[9.20] chg: dev: Use enum rather than numbers for isc_base64_tobuffer and isc_hex_tobuffer

Use isc_one_or_more and isc_zero_or_more rather than (-2) and (-1) when calling isc_base64_tobuffer. Similarly for isc_hex_tobuffer. This should help reduce the probability that the wrong number is used and it makes the intent clearer. Closes #5713 Backport of MR !11479 Merge branch 'backport-5713-use-macros-with-isc_base64_tobuffer-and-isc_hex_tobuffer-9.20' into 'bind-9.20' See merge request isc-projects/bind9!11498
2026-05-27 20:25:55 -04:00 · 2026-01-28 08:40:42 +11:00 · 2026-01-28 08:40:42 +11:00 · 47b8ca5ac7
commit 47b8ca5ac7
parent 3d0823ee68 37e03b004e
22 changed files with 62 additions and 26 deletions
--- a/cocci/isc_x_tobuffer.spatch
+++ b/cocci/isc_x_tobuffer.spatch
@ -0,0 +1,24 @@
+@@
+expression E1, E2;
+@@
+isc_base64_tobuffer
+-(E1, E2, -1)
+(E1, E2, isc_zero_or_more)
+@@
+expression E1, E2;
+@@
+isc_base64_tobuffer
+-(E1, E2, -2)
+(E1, E2, isc_one_or_more)
+@@
+expression E1, E2;
+@@
+isc_hex_tobuffer
+-(E1, E2, -1)
+(E1, E2, isc_zero_or_more)
+@@
+expression E1, E2;
+@@
+isc_hex_tobuffer
+-(E1, E2, -2)
+(E1, E2, isc_one_or_more)
--- a/lib/dns/dst_parse.c
+++ b/lib/dns/dst_parse.c
@ -549,7 +549,7 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
 		data = isc_mem_get(mctx, MAXFIELDSIZE);

 		isc_buffer_init(&b, data, MAXFIELDSIZE);
-		CHECK(isc_base64_tobuffer(lex, &b, -1));
+		CHECK(isc_base64_tobuffer(lex, &b, isc_zero_or_more));

 		isc_buffer_usedregion(&b, &r);
 		priv->elements[n].length = r.length;
--- a/lib/dns/rdata/generic/brid_68.c
+++ b/lib/dns/rdata/generic/brid_68.c
@ -28,7 +28,7 @@ fromtext_brid(ARGS_FROMTEXT) {
 	UNUSED(options);
 	UNUSED(callbacks);

-	return isc_base64_tobuffer(lexer, target, -2);
+	return isc_base64_tobuffer(lexer, target, isc_one_or_more);
 }

 static isc_result_t
--- a/lib/dns/rdata/generic/cert_37.c
+++ b/lib/dns/rdata/generic/cert_37.c
@ -58,7 +58,7 @@ fromtext_cert(ARGS_FROMTEXT) {
 	RETTOK(dns_secalg_fromtext(&secalg, &token.value.as_textregion));
 	RETERR(mem_tobuffer(target, &secalg, 1));

-	return isc_base64_tobuffer(lexer, target, -2);
+	return isc_base64_tobuffer(lexer, target, isc_one_or_more);
 }

 static isc_result_t
--- a/lib/dns/rdata/generic/doa_259.c
+++ b/lib/dns/rdata/generic/doa_259.c
@ -67,7 +67,7 @@ fromtext_doa(ARGS_FROMTEXT) {
 		return ISC_R_SUCCESS;
 	} else {
 		isc_lex_ungettoken(lexer, &token);
-		return isc_base64_tobuffer(lexer, target, -1);
+		return isc_base64_tobuffer(lexer, target, isc_zero_or_more);
 	}
 }

--- a/lib/dns/rdata/generic/hhit_67.c
+++ b/lib/dns/rdata/generic/hhit_67.c
@ -28,7 +28,7 @@ fromtext_hhit(ARGS_FROMTEXT) {
 	UNUSED(options);
 	UNUSED(callbacks);

-	return isc_base64_tobuffer(lexer, target, -2);
+	return isc_base64_tobuffer(lexer, target, isc_one_or_more);
 }

 static isc_result_t
--- a/lib/dns/rdata/generic/ipseckey_45.c
+++ b/lib/dns/rdata/generic/ipseckey_45.c
@ -118,7 +118,7 @@ fromtext_ipseckey(ARGS_FROMTEXT) {
 	/*
 	 * Public key.
 	 */
-	return isc_base64_tobuffer(lexer, target, -2);
+	return isc_base64_tobuffer(lexer, target, isc_one_or_more);
 }

 static isc_result_t
--- a/lib/dns/rdata/generic/key_25.c
+++ b/lib/dns/rdata/generic/key_25.c
@ -89,7 +89,7 @@ generic_fromtext_key(ARGS_FROMTEXT) {
 	 */
 	used = isc_buffer_usedlength(target);

-	RETERR(isc_base64_tobuffer(lexer, target, -2));
+	RETERR(isc_base64_tobuffer(lexer, target, isc_one_or_more));

 	if (alg == DNS_KEYALG_PRIVATEDNS || alg == DNS_KEYALG_PRIVATEOID) {
 		isc_buffer_t b;
--- a/lib/dns/rdata/generic/keydata_65533.c
+++ b/lib/dns/rdata/generic/keydata_65533.c
@ -83,7 +83,7 @@ fromtext_keydata(ARGS_FROMTEXT) {
 		return ISC_R_SUCCESS;
 	}

-	return isc_base64_tobuffer(lexer, target, -2);
+	return isc_base64_tobuffer(lexer, target, isc_one_or_more);
 }

 static isc_result_t
--- a/lib/dns/rdata/generic/openpgpkey_61.c
+++ b/lib/dns/rdata/generic/openpgpkey_61.c
@ -29,7 +29,7 @@ fromtext_openpgpkey(ARGS_FROMTEXT) {
 	/*
 	 * Keyring.
 	 */
-	return isc_base64_tobuffer(lexer, target, -2);
+	return isc_base64_tobuffer(lexer, target, isc_one_or_more);
 }

 static isc_result_t
--- a/lib/dns/rdata/generic/rrsig_46.c
+++ b/lib/dns/rdata/generic/rrsig_46.c
@ -157,7 +157,7 @@ fromtext_rrsig(ARGS_FROMTEXT) {
 	 */
 	used = isc_buffer_usedlength(target);

-	RETERR(isc_base64_tobuffer(lexer, target, -2));
+	RETERR(isc_base64_tobuffer(lexer, target, isc_one_or_more));

 	if (alg == DNS_KEYALG_PRIVATEDNS || alg == DNS_KEYALG_PRIVATEOID) {
 		isc_buffer_t b;
--- a/lib/dns/rdata/generic/sig_24.c
+++ b/lib/dns/rdata/generic/sig_24.c
@ -121,7 +121,7 @@ fromtext_sig(ARGS_FROMTEXT) {
 	 */
 	used = isc_buffer_usedlength(target);

-	RETERR(isc_base64_tobuffer(lexer, target, -2));
+	RETERR(isc_base64_tobuffer(lexer, target, isc_one_or_more));

 	if (alg == DNS_KEYALG_PRIVATEDNS || alg == DNS_KEYALG_PRIVATEOID) {
 		isc_buffer_t b;
--- a/lib/dns/rdata/generic/sink_40.c
+++ b/lib/dns/rdata/generic/sink_40.c
@ -54,7 +54,7 @@ fromtext_sink(ARGS_FROMTEXT) {
 	}
 	RETERR(uint8_tobuffer(token.value.as_ulong, target));

-	return isc_base64_tobuffer(lexer, target, -1);
+	return isc_base64_tobuffer(lexer, target, isc_zero_or_more);
 }

 static isc_result_t
--- a/lib/dns/rdata/generic/tlsa_52.c
+++ b/lib/dns/rdata/generic/tlsa_52.c
@ -61,7 +61,7 @@ generic_fromtext_tlsa(ARGS_FROMTEXT) {
 	/*
 	 * Certificate Association Data.
 	 */
-	return isc_hex_tobuffer(lexer, target, -2);
+	return isc_hex_tobuffer(lexer, target, isc_one_or_more);
 }

 static isc_result_t
--- a/lib/dns/rdata/in_1/dhcid_49.c
+++ b/lib/dns/rdata/in_1/dhcid_49.c
@ -29,7 +29,7 @@ fromtext_in_dhcid(ARGS_FROMTEXT) {
 	UNUSED(options);
 	UNUSED(callbacks);

-	return isc_base64_tobuffer(lexer, target, -2);
+	return isc_base64_tobuffer(lexer, target, isc_one_or_more);
 }

 static isc_result_t
--- a/lib/dns/rdata/in_1/eid_31.c
+++ b/lib/dns/rdata/in_1/eid_31.c
@ -29,7 +29,7 @@ fromtext_in_eid(ARGS_FROMTEXT) {
 	UNUSED(rdclass);
 	UNUSED(callbacks);

-	return isc_hex_tobuffer(lexer, target, -2);
+	return isc_hex_tobuffer(lexer, target, isc_one_or_more);
 }

 static isc_result_t
--- a/lib/dns/rdata/in_1/nimloc_32.c
+++ b/lib/dns/rdata/in_1/nimloc_32.c
@ -29,7 +29,7 @@ fromtext_in_nimloc(ARGS_FROMTEXT) {
 	UNUSED(rdclass);
 	UNUSED(callbacks);

-	return isc_hex_tobuffer(lexer, target, -2);
+	return isc_hex_tobuffer(lexer, target, isc_one_or_more);
 }

 static isc_result_t
--- a/lib/isc/base64.c
+++ b/lib/isc/base64.c
@ -179,7 +179,7 @@ isc_base64_tobuffer(isc_lex_t *lexer, isc_buffer_t *target, int length) {
 	isc_token_t token;
 	bool eol;

-	REQUIRE(length >= -2);
+	REQUIRE(length >= isc_one_or_more);

 	base64_decode_init(&ctx, length, target);

@ -207,7 +207,7 @@ isc_base64_tobuffer(isc_lex_t *lexer, isc_buffer_t *target, int length) {
 		isc_lex_ungettoken(lexer, &token);
 	}
 	RETERR(base64_decode_finish(&ctx));
-	if (length == -2 && before == after) {
+	if (length == isc_one_or_more && before == after) {
 		return ISC_R_UNEXPECTEDEND;
 	}
 	return ISC_R_SUCCESS;
@ -217,7 +217,7 @@ isc_result_t
 isc_base64_decodestring(const char *cstr, isc_buffer_t *target) {
 	base64_decode_ctx_t ctx;

-	base64_decode_init(&ctx, -1, target);
+	base64_decode_init(&ctx, isc_zero_or_more, target);
 	for (;;) {
 		int c = *cstr++;
 		if (c == '\0') {
--- a/lib/isc/hex.c
+++ b/lib/isc/hex.c
@ -138,7 +138,7 @@ isc_hex_tobuffer(isc_lex_t *lexer, isc_buffer_t *target, int length) {
 	isc_token_t token;
 	bool eol;

-	REQUIRE(length >= -2);
+	REQUIRE(length >= isc_one_or_more);

 	hex_decode_init(&ctx, length, target);

@ -166,7 +166,7 @@ isc_hex_tobuffer(isc_lex_t *lexer, isc_buffer_t *target, int length) {
 		isc_lex_ungettoken(lexer, &token);
 	}
 	RETERR(hex_decode_finish(&ctx));
-	if (length == -2 && before == after) {
+	if (length == isc_one_or_more && before == after) {
 		return ISC_R_UNEXPECTEDEND;
 	}
 	return ISC_R_SUCCESS;
@ -176,7 +176,7 @@ isc_result_t
 isc_hex_decodestring(const char *cstr, isc_buffer_t *target) {
 	hex_decode_ctx_t ctx;

-	hex_decode_init(&ctx, -1, target);
+	hex_decode_init(&ctx, isc_zero_or_more, target);
 	for (;;) {
 		int c = *cstr++;
 		if (c == '\0') {
--- a/lib/isc/include/isc/base64.h
+++ b/lib/isc/include/isc/base64.h
@ -75,8 +75,11 @@ isc_base64_tobuffer(isc_lex_t *lexer, isc_buffer_t *target, int length);
 * `target`. If 'length' is non-negative, it is the expected number of
 * encoded octets to convert.
 *
- * If 'length' is -1 then 0 or more encoded octets are expected.
- * If 'length' is -2 then 1 or more encoded octets are expected.
+ * If 'length' is isc_zero_or_more then 0 or more encoded octets are
+ * expected.
+ *
+ * If 'length' is isc_one_or_more then 1 or more encoded octets are
+ * expected.
 *
 * Returns:
 *\li	#ISC_R_BADBASE64 -- invalid base64 encoding.
--- a/lib/isc/include/isc/hex.h
+++ b/lib/isc/include/isc/hex.h
@ -88,8 +88,11 @@ isc_hex_tobuffer(isc_lex_t *lexer, isc_buffer_t *target, int length);
 * `target`. If 'length' is non-negative, it is the expected number of
 * encoded octets to convert.
 *
- * If 'length' is -1 then 0 or more encoded octets are expected.
- * If 'length' is -2 then 1 or more encoded octets are expected.
+ * If 'length' is isc_zero_or_more then 0 or more encoded octets are
+ * expected.
+ *
+ * If 'length' is isc_one_or_more then 1 or more encoded octets are
+ * expected.
 *
 * Returns:
 *\li	#ISC_R_BADHEX -- invalid hex encoding
--- a/lib/isc/include/isc/types.h
+++ b/lib/isc/include/isc/types.h
@ -86,6 +86,12 @@ typedef struct isc_nm_http_endpoints isc_nm_http_endpoints_t;
 /*%< HTTP endpoints set */
 #endif /* HAVE_LIBNGHTTP2 */

+/*% Used by isc_base64 and isc_hex for expected lower bound */
+enum {
+	isc_zero_or_more = -1,
+	isc_one_or_more = -2,
+};
+
 /*% Statistics formats (text file or XML) */
 typedef enum {
 	isc_statsformat_file,