cppcheck 1.90 reports the following false positives for
lib/dns/tests/rbt_serialize_test.c:
lib/dns/tests/rbt_serialize_test.c:412:12: warning: Either the condition 'base!=NULL' is redundant or there is pointer arithmetic with NULL pointer. [nullPointerArithmeticRedundantCheck]
p = base + (r % filesize);
^
lib/dns/tests/rbt_serialize_test.c:407:20: note: Assuming that condition 'base!=NULL' is not redundant
assert_true(base != NULL && base != MAP_FAILED);
^
lib/dns/tests/rbt_serialize_test.c:405:14: note: Assignment 'base=mmap(NULL,filesize,PROT_READ|PROT_WRITE,0|MAP_PRIVATE,fd,0)', assigned value is 0
base = mmap(NULL, filesize, PROT_READ|PROT_WRITE,
^
lib/dns/tests/rbt_serialize_test.c:412:12: note: Null pointer addition
p = base + (r % filesize);
^
lib/dns/tests/rbt_serialize_test.c:413:12: warning: Either the condition 'base!=NULL' is redundant or there is pointer arithmetic with NULL pointer. [nullPointerArithmeticRedundantCheck]
q = base + filesize;
^
lib/dns/tests/rbt_serialize_test.c:407:20: note: Assuming that condition 'base!=NULL' is not redundant
assert_true(base != NULL && base != MAP_FAILED);
^
lib/dns/tests/rbt_serialize_test.c:405:14: note: Assignment 'base=mmap(NULL,filesize,PROT_READ|PROT_WRITE,0|MAP_PRIVATE,fd,0)', assigned value is 0
base = mmap(NULL, filesize, PROT_READ|PROT_WRITE,
^
lib/dns/tests/rbt_serialize_test.c:413:12: note: Null pointer addition
q = base + filesize;
^
This is caused by cppcheck not understanding how cmocka's assert_true()
macro works. The problem being reported is a false positive: if mmap()
fails, the lines flagged by cppcheck will never be reached. Address the
problem by suppressing nullPointerArithmeticRedundantCheck warnings for
the affected lines.
cppcheck 1.90 reports some false positives for lib/dns/client.c:
lib/dns/client.c:1431:2: warning: Either the condition 'rctx==((void*)0)' is redundant or there is possible null pointer dereference: rctx. [nullPointerRedundantCheck]
rctx->rdataset = rdataset;
^
lib/dns/client.c:1416:11: note: Assuming that condition 'rctx==((void*)0)' is not redundant
if (rctx == NULL)
^
lib/dns/client.c:1415:9: note: Assignment 'rctx=isc__mem_get(mctx,sizeof(*rctx),"lib/dns/client.c",1415)', assigned value is 0
rctx = isc_mem_get(mctx, sizeof(*rctx));
^
lib/dns/client.c:1431:2: note: Null pointer dereference
rctx->rdataset = rdataset;
^
lib/dns/client.c:1438:2: warning: Either the condition 'rctx==((void*)0)' is redundant or there is possible null pointer dereference: rctx. [nullPointerRedundantCheck]
rctx->sigrdataset = sigrdataset;
^
lib/dns/client.c:1416:11: note: Assuming that condition 'rctx==((void*)0)' is not redundant
if (rctx == NULL)
^
lib/dns/client.c:1415:9: note: Assignment 'rctx=isc__mem_get(mctx,sizeof(*rctx),"lib/dns/client.c",1415)', assigned value is 0
rctx = isc_mem_get(mctx, sizeof(*rctx));
^
lib/dns/client.c:1438:2: note: Null pointer dereference
rctx->sigrdataset = sigrdataset;
^
lib/dns/client.c:1445:2: warning: Either the condition 'rctx==((void*)0)' is redundant or there is possible null pointer dereference: rctx. [nullPointerRedundantCheck]
rctx->client = client;
^
lib/dns/client.c:1416:11: note: Assuming that condition 'rctx==((void*)0)' is not redundant
if (rctx == NULL)
^
lib/dns/client.c:1415:9: note: Assignment 'rctx=isc__mem_get(mctx,sizeof(*rctx),"lib/dns/client.c",1415)', assigned value is 0
rctx = isc_mem_get(mctx, sizeof(*rctx));
^
lib/dns/client.c:1445:2: note: Null pointer dereference
rctx->client = client;
^
lib/dns/client.c:1827:2: warning: Either the condition 'ctx==((void*)0)' is redundant or there is possible null pointer dereference: ctx. [nullPointerRedundantCheck]
ctx->client = client;
^
lib/dns/client.c:1815:10: note: Assuming that condition 'ctx==((void*)0)' is not redundant
if (ctx == NULL)
^
lib/dns/client.c:1814:8: note: Assignment 'ctx=isc__mem_get(client->mctx,sizeof(*ctx),"lib/dns/client.c",1814)', assigned value is 0
ctx = isc_mem_get(client->mctx, sizeof(*ctx));
^
lib/dns/client.c:1827:2: note: Null pointer dereference
ctx->client = client;
^
All of them are caused by cppcheck not recognizing the relationship
between isc_mem_get() returning NULL and the result variable being set
to ISC_R_NOMEMORY (with a subsequent jump to a cleanup section).
