[v4_1_esv]

[rt23833]
Clean up a number of items identified by the Coverity
static analysis tool.  Runs courtesy of Red Hat.

4 files changed, 68 insertions, 37 deletions

diff --git a/dst/dst_api.c b/dst/dst_api.c
index b0540085..44148229 100644
--- a/dst/dst_api.c
+++ b/dst/dst_api.c
@@ -348,7 +348,7 @@ dst_read_key(const char *in_keyname, const unsigned in_id,
 		EREPORT(("dst_read_private_key(): Null key name passed in\n"));
 		return (NULL);
 	} else
-		strcpy(keyname, in_keyname);
+		strncpy(keyname, in_keyname, PATH_MAX);
 
 	/* before I read in the public key, check if it is allowed to sign */
 	if ((pubkey = dst_s_read_public_key(keyname, in_id, in_alg)) == NULL)
@@ -442,6 +442,7 @@ dst_s_write_private_key(const DST_KEY *key)
 		if ((nn = fwrite(encoded_block, 1, len, fp)) != len) {
 			EREPORT(("dst_write_private_key(): Write failure on %s %d != %d errno=%d\n",
 				 file, out_len, nn, errno));
+			fclose(fp);
 			return (-5);
 		}
 		fclose(fp);
@@ -662,7 +663,7 @@ dst_dnskey_to_key(const char *in_name,
 	int alg ;
 	int start = DST_KEY_START;
 
-	if (rdata == NULL || len <= DST_KEY_ALG) /* no data */
+	if (in_name == NULL || rdata == NULL || len <= DST_KEY_ALG) /* no data */
 		return (NULL);
 	alg = (u_int8_t) rdata[DST_KEY_ALG];
 	if (!dst_check_algorithm(alg)) { /* make sure alg is available */
@@ -673,8 +674,6 @@ dst_dnskey_to_key(const char *in_name,
 	if ((key_st = dst_s_get_key_struct(in_name, alg, 0, 0, 0)) == NULL)
 		return (NULL);
 
-	if (in_name == NULL)
-		return (NULL);
 	key_st->dk_flags = dst_s_get_int16(rdata);
 	key_st->dk_proto = (u_int16_t) rdata[DST_KEY_PROT];
 	if (key_st->dk_flags & DST_EXTEND_FLAG) {
@@ -794,10 +793,12 @@ dst_buffer_to_key(const char *key_name,		/* name of the key */
 	    dkey->dk_func->from_dns_key != NULL) {
 		if (dkey->dk_func->from_dns_key(dkey, key_buf, key_len) < 0) {
 			EREPORT(("dst_buffer_to_key(): dst_buffer_to_hmac failed\n"));
-			return (dst_free_key(dkey));
+			(void) (dst_free_key(dkey));
+			return (NULL);
 		}
 		return (dkey);
 	}
+	(void) (dst_free_key(dkey));
 	return (NULL);
 }
 
@@ -1011,11 +1012,9 @@ dst_free_key(DST_KEY *f_key)
 	else {
 		EREPORT(("dst_free_key(): Unknown key alg %d\n",
 			 f_key->dk_alg));
-		free(f_key->dk_KEY_struct);	/* SHOULD NOT happen */
 	}
 	if (f_key->dk_KEY_struct) {
-		free(f_key->dk_KEY_struct);
-		f_key->dk_KEY_struct = NULL;
+		SAFE_FREE(f_key->dk_KEY_struct);
 	}
 	if (f_key->dk_key_name)
 		SAFE_FREE(f_key->dk_key_name);
diff --git a/dst/dst_support.c b/dst/dst_support.c
index 0d4c3937..d26afd1d 100644
--- a/dst/dst_support.c
+++ b/dst/dst_support.c
@@ -3,7 +3,8 @@ static const char rcsid[] = "$Header: /tmp/cvstest/DHCP/dst/dst_support.c,v 1.4
 
 /*
  * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
- * Portions Copyright (c) 2007 by Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (c) 2007,2009 by Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (c) 2012 by Internet Systems Consortium, Inc. ("ISC")
  *
  * Permission to use, copy modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -57,6 +58,7 @@ dst_s_conv_bignum_u8_to_b64(char *out_buf, const unsigned out_len,
 {
 	const u_char *bp = bin_data;
 	char *op = out_buf;
+	int res = 0;
 	unsigned lenh = 0, len64 = 0;
 	unsigned local_in_len = bin_len;
 	unsigned local_out_len = out_len;
@@ -80,9 +82,10 @@ dst_s_conv_bignum_u8_to_b64(char *out_buf, const unsigned out_len,
 		local_out_len -= lenh;
 		op += lenh;
 	}
-	len64 = b64_ntop(bp, local_in_len, op, local_out_len - 2);
-	if (len64 < 0)
+	res = b64_ntop(bp, local_in_len, op, local_out_len - 2);
+	if (res < 0)
 		return (-1);
+	len64 = (unsigned) res;
 	op += len64++;
 	*(op++) = '\n';		/* put CR in the output */
 	*op = '\0';		/* make sure output is 0 terminated */
@@ -149,6 +152,7 @@ dst_s_conv_bignum_b64_to_u8(const char **buf,
 	unsigned blen;
 	char *bp;
 	u_char bstr[RAW_KEY_SIZE];
+	int res = 0;
 
 	if (buf == NULL || *buf == NULL) {	/* error checks */
 		EREPORT(("dst_s_conv_bignum_b64_to_u8: null input buffer.\n"));
@@ -158,12 +162,13 @@ dst_s_conv_bignum_b64_to_u8(const char **buf,
 	if (bp != NULL)
 		*bp = '\0';
 
-	blen = b64_pton(*buf, bstr, sizeof(bstr));
-	if (blen <= 0) {
+	res = b64_pton(*buf, bstr, sizeof(bstr));
+	if (res <= 0) {
 		EREPORT(("dst_s_conv_bignum_b64_to_u8: decoded value is null.\n"));
 		return (0);
 	}
-	else if (loclen < blen) {
+	blen = (unsigned) res;
+	if (loclen < blen) {
 		EREPORT(("dst_s_conv_bignum_b64_to_u8: decoded value is longer than output buffer.\n"));
 		return (0);
 	}
@@ -428,7 +433,7 @@ dst_s_fopen(const char *filename, const char *mode, unsigned perm)
 	unsigned plen = sizeof(pathname);
 
 	if (*dst_path != '\0') {
-		strcpy(pathname, dst_path);
+		strncpy(pathname, dst_path, PATH_MAX);
 		plen -= strlen(pathname);
 	}
 	else 
diff --git a/dst/hmac_link.c b/dst/hmac_link.c
index e26b9a7c..05463fd1 100644
--- a/dst/hmac_link.c
+++ b/dst/hmac_link.c
@@ -4,7 +4,8 @@ static const char rcsid[] = "$Header: /tmp/cvstest/DHCP/dst/hmac_link.c,v 1.3 20
 #endif
 /*
  * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
- * Portions Copyright (c) 2007 by Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (c) 2007,2009 by Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (c) 2012 by Internet Systems Consortium, