06b5c95b05
Various coverity fixes, not yet sent to upstream.
134 lines
7.3 KiB
Diff
134 lines
7.3 KiB
Diff
From f476acbe3c2830e6ff0c50cc36d364a3f3f4fadb Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
|
Date: Fri, 3 Sep 2021 22:45:29 +0200
|
|
Subject: [PATCH 14/15] Fix coverity detected issues in dnsmasq.c
|
|
|
|
Error: DEADCODE (CWE-561): [#def12]
|
|
dnsmasq-2.86rc3/src/dnsmasq.c:37: assignment: Assigning: "bind_fallback" = "0".
|
|
dnsmasq-2.86rc3/src/dnsmasq.c:927: const: At condition "bind_fallback", the value of "bind_fallback" must be equal to 0.
|
|
dnsmasq-2.86rc3/src/dnsmasq.c:927: dead_error_condition: The condition "bind_fallback" cannot be true.
|
|
dnsmasq-2.86rc3/src/dnsmasq.c:928: dead_error_line: Execution cannot reach this statement: "my_syslog(4, "setting --bin...".
|
|
dnsmasq-2.86rc3/src/dnsmasq.c:928: effectively_constant: Local variable "bind_fallback" is assigned only once, to a constant value, making it effectively constant throughout its scope. If this is not the intent, examine the logic to see if there is a missing assignment that would make "bind_fallback" not remain constant.
|
|
# 926|
|
|
# 927| if (bind_fallback)
|
|
# 928|-> my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations"));
|
|
# 929|
|
|
# 930| if (option_bool(OPT_NOWILD))
|
|
|
|
Error: REVERSE_NEGATIVE (CWE-191): [#def13]
|
|
dnsmasq-2.86rc3/src/dnsmasq.c:383: negative_sink_in_call: Passing "dnsmasq_daemon->pxefd" to a parameter that cannot be negative.
|
|
dnsmasq-2.86rc3/src/dnsmasq.c:1086: check_after_sink: You might be using variable "dnsmasq_daemon->pxefd" before verifying that it is >= 0.
|
|
# 1084| {
|
|
# 1085| poll_listen(daemon->dhcpfd, POLLIN);
|
|
# 1086|-> if (daemon->pxefd != -1)
|
|
# 1087| poll_listen(daemon->pxefd, POLLIN);
|
|
# 1088| }
|
|
|
|
Error: CHECKED_RETURN (CWE-252): [#def18]
|
|
dnsmasq-2.86rc3/src/dnsmasq.c:1582: check_return: Calling "fcntl(dnsmasq_daemon->helperfd, 4, i & 0xfffffffffffff7ff)" without checking return value. This library function may fail and return an error code.
|
|
# 1580| /* block in writes until all done */
|
|
# 1581| if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1)
|
|
# 1582|-> fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK);
|
|
# 1583| do {
|
|
# 1584| helper_write();
|
|
|
|
Error: CHECKED_RETURN (CWE-252): [#def22]
|
|
dnsmasq-2.86rc3/src/dnsmasq.c:1991: check_return: Calling "fcntl(confd, 4, flags & 0xfffffffffffff7ff)" without checking return value. This library function may fail and return an error code.
|
|
# 1989| Reset that here. */
|
|
# 1990| if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
|
|
# 1991|-> fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);
|
|
# 1992|
|
|
# 1993| buff = tcp_request(confd, now, &tcp_addr, netmask, auth_dns);
|
|
|
|
Error: CHECKED_RETURN (CWE-252): [#def26]
|
|
dnsmasq-2.86rc3/src/dnssec.c:727: check_return: Calling "extract_name" without checking return value (as is done elsewhere 9 out of 10 times).
|
|
dnsmasq-2.86rc3/src/dnssec.c:459: example_checked: Example 1: "extract_name(header, plen, &p, keyname, 1, 0)" has its value checked in "extract_name(header, plen, &p, keyname, 1, 0)".
|
|
dnsmasq-2.86rc3/src/dnssec.c:269: example_checked: Example 2: "extract_name(header, plen, &state->ip, state->buff, 1, 0)" has its value checked in "extract_name(header, plen, &state->ip, state->buff, 1, 0)".
|
|
dnsmasq-2.86rc3/src/dnssec.c:569: example_checked: Example 3: "extract_name(header, plen, &p, keyname, 1, 0)" has its value checked in "extract_name(header, plen, &p, keyname, 1, 0)".
|
|
dnsmasq-2.86rc3/src/rfc1035.c:648: example_checked: Example 4: "extract_name(header, qlen, &p1, name, 1, 0)" has its value checked in "extract_name(header, qlen, &p1, name, 1, 0)".
|
|
dnsmasq-2.86rc3/src/rfc1035.c:787: example_checked: Example 5: "extract_name(header, qlen, &p1, name, 1, 0)" has its value checked in "extract_name(header, qlen, &p1, name, 1, 0)".