Move "goto cleanup;" statements into error handling branches to prevent
cppcheck from generating these warnings.
cppcheck 1.89 enabled certain value flow analysis mechanisms [1] which
trigger null pointer dereference false positives that were previously
not reported. It seems that cppcheck no longer treats at least some
REQUIRE() assertion failures as fatal, so add extra assertion macro
definitions to lib/isc/include/isc/util.h that are only used when the
CPPCHECK preprocessor macro is defined; these definitions make cppcheck
1.89 behave as expected.
There is an important requirement for these custom definitions to work:
cppcheck must properly treat abort() as a function which does not
return. In order for that to happen, the __GNUC__ macro must be set to
a high enough number (because system include directories are used and
system headers compile attributes away if __GNUC__ is not high enough).
__GNUC__ is thus set to the major version number of the GCC compiler
used, which is what that latter does itself during compilation.
[1] aaeec462e6
(cherry picked from commit abfde3d543)
zone_needdump() could potentially not call zone_settimer() so
explitly call zone_settimer() as zone->resigntime could have
gone backward.
(cherry picked from commit 5ec57f31b0)
With RRSIG records no longer being signed with the full
sig-validity-interval we need to ensure the zone->resigntime
as it may need to be set to a earlier time.
(cherry picked from commit 5d1611afdc)
* CKR_CRYPTOKI_ALREADY_INITIALIZED: This value can only be returned by
`C_Initialize`. It means that the Cryptoki library has already been
initialized (by a previous call to `C_Initialize` which did not have a
matching `C_Finalize` call).
* CKR_FUNCTION_NOT_SUPPORTED: The requested function is not supported by this
Cryptoki library. Even unsupported functions in the Cryptoki API should have a
"stub" in the library; this stub should simply return the value
CKR_FUNCTION_NOT_SUPPORTED.
* CKR_LIBRARY_LOAD_FAILED: The Cryptoki library could not load a dependent
shared library.
(cherry picked from commit f6922d6e78)
The OASIS pkcs11.h header has a restrictive license. Replace the
pkcs11.h pkcs11f.h and pkcs11t.h headers with pkcs11.h from p11-kit.
For source distribution, the license for the OASIS headers itself
doesn't pose any licensing problem when combined with MPL license, but
it possibly creates problem for downstream distributors of BIND 9.
(cherry picked from commit c47fad2431)
* ctx needs to be destroyed before it is regenerated.
* emit the name of the signature to be replaced.
* cleanup memory before asserting so post longjump doesn't detect a
memory leak.
* comment code.
(cherry picked from commit 3a8c8a2a31)
The memory ordering in the rwlock was all wrong, I am copying excerpts
from the https://en.cppreference.com/w/c/atomic/memory_order#Relaxed_ordering
for the convenience of the reader:
Relaxed ordering
Atomic operations tagged memory_order_relaxed are not synchronization
operations; they do not impose an order among concurrent memory
accesses. They only guarantee atomicity and modification order
consistency.
