+3872. [bug] Address issues found by static analysis. [RT #36209]
+
3871. [bug] Don't publish an activated key automatically before
its publish time. [RT #35063]
#define ALLOW_SECURE_TO_INSECURE(zone) \
((dns_zone_getoptions(zone) & DNS_ZONEOPT_SECURETOINSECURE) != 0)
+ CHECK(rrset_exists(db, oldver, zonename, dns_rdatatype_dnskey,
+ 0, &had_dnskey));
if (!ALLOW_SECURE_TO_INSECURE(zone)) {
- CHECK(rrset_exists(db, oldver, zonename,
- dns_rdatatype_dnskey, 0,
- &had_dnskey));
if (had_dnskey && !has_dnskey) {
update_log(client, zone, LOGLEVEL_PROTOCOL,
"update rejected: all DNSKEY "
#include <isc/entropy.h>
#include <isc/log.h>
#include <isc/mem.h>
+#include <isc/print.h>
#include <isc/sockaddr.h>
#include <isc/socket.h>
#include <isc/task.h>
} \
}
-static char contextname[512];
-static char gssid[512];
-static char serveraddress[512];
static dns_fixedname_t servername, gssname;
static isc_mem_t *mctx;
for (;;) {
printf("\nCommand => ");
- c = scanf("%s", buf);
+ c = scanf("%31s", buf);
if (c == EOF || strcmp(buf, "quit") == 0) {
isc_app_shutdown();
isc_event_free(&event);
printf("Query => ");
- c = scanf("%s", host);
+ c = scanf("%255s", host);
if (c == EOF)
return;
static void
initctx1(isc_task_t *task, isc_event_t *event) {
+ char gssid[512];
+ char contextname[512];
isc_result_t result;
isc_buffer_t buf;
dns_message_t *query;
isc_event_free(&event);
printf("Initctx - GSS name => ");
- c = scanf("%s", gssid);
+ c = scanf("%511s", gssid);
if (c == EOF)
return;
- sprintf(contextname, "gsstest.context.%d.", (int)time(NULL));
+ snprintf(contextname, sizeof(contextname),
+ "gsstest.context.%d.", (int)time(NULL));
printf("Initctx - context name we're using: %s\n", contextname);
static void
setup(void)
{
- struct in_addr inaddr;
- int c;
-
for (;;) {
+ char serveraddress[512];
+ struct in_addr inaddr;
+ int c;
+
printf("Server IP => ");
- c = scanf("%s", serveraddress);
+ c = scanf("%511s", serveraddress);
if (c == EOF || strcmp(serveraddress, "quit") == 0) {
isc_app_shutdown();
return (0);
}
- len = strlen(argv[isc_commandline_index]) + 2;
+ len = strlen(argv[isc_commandline_index]);
+ INSIST((len + 2) > len);
+ len += 2;
name = (char *) malloc(len);
if (name == NULL) {
perror("malloc");
CHECK(dns_nsec3_hashname(&fixed, nexthash, &next_length,
name, origin, hash, iterations,
salt, salt_length));
+ INSIST(next_length <= sizeof(nexthash));
/*
* Create the node if it doesn't exist and hold
* of memory concerns, when chains were first implemented).
*/
#define ADD_LEVEL(chain, node) \
- (chain)->levels[(chain)->level_count++] = (node)
+ do { \
+ INSIST((chain)->level_count < DNS_RBT_LEVELBLOCK); \
+ (chain)->levels[(chain)->level_count++] = (node); \
+ } while (0)
/*%
* The following macros directly access normally private name variables.
#include <isc/sha1.h>
/*
- * The maximal hash length that can be encoded it a name
+ * The maximal hash length that can be encoded in a name
* using base32hex. floor(255/8)*5
*/
#define NSEC3_MAX_HASH_LENGTH 155
projects / thirdparty / bind9.git / commitdiff
