Commit eaf861c6 authored by Jan Kadlec's avatar Jan Kadlec

Coverity: fixed reported issues.

Cov #1187492, #1187493, #1187494, #1187495, #1138581, #1138582
parent c1e09ce4
......@@ -91,6 +91,10 @@ static bool are_nsec3_nodes_equal(const knot_node_t *a, const knot_node_t *b)
static knot_dname_t *next_dname_from_nsec3_rrset(const knot_rrset_t *rr,
const knot_dname_t *zone_apex)
{
int apex_size = knot_dname_size(zone_apex);
if (apex_size < 0) {
return NULL;
}
uint8_t *next_hashed = NULL;
uint8_t hashed_size = 0;
knot_rdata_nsec3_next_hashed(rr, 0, &next_hashed, &hashed_size);
......@@ -101,12 +105,12 @@ static knot_dname_t *next_dname_from_nsec3_rrset(const knot_rrset_t *rr,
return NULL;
}
uint8_t catted_hash[encoded_size + knot_dname_size(zone_apex)];
uint8_t catted_hash[encoded_size + apex_size];
*catted_hash = encoded_size;
memcpy(catted_hash + 1, encoded, encoded_size);
free(encoded);
memcpy(catted_hash + 1 + encoded_size,
zone_apex, knot_dname_size(zone_apex));
zone_apex, apex_size);
knot_dname_t *next_dname = knot_dname_copy(catted_hash);
if (next_dname == NULL) {
return NULL;
......@@ -449,6 +453,7 @@ static int copy_signatures(const knot_zone_tree_t *from, knot_zone_tree_t *to)
int ret = shallow_copy_signature(node_from, node_to);
if (ret != KNOT_EOK) {
hattrie_iter_free(it);
return ret;
}
}
......@@ -944,6 +949,7 @@ static int create_nsec3_hashes_from_trie(const hattrie_t *sorted_changes,
zone->apex->owner,
&zone->nsec3_params);
if (nsec3_name == NULL) {
hattrie_iter_free(itt);
hattrie_free(*out);
return KNOT_ERROR;
}
......
......@@ -81,7 +81,8 @@ static bool valid_signature_exists(const knot_rrset_t *covered,
uint16_t rrsigs_rdata_count = knot_rrset_rr_count(rrsigs);
for (uint16_t i = 0; i < rrsigs_rdata_count; i++) {
uint16_t keytag = knot_rdata_rrsig_key_tag(rrsigs, i);
if (keytag != key->keytag) {
uint16_t type_covered = knot_rdata_rrsig_type_covered(rrsigs, i);
if (keytag != key->keytag || type_covered != covered->type) {
continue;
}
......
......@@ -164,6 +164,7 @@ static void loader_process(const scanner_t *scanner)
log_zone_error("%s:%"PRIu64": Can't add RDATA for '%s'.\n",
scanner->file_name, scanner->line_counter, rr_name);
free(rr_name);
knot_rrset_deep_free(&rr, true, NULL);
zc->ret = ret;
return;
}
......
......@@ -327,35 +327,23 @@ int knot_is_valid_signature(const knot_rrset_t *covered,
return KNOT_DNSSEC_EINVALID_SIGNATURE;
}
// Synthesize RRSIG for covered RRSet
knot_rrset_t *synth_rrsigs = NULL;
int result = knot_rrset_synth_rrsig(covered->owner, covered->type,
rrsigs, &synth_rrsigs, NULL);
if (result != KNOT_EOK) {
if (result != KNOT_ENOENT) {
return result;
}
// No signature exists
return KNOT_EINVAL;
}
// identify fields in the signature being validated
uint8_t *rdata = knot_rrset_rr_rdata(synth_rrsigs, pos);
uint8_t *rdata = knot_rrset_rr_rdata(rrsigs, pos);
if (!rdata) {
return KNOT_EINVAL;
}
uint8_t *signature = NULL;
size_t signature_size = 0;
knot_rdata_rrsig_signature(synth_rrsigs, pos, &signature, &signature_size);
knot_rdata_rrsig_signature(rrsigs, pos, &signature, &signature_size);
if (!signature) {
return KNOT_EINVAL;
}
// perform the validation
result = knot_dnssec_sign_new(ctx);
int result = knot_dnssec_sign_new(ctx);
if (result != KNOT_EOK) {
return result;
}
......@@ -365,7 +353,5 @@ int knot_is_valid_signature(const knot_rrset_t *covered,
return result;
}
result = knot_dnssec_sign_verify(ctx, signature, signature_size);
knot_rrset_deep_free(&synth_rrsigs, true, NULL);
return result;
return knot_dnssec_sign_verify(ctx, signature, signature_size);
}
......@@ -475,8 +475,12 @@ static size_t rrset_binary_size_one(const knot_rrset_t *rrset,
size_t rdata_pos)
{
rr_t *rr = get_rr(rrset, rdata_pos);
// RR size + TTL
return rr_size(rr) + sizeof(uint32_t);
if (rr) {
// RR size + TTL
return rr_size(rr) + sizeof(uint32_t);
} else {
return 0;
}
}
static void rrset_serialize_rr(const knot_rrset_t *rrset, size_t rdata_pos,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment