Add semantic patches to correctly check dns_name_copy(..., NULL) return code

The dns_name_copy() function cannot fail gracefully when the last argument
(target) is NULL.  Add RUNTIME_CHECK()s around such calls.

The first semantic patch adds RUNTIME_CHECK() around any call that ignores the
return value and is very safe to apply.

The second semantic patch attempts to properly add RUNTIME_CHECK() to places
where the return value from `dns_name_copy()` is recorded into `result`
variable.  The result of this semantic patch needs to be reviewed by hand.

Both patches misses couple places where the code surrounding the
`dns_name_copy(..., NULL)` usage is more complicated and is better suited to be
fixed by a human being that understands the surrounding code.

(cherry picked from commit 406eba0c4125c99ec4c79839a8a890b812225ca4)

diff --git a/cocci/dns_name_copy-with-result.spatch b/cocci/dns_name_copy-with-result.spatch
new file mode 100644 (file)
index 0000000..c4555c3
--- /dev/null
+++ b/cocci/dns_name_copy-with-result.spatch
@@ -0,0 +1,30 @@
+@@
+expression V, E1, E2;
+statement S;
+@@
+
+- V = dns_name_copy(E1, E2, NULL);
+- if (V != ISC_R_SUCCESS) S
++ RUNTIME_CHECK(dns_name_copy(E1, E2, NULL) == ISC_R_SUCCESS);
+
+@@
+expression V, E1, E2;
+statement S1, S2;
+@@
+
+- V = dns_name_copy(E1, E2, NULL);
+- if (V == ISC_R_SUCCESS) S1 else S2;
++ RUNTIME_CHECK(dns_name_copy(E1, E2, NULL) == ISC_R_SUCCESS);
++ S2
+
+@@
+expression V, E1, E2;
+statement S1, S2;
+@@
+
+- V = dns_name_copy(E1, E2, NULL);
+- S1
+- if (V == ISC_R_SUCCESS) S2
++ RUNTIME_CHECK(dns_name_copy(E1, E2, NULL) == ISC_R_SUCCESS);
++ S1
++ S2

diff --git a/cocci/dns_name_copy.spatch b/cocci/dns_name_copy.spatch
new file mode 100644 (file)
index 0000000..89e340c
--- /dev/null
+++ b/cocci/dns_name_copy.spatch
@@ -0,0 +1,30 @@
+@@
+expression E1, E2;
+@@
+
+- dns_name_copy(E1, E2, NULL);
++ RUNTIME_CHECK(dns_name_copy(E1, E2, NULL) == ISC_R_SUCCESS);
+
+@@
+expression E1, E2;
+@@
+
+- (void)dns_name_copy(E1, E2, NULL);
++ RUNTIME_CHECK(dns_name_copy(E1, E2, NULL) == ISC_R_SUCCESS);
+
+@@
+expression E1, E2;
+@@
+
+- return (dns_name_copy(E1, E2, NULL));
++ RUNTIME_CHECK(dns_name_copy(E1, E2, NULL) == ISC_R_SUCCESS);
++ return (ISC_R_SUCCESS);
+
+// ./bin/named/query.c processing broken with this rule, fix manually
+// @@
+// expression V, E1, E2;
+// @@
+//
+// - V = dns_name_copy(E1, E2, NULL);
+// - RUNTIME_CHECK(V == ISC_R_SUCCESS);
+// + RUNTIME_CHECK(dns_name_copy(E1, E2, NULL) == ISC_R_SUCCESS);

diff --git a/util/copyrights b/util/copyrights
index 9e371552298a75d58699ce1633a03a8d946c1dc4..115db94068a5bb6407137667dc37edd4e59b0829 100644 (file)
--- a/util/copyrights
+++ b/util/copyrights
@@ -1336,6 +1336,9 @@
 ./bin/win32/BINDInstall/resource.h             X       2001,2005,2009,2018,2019
 ./bind.keys                                    X       2009,2010,2011,2017,2018,2019
 ./bind.keys.h                                  X       2009,2010,2011,2012,2014,2017,2018,2019
+./cocci/dns_name_copy-with-result.spatch       X       2019
+./cocci/dns_name_copy.spatch                   X       2019
+./cocci/dns_name_copynf.spatch                 X       2019
 ./cocci/unreachable.spatch                     X       2018,2019
 ./config.guess                                 X       1998,1999,2000,2001,2004,2009,2013,2018,2019
 ./config.h.in                                  X       1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019