From: Mark Andrews <marka@isc.org>
Date: Wed, 10 May 2023 04:50:59 +0000 (+1000)
Subject: Silence Coverity USE_AFTER_FREE warning
X-Git-Tag: v9.19.14~33^2
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=c48c72343d1e1c75b78760ea45fa6ac237f4abbd;p=thirdparty%2Fbind9.git

Silence Coverity USE_AFTER_FREE warning

Use current used pointer - 16 instead of a saved pointer as Coverity
thinks the memory may be freed between assignment and use of 'cp'.
isc_buffer_put{mem,uint{8,16,32}} can theoretically free the memory
if there is a dynamic buffer in use but that is not the case here.
---

diff --git a/lib/ns/client.c b/lib/ns/client.c
index 5e6f14f780d..7dc52b43c44 100644
--- a/lib/ns/client.c
+++ b/lib/ns/client.c
@@ -1150,14 +1150,13 @@ compute_cookie(ns_client_t *client, uint32_t when, uint32_t nonce,
 		isc_netaddr_t netaddr;
 		unsigned char *cp;
 
-		cp = isc_buffer_used(buf);
 		isc_buffer_putmem(buf, client->cookie, 8);
 		isc_buffer_putuint8(buf, NS_COOKIE_VERSION_1);
 		isc_buffer_putuint8(buf, 0);  /* Reserved */
 		isc_buffer_putuint16(buf, 0); /* Reserved */
 		isc_buffer_putuint32(buf, when);
 
-		memmove(input, cp, 16);
+		memmove(input, (unsigned char *)isc_buffer_used(buf) - 16, 16);
 
 		isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
 		switch (netaddr.family) {
@@ -1185,11 +1184,10 @@ compute_cookie(ns_client_t *client, uint32_t when, uint32_t nonce,
 		unsigned char *cp;
 		unsigned int i;
 
-		cp = isc_buffer_used(buf);
 		isc_buffer_putmem(buf, client->cookie, 8);
 		isc_buffer_putuint32(buf, nonce);
 		isc_buffer_putuint32(buf, when);
-		memmove(input, cp, 16);
+		memmove(input, (unsigned char *)isc_buffer_used(buf) - 16, 16);
 		isc_aes128_crypt(secret, input, digest);
 		for (i = 0; i < 8; i++) {
 			input[i] = digest[i] ^ digest[i + 8];