3872. [bug] Address issues found by static analysis. [RT #36209]

CHANGES

@@ -1,3 +1,5 @@
+3872.	[bug]		Address issues found by static analysis. [RT #36209]
+
 3871.	[bug]		Don't publish an activated key automatically before
 			its publish time. [RT #35063]
 

bin/named/update.c

@@ -3096,10 +3096,9 @@ update_action(isc_task_t *task, isc_event_t *event) {
 #define ALLOW_SECURE_TO_INSECURE(zone) \
 	((dns_zone_getoptions(zone) & DNS_ZONEOPT_SECURETOINSECURE) != 0)
 
+		CHECK(rrset_exists(db, oldver, zonename, dns_rdatatype_dnskey,
+				   0, &had_dnskey));
 		if (!ALLOW_SECURE_TO_INSECURE(zone)) {
-			CHECK(rrset_exists(db, oldver, zonename,
-					   dns_rdatatype_dnskey, 0,
-					   &had_dnskey));
 			if (had_dnskey && !has_dnskey) {
 				update_log(client, zone, LOGLEVEL_PROTOCOL,
 					   "update rejected: all DNSKEY "

bin/tests/dst/gsstest.c

@@ -27,6 +27,7 @@
 #include <isc/entropy.h>
 #include <isc/log.h>
 #include <isc/mem.h>
+#include <isc/print.h>
 #include <isc/sockaddr.h>
 #include <isc/socket.h>
 #include <isc/task.h>
@@ -71,9 +72,6 @@ struct dst_context {
 	} \
 }
 
-static char contextname[512];
-static char gssid[512];
-static char serveraddress[512];
 static dns_fixedname_t servername, gssname;
 
 static isc_mem_t *mctx;
@@ -106,7 +104,7 @@ console(isc_task_t *task, isc_event_t *event)
 
 	for (;;) {
 		printf("\nCommand => ");
-		c = scanf("%s", buf);
+		c = scanf("%31s", buf);
 
 		if (c == EOF || strcmp(buf, "quit") == 0) {
 			isc_app_shutdown();
@@ -209,7 +207,7 @@ sendquery(isc_task_t *task, isc_event_t *event)
 	isc_event_free(&event);
 
 	printf("Query => ");
-	c = scanf("%s", host);
+	c = scanf("%255s", host);
 	if (c == EOF)
 		return;
 
@@ -350,6 +348,8 @@ initctx2(isc_task_t *task, isc_event_t *event) {
 
 static void
 initctx1(isc_task_t *task, isc_event_t *event) {
+	char gssid[512];
+	char contextname[512];
 	isc_result_t result;
 	isc_buffer_t buf;
 	dns_message_t *query;
@@ -359,11 +359,12 @@ initctx1(isc_task_t *task, isc_event_t *event) {
 	isc_event_free(&event);
 
 	printf("Initctx - GSS name => ");
-	c = scanf("%s", gssid);
+	c = scanf("%511s", gssid);
 	if (c == EOF)
 		return;
 
-	sprintf(contextname, "gsstest.context.%d.", (int)time(NULL));
+	snprintf(contextname, sizeof(contextname),
+		 "gsstest.context.%d.", (int)time(NULL));
 
 	printf("Initctx - context name we're using: %s\n", contextname);
 
@@ -417,12 +418,13 @@ initctx1(isc_task_t *task, isc_event_t *event) {
 static void
 setup(void)
 {
-	struct in_addr inaddr;
-	int c;
-
 	for (;;) {
+		char serveraddress[512];
+		struct in_addr inaddr;
+		int c;
+
 		printf("Server IP => ");
-		c = scanf("%s", serveraddress);
+		c = scanf("%511s", serveraddress);
 
 		if (c == EOF || strcmp(serveraddress, "quit") == 0) {
 			isc_app_shutdown();

bin/tools/genrandom.c

@@ -120,7 +120,9 @@ main(int argc, char **argv) {
 		return (0);
 	}
 
-	len = strlen(argv[isc_commandline_index]) + 2;
+	len = strlen(argv[isc_commandline_index]);
+	INSIST((len + 2) > len);
+	len += 2;
 	name = (char *) malloc(len);
 	if (name == NULL) {
 		perror("malloc");

contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c

@@ -1620,7 +1620,7 @@ dlz_addrdataset(const char *name, const char *rdatastr,
 		 * SOA: zone admin serial refresh retry expire min
 		 */
 		char sn[32];
-		sscanf(record->data, "%*s %*s %s %*s %*s %*s %*s", sn);
+		sscanf(record->data, "%*s %*s %31s %*s %*s %*s %*s", sn);
 		query = build_query(state, txn->dbi, U_SERIAL, sn,
 				    txn->zone_id);
 		if (query == NULL) {

lib/dns/nsec3.c

@@ -567,6 +567,7 @@ dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version,
 	CHECK(dns_nsec3_hashname(&fixed, nexthash, &next_length,
 				 name, origin, hash, iterations,
 				 salt, salt_length));
+	INSIST(next_length <= sizeof(nexthash));
 
 	/*
 	 * Create the node if it doesn't exist and hold

lib/dns/rbt.c

@@ -263,7 +263,10 @@ getdata(dns_rbtnode_t *node, file_header_t *header) {
  * of memory concerns, when chains were first implemented).
  */
 #define ADD_LEVEL(chain, node) \
-			(chain)->levels[(chain)->level_count++] = (node)
+	do { \
+		INSIST((chain)->level_count < DNS_RBT_LEVELBLOCK); \
+		(chain)->levels[(chain)->level_count++] = (node); \
+	} while (0)
 
 /*%
  * The following macros directly access normally private name variables.

lib/isc/include/isc/iterated_hash.h

@@ -23,7 +23,7 @@
 #include <isc/sha1.h>
 
 /*
- * The maximal hash length that can be encoded it a name
+ * The maximal hash length that can be encoded in a name
  * using base32hex.  floor(255/8)*5
  */
 #define NSEC3_MAX_HASH_LENGTH 155