|
|
# 725| /* namebuff used for workspace above, restore to leave unchanged on exit */
|
|
# 726| p = (unsigned char*)(rrset[0]);
|
|
# 727|-> extract_name(header, plen, &p, name, 1, 0);
|
|
# 728|
|
|
# 729| if (key)
|
|
|
|
Error: CHECKED_RETURN (CWE-252): [#def27]
|
|
dnsmasq-2.86rc3/src/dnssec.c:1020: check_return: Calling "extract_name" without checking return value (as is done elsewhere 7 out of 8 times).
|
|
dnsmasq-2.86rc3/src/auth.c:140: example_checked: Example 1: "extract_name(header, qlen, &p, name, 1, 4)" has its value checked in "extract_name(header, qlen, &p, name, 1, 4)".
|
|
dnsmasq-2.86rc3/src/dnssec.c:771: example_checked: Example 2: "extract_name(header, plen, &p, name, 1, 4)" has its value checked in "extract_name(header, plen, &p, name, 1, 4)".
|
|
dnsmasq-2.86rc3/src/hash-questions.c:57: example_checked: Example 3: "extract_name(header, plen, &p, name, 1, 4)" has its value checked in "extract_name(header, plen, &p, name, 1, 4)".
|
|
dnsmasq-2.86rc3/src/rfc1035.c:1028: example_checked: Example 4: "extract_name(header, qlen, &p, name, 1, 4)" has its value checked in "extract_name(header, qlen, &p, name, 1, 4)".
|
|
dnsmasq-2.86rc3/src/rfc1035.c:1438: example_checked: Example 5: "extract_name(header, qlen, &p, name, 1, 4)" has its value checked in "extract_name(header, qlen, &p, name, 1, 4)".
|
|
# 1018|
|
|
# 1019| p = (unsigned char *)(header+1);
|
|
# 1020|-> extract_name(header, plen, &p, name, 1, 4);
|
|
# 1021| p += 4; /* qtype, qclass */
|
|
# 1022|
|
|
---
|
|
src/dnsmasq.c | 11 +++++++----
|
|
1 file changed, 7 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
|
|
index 602daed..3e1bfe8 100644
|
|
--- a/src/dnsmasq.c
|
|
+++ b/src/dnsmasq.c
|
|
@@ -34,7 +34,6 @@ static void poll_resolv(int force, int do_reload, time_t now);
|
|
|
|
int main (int argc, char **argv)
|
|
{
|
|
- int bind_fallback = 0;
|
|
time_t now;
|
|
struct sigaction sigact;
|
|
struct iname *if_tmp;
|
|
@@ -59,6 +58,8 @@ int main (int argc, char **argv)
|
|
int did_bind = 0;
|
|
struct server *serv;
|
|
char *netlink_warn;
|
|
+#else
|
|
+ int bind_fallback = 0;
|
|
#endif
|
|
#if defined(HAVE_DHCP) || defined(HAVE_DHCP6)
|
|
struct dhcp_context *context;
|
|
@@ -377,7 +378,7 @@ int main (int argc, char **argv)
|
|
bindtodevice(bound_device, daemon->dhcpfd);
|
|
did_bind = 1;
|
|
}
|
|
- if (daemon->enable_pxe && bound_device)
|
|
+ if (daemon->enable_pxe && bound_device && daemon->pxefd != -1)
|
|
{
|
|
bindtodevice(bound_device, daemon->pxefd);
|
|
did_bind = 1;
|
|
@@ -920,8 +921,10 @@ int main (int argc, char **argv)
|
|
my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"),
|
|
daemon->log_file, strerror(log_err));
|
|
|
|
+#ifndef HAVE_LINUX_NETWORK
|
|
if (bind_fallback)
|
|
my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations"));
|
|
+#endif
|
|
|
|
if (option_bool(OPT_NOWILD))
|
|
warn_bound_listeners();
|
|
@@ -1575,7 +1578,7 @@ static void async_event(int pipe, time_t now)
|
|
{
|
|
/* block in writes until all done */
|
|
if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1)
|
|
- fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK);
|
|
+ while(retry_send(fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK)));
|
|
do {
|
|
helper_write();
|
|
} while (!helper_buf_empty() || do_script_run(now));
|
|
@@ -1984,7 +1987,7 @@ static void check_dns_listeners(time_t now)
|
|
attribute from the listening socket.
|
|
Reset that here. */
|
|
if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
|
|
- fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);
|
|
+ while(retry_send(fcntl(confd, F_SETFL, flags & ~O_NONBLOCK)));
|
|
|
|
buff = tcp_request(confd, now, &tcp_addr, netmask, auth_dns);
|
|
|
|
--
|
|
2.31.1
|
|
|