Re: [Dnsmasq-discuss] [PATCH] dnsmasq-2.68 vs. dnsmasq-2.69rc1 Coverity scan diff

2014-03-25 Thread Dave Taht 
did you also compile with dhcpv6 support enabled?

On Tue, Mar 25, 2014 at 7:33 AM, Tomas Hozza tho...@redhat.com wrote:


 - Original Message -
 On 24/03/14 13:51, Tomas Hozza wrote:
  Hi.
 
  I did a version diff scan between 2.68 and 2.69rc1 version.
 From my point of view there is one thing worth of fixing,
  I'm attaching the patch.
 
  I'm also attaching the coverity scan log.
 
  Regards,
 
  Tomas Hozza
 
 

 Thanks, I agree there's a problem if recvfrom() fails and returns -1.
 The solution is to get the sanity checks right, since is already checks
 that n  sizeof(struct dns_header), just too late. I've committed a fix:


 http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=490f90758dba741b10a2af6b70eb561777575e04

 Looks reasonable, too.

 Cheers,

 Simon.

 Hi Simon.

 Unfortunately I noticed, that I didn't enabled the new DNSSEC functionality
 during the Coverity scan :) I did the scan again and found more issues worth
 of fixing.

 Please see the attached log and patches.

 Regards,

 Tomas
 ___
 Dnsmasq-discuss mailing list
 Dnsmasq-discuss@lists.thekelleys.org.uk
 http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss




-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] [PATCH] dnsmasq-2.68 vs. dnsmasq-2.69rc1 Coverity scan diff

2014-03-24 Thread Tomas Hozza 
Hi.

I did a version diff scan between 2.68 and 2.69rc1 version.
From my point of view there is one thing worth of fixing,
I'm attaching the patch.

I'm also attaching the coverity scan log.

Regards,

Tomas Hozza

csdiff_dnsmasq_2.68-2.69rc1.err
Description: Binary data
From d9eb8adbcaec4018f9d39d676d32a02c16f22371 Mon Sep 17 00:00:00 2001
From: Tomas Hozza tho...@redhat.com
Date: Mon, 24 Mar 2014 14:43:14 +0100
Subject: [PATCH] Add check for the return value of recvfrom.

recvfrom return signed value which is then passed to functions
that take unsigned value as an argument.

Coverity log:
Error: NEGATIVE_RETURNS (CWE-394):
dnsmasq-2.69rc1/src/forward.c:683: negative_return_fn: Function
recvfrom(fd, dnsmasq_daemon-packet, dnsmasq_daemon-packet_buff_sz, 0,
__SOCKADDR_ARG({ .__sockaddr__ = serveraddr.sa}), addrlen) returns a
negative number.
dnsmasq-2.69rc1/src/forward.c:683: var_assign: Assigning: signed
variable n = recvfrom(int, void * restrict, size_t, int,
__SOCKADDR_ARG, socklen_t * restrict).
dnsmasq-2.69rc1/src/forward.c:713: negative_returns: n is passed to a
parameter that cannot be negative.
dnsmasq-2.69rc1/src/rfc1035.c:364:62: sizet: plen is a size_t
parameter.

Signed-off-by: Tomas Hozza tho...@redhat.com
---
 src/forward.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/src/forward.c b/src/forward.c
index 3f4ec62..e4690a0 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -688,6 +688,12 @@ void reply_query(int fd, int family, time_t now)
   unsigned int crc;
 #endif
 
+  if (n  0)
+{
+  my_syslog(LOG_WARNING, _(Failed to receive DNS reply from remote server - (%d) %s), errno, strerror(errno));
+  return;
+}
+
   /* packet buffer overwritten */
   daemon-srv_save = NULL;
   
-- 
1.8.5.3

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss