssecsign_block_size;
+
        /* Shift algorithm in front of key tag, which is 16 bits */
        kval = (uint32_t)(alg << 16 | id);
 
@@ -414,11 +415,12 @@ dns_dnssecsignstats_increment(dns_stats_t *stats, dns_keytag_t id, uint8_t alg,
 void
 dns_dnssecsignstats_clear(dns_stats_t *stats, dns_keytag_t id, uint8_t alg) {
        uint32_t kval;
-       int num_keys = isc_stats_ncounters(stats->counters) /
-                      dnssecsign_block_size;
 
        REQUIRE(DNS_STATS_VALID(stats) && stats->type == dns_statstype_dnssec);
 
+       int num_keys = isc_stats_ncounters(stats->counters) /
+                      dnssecsign_block_size;
+
        /* Shift algorithm in front of key tag, which is 16 bits */
        kval = (uint32_t)(alg << 16 | id);
 

diff --git a/lib/isc/netmgr/http.c b/lib/isc/netmgr/http.c
index f2d3e2d5586af45b2b5e16b57e36413f0588a18f..d7a33d5abe2041de47d9d9e7a9b3f55d37023f7a 100644 (file)
--- a/lib/isc/netmgr/http.c
+++ b/lib/isc/netmgr/http.c
@@ -2493,6 +2493,7 @@ isc_nm_listenhttp(isc_nm_t *mgr, isc_sockaddr_t *iface, int backlog,
        isc_nmsocket_t *sock = NULL;
        isc_result_t result;
 
+       REQUIRE(VALID_NM(mgr));
        REQUIRE(!ISC_LIST_EMPTY(eps->handlers));
        REQUIRE(!ISC_LIST_EMPTY(eps->handler_cbargs));
        REQUIRE(atomic_load(&eps->in_use) == false);

diff --git a/lib/isc/netmgr/udp.c b/lib/isc/netmgr/udp.c
index 1a0ee16831a3be8bce2c94f41803a11d0c64dee3..476c7992f6d22ecf4430734ed4b20187b8cf1df2 100644 (file)
--- a/lib/isc/netmgr/udp.c
+++ b/lib/isc/netmgr/udp.c
@@ -152,9 +152,10 @@ isc_nm_listenudp(isc_nm_t *mgr, isc_sockaddr_t *iface, isc_nm_recv_cb_t cb,
        isc_result_t result = ISC_R_SUCCESS;
        isc_nmsocket_t *sock = NULL;
        size_t children_size = 0;
-       REQUIRE(VALID_NM(mgr));
        uv_os_sock_t fd = -1;
 
+       REQUIRE(VALID_NM(mgr));
+
        /*
         * We are creating mgr->nworkers duplicated sockets, one
         * socket for each worker thread.
@@ -693,6 +694,7 @@ isc__nm_udp_send(isc_nmhandle_t *handle, const isc_region_t *region,
        uint32_t maxudp = atomic_load(&sock->mgr->maxudp);
        int ntid;
 
+       REQUIRE(VALID_NMSOCK(sock));
        INSIST(sock->type == isc_nm_udpsocket);
 
        /*