diff --git a/unbound-1.4.20-coverity_scan.patch b/unbound-1.4.20-coverity_scan.patch new file mode 100644 index 0000000..ea68763 --- /dev/null +++ b/unbound-1.4.20-coverity_scan.patch @@ -0,0 +1,80 @@ +From de7c59d25d9fd2464543d649951b2ae47c2a839b Mon Sep 17 00:00:00 2001 +From: wouter +Date: Wed, 21 Aug 2013 13:31:09 +0000 +Subject: [PATCH] - Fix#520: Errors found by static analysis from Tomas + Hozza(redhat). + +git-svn-id: http://unbound.nlnetlabs.nl/svn/trunk@2942 be551aaa-1e26-0410-a405-d3ace91eadb9 +Signed-off-by: Tomas Hozza +--- + libunbound/libworker.c | 3 +++ + testcode/streamtcp.c | 2 +- + util/tube.c | 2 +- + validator/autotrust.c | 6 +++++- + 4 files changed, 10 insertions(+), 3 deletions(-) + +diff --git a/libunbound/libworker.c b/libunbound/libworker.c +index dd3316d..8f2aa48 100644 +--- a/libunbound/libworker.c ++++ b/libunbound/libworker.c +@@ -198,7 +198,10 @@ libworker_setup(struct ub_ctx* ctx, int is_bg) + } + numports = cfg_condense_ports(cfg, &ports); + if(numports == 0) { ++ int locked = !w->is_bg || w->is_bg_thread; + libworker_delete(w); ++ if(locked) ++ lock_basic_unlock(&ctx->cfglock); + return NULL; + } + w->back = outside_network_create(w->base, cfg->msg_buffer_size, +diff --git a/testcode/streamtcp.c b/testcode/streamtcp.c +index dbdf140..06a18e4 100644 +--- a/testcode/streamtcp.c ++++ b/testcode/streamtcp.c +@@ -121,9 +121,9 @@ write_q(int fd, int udp, SSL* ssl, ldns_buffer* buf, uint16_t id, + exit(1); + } + qinfo.qname = memdup(ldns_rdf_data(rdf), ldns_rdf_size(rdf)); ++ if(!qinfo.qname) fatal_exit("out of memory"); + (void)dname_count_size_labels(qinfo.qname, &qinfo.qname_len); + ldns_rdf_deep_free(rdf); +- if(!qinfo.qname) fatal_exit("out of memory"); + + /* qtype and qclass */ + qinfo.qtype = ldns_get_rr_type_by_name(strtype); +diff --git a/util/tube.c b/util/tube.c +index 28c51d7..fde8496 100644 +--- a/util/tube.c ++++ b/util/tube.c +@@ -368,7 +368,7 @@ int tube_read_msg(struct tube* tube, uint8_t** buf, uint32_t* len, + return 0; + } + d = 0; +- while(d != (ssize_t)*len) { ++ while(d < (ssize_t)*len) { + if((r=read(fd, (*buf)+d, (size_t)((ssize_t)*len)-d)) == -1) { + log_err("tube msg read failed: %s", strerror(errno)); + (void)fd_set_nonblock(fd); +diff --git a/validator/autotrust.c b/validator/autotrust.c +index 1e24b4c..dc7cbf6 100644 +--- a/validator/autotrust.c ++++ b/validator/autotrust.c +@@ -976,9 +976,13 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp) + char* fname = tp->autr->file; + char tempf[2048]; + log_assert(tp->autr); ++ if(!env) { ++ log_err("autr_write_file: Module environment is NULL."); ++ return; ++ } + /* unique name with pid number and thread number */ + snprintf(tempf, sizeof(tempf), "%s.%d-%d", fname, (int)getpid(), +- env&&env->worker?*(int*)env->worker:0); ++ env->worker?*(int*)env->worker:0); + verbose(VERB_ALGO, "autotrust: write to disk: %s", tempf); + out = fopen(tempf, "w"); + if(!out) { +-- +1.8.3.1 + diff --git a/unbound.spec b/unbound.spec index 629a3c5..4b658a1 100644 --- a/unbound.spec +++ b/unbound.spec @@ -11,7 +11,7 @@ Summary: Validating, recursive, and caching DNS(SEC) resolver Name: unbound Version: 1.4.20 -Release: 18%{?dist} +Release: 19%{?dist} License: BSD Url: http://www.nlnetlabs.nl/unbound/ Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz @@ -34,6 +34,7 @@ Source15: unbound.cron Source16: unbound-munin.README Patch1: unbound-1.4.20-roundrobin.patch Patch2: unbound-1.4.20-streamtcp-manpage.patch +Patch3: unbound-1.4.20-coverity_scan.patch Group: System Environment/Daemons BuildRequires: flex, openssl-devel , ldns-devel >= 1.6.13 @@ -109,6 +110,7 @@ Python modules and extensions for unbound %setup -q %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build export LDFLAGS="-Wl,-z,relro,-z,now -pie -specs=/usr/lib/rpm/redhat/redhat-hardened-ld" @@ -281,6 +283,9 @@ exit 0 /bin/systemctl try-restart unbound-keygen.service >/dev/null 2>&1 || : %changelog +* Mon Aug 26 2013 Tomas Hozza - 1.4.20-19 +- Fix errors found by static analysis of source + * Mon Aug 12 2013 Paul Wouters - 1.4.20-18 - Change unbound.conf to only use ephemeral ports (32768-65535)