Sequentially-consistent ordering
Atomic operations tagged memory_order_seq_cst not only order memory
the same way as release/acquire ordering (everything that
happened-before a store in one thread becomes a visible side effect in
the thread that did a load), but also establish a single total
modification order of all atomic operations that are so tagged.
Which basically means that we had no or weak synchronization between
threads using the same variables in the rwlock structure. There should
not be a significant performance drop because the critical sections were
already protected by:
while(1) {
if (relaxed_atomic_operation) {
break;
}
LOCK(lock);
if (!relaxed_atomic_operation) {
WAIT(sem, lock);
}
UNLOCK(lock)l
}
I would add one more thing to "Don't do your own crypto, folks.":
- Also don't do your own locking, folks.
As part of this commit, I have also cleaned up the #ifdef spaghetti,
and fixed the isc_atomic API usage.
The ThreadSanitizer found several possible data races in our rwlock
implementation. This commit convert .spins and .write_granted fields
to atomic.
(cherry picked from commit 1da0994ea4)
The code for specifying OpenSSL PKCS#11 engine as part of the label
(e.g. -l "pkcs11:token=..." instead of -E pkcs11 -l "token=...")
was non-functional. This commit just cleans the related code.
(cherry picked from commit a5c87d9d18)
In system tests on Windows tool's local port can sometimes clash with
'named'. On Unix the system is poked for the minimal local port,
otherwise is set to 32768 as a sane minimum. For Windows we don't
poke but set a hardcoded limit; this change aligns the limit with
Unix and changes it to 32768.
(cherry picked from commit ed7fe5fae3b22d136f0a5a92ea3b67536b10a5ce)
- Add quotes before and after zone name when generating "addzone"
input so avoid "unexpected token" errors.
- Use a hex digest for zone filenames when the zone or view name
contains a slash.
- Test with a domain name containing a slash.
- Incidentally added 'catzhash.py' to contrib/scripts to generate
hash labels for catalog zones, as it was needed to write the test.
(cherry picked from commit dba0163dac)
Update the API files.
- lib/dns:
- struct resolver has added elements, this is an interface change
and thus LIBINTERFACE is incremented, and LIBREVISION is reset.
- Since this also means an interface change since the last public
release, also reset LIBAGE.
- lib/isc:
- The library source code changed, so increment LIBREVISION.
- lib/isccfg:
- The library source code changed, so increment LIBREVISION.
Update other files:
- No changes needed to the README, this is a small bugfix release.
- Fix a bad version xml:id in the release notes.
The `rndc signing -clear` command cleans up the private-type records
that keep track of zone signing activity, but before this change it
did not tell the secondary servers that the zone has changed.
(cherry picked from commit f3f7b7df5d)
Function dns_view_findzonecut in view.c wasn't correctly handling
classes other than IN (chaos, hesiod, etc) whenever the name being
looked up wasn't in cache or in any of the configured zone views' database.
That resulted in a NULL fname being used in resolver.c:4900, which
in turn was triggering abort.
(cherry picked from commit 85555f29d7)
This is a bug I encountered when trying to schedule an algorithm
rollover. My plan, for a zone whose maximum TTL is 48h, was to sign
with the new algorithm and schedule a change of CDS records for more
than 48 hours in the future, roughly like this:
$ dnssec-keygen -a 13 -fk -Psync now+50h $zone
$ dnssec-keygen -a 13 $zone
$ dnssec-settime -Dsync now+50h $zone_ksk_old
However the algorithm 13 CDS was published immediately, which could
have made the zone bogus.
To reveal the bug using the `smartsign` test, this change just adds a
KSK with all its times in the future, so it should not affect the
existing checks at all. But the final check (that there are no CDS or
CDSNSKEY records after -Dsync) fails with the old `syncpublish()`
logic, because the future key's sync records appear early. With the
new `syncpublish()` logic the future key does not affect the test, as
expected, and it now passes.
(cherry picked from commit 4227b7969b)
(cherry picked from commit 2db5a2539a)