2319. [bug] Silence Coverity warnings in

                        lib/dns/rdata/in_1/apl_42.c. [RT #174]

diff --git a/CHANGES b/CHANGES
index 5535b4981542b4566dde18ddab3447d39f558f4c..4e1a19307889a7c227080ba351b5352ae9798919 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2319.  [bug]           Silence Coverity warnings in 
+                       lib/dns/rdata/in_1/apl_42.c. [RT #174]
+
 2318.  [port]          ISC_PLATFORM_NEEDTIMESPEC missing from
                        lib/bind/config.h.in. [RT #17514]
 

diff --git a/lib/dns/rdata/in_1/apl_42.c b/lib/dns/rdata/in_1/apl_42.c
index d09e9b0abfc31f319a1fd2e3786921cc250f38e4..f6cfe1ccabc1962132a3b5ee120567dced692ef5 100644 (file)
--- a/lib/dns/rdata/in_1/apl_42.c
+++ b/lib/dns/rdata/in_1/apl_42.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: apl_42.c,v 1.12 2007/06/19 23:47:17 tbox Exp $ */
+/* $Id: apl_42.c,v 1.13 2008/01/22 23:17:31 marka Exp $ */
 
 /* RFC3123 */
 
@@ -306,37 +306,88 @@ freestruct_in_apl(ARGS_FREESTRUCT) {
 
 isc_result_t
 dns_rdata_apl_first(dns_rdata_in_apl_t *apl) {
+       isc_uint32_t length;
+
+       REQUIRE(apl != NULL);
        REQUIRE(apl->common.rdtype == 42);
        REQUIRE(apl->common.rdclass == 1);
        REQUIRE(apl->apl != NULL || apl->apl_len == 0);
 
+       /*
+        * If no APL return ISC_R_NOMORE.
+        */
+       if (apl->apl == NULL)
+               return (ISC_R_NOMORE);
+
+       /*
+        * Sanity check data.
+        */
+       INSIST(apl->apl_len > 3U);
+       length = apl->apl[apl->offset + 3] & 0x7f;
+       INSIST(length <= apl->apl_len);
+
        apl->offset = 0;
-       return ((apl->apl_len != 0) ? ISC_R_SUCCESS : ISC_R_NOMORE);
+       return (ISC_R_SUCCESS);
 }
 
 isc_result_t
 dns_rdata_apl_next(dns_rdata_in_apl_t *apl) {
+       isc_uint32_t length;
+
+       REQUIRE(apl != NULL);
        REQUIRE(apl->common.rdtype == 42);
        REQUIRE(apl->common.rdclass == 1);
        REQUIRE(apl->apl != NULL || apl->apl_len == 0);
 
-       if (apl->offset + 3 < apl->apl_len)
+       /*
+        * No APL or have already reached the end return ISC_R_NOMORE.
+        */
+       if (apl->apl == NULL || apl->offset == apl->apl_len)
                return (ISC_R_NOMORE);
+
+       /*
+        * Sanity check data.
+        */
+       INSIST(apl->offset < apl->apl_len);
+       INSIST(apl->apl_len > 3U);
+       INSIST(apl->offset <= apl->apl_len - 4U);
+       length = apl->apl[apl->offset + 3] & 0x7f;
+       /*
+        * 16 to 32 bits promotion as 'length' is 32 bits so there is
+        * no overflow problems.
+        */
+       INSIST(length + apl->offset <= apl->apl_len);
+
        apl->offset += apl->apl[apl->offset + 3] & 0x7f;
        return ((apl->offset >= apl->apl_len) ? ISC_R_SUCCESS : ISC_R_NOMORE);
 }
 
 isc_result_t
 dns_rdata_apl_current(dns_rdata_in_apl_t *apl, dns_rdata_apl_ent_t *ent) {
+       isc_uint32_t length;
 
+       REQUIRE(apl != NULL);
        REQUIRE(apl->common.rdtype == 42);
        REQUIRE(apl->common.rdclass == 1);
        REQUIRE(ent != NULL);
        REQUIRE(apl->apl != NULL || apl->apl_len == 0);
+       REQUIRE(apl->offset <= apl->apl_len);
 
-       if (apl->offset >= apl->apl_len)
+       if (apl->offset == apl->apl_len)
                return (ISC_R_NOMORE);
 
+       /*
+        * Sanity check data.
+        */
+       INSIST(apl->apl_len > 3U);
+       INSIST(apl->offset <= apl->apl_len - 4U);
+       length = apl->apl[apl->offset + 3] & 0x7f;
+       /*
+        * 16 to 32 bits promotion as 'length' is 32 bits so there is
+        * no overflow problems.
+        */
+       INSIST(length + apl->offset <= apl->apl_len);
+
        ent->family = (apl->apl[apl->offset] << 8) + apl->apl[apl->offset + 1];
        ent->prefix = apl->apl[apl->offset + 2];
        ent->length = apl->apl[apl->offset + 3] & 0x7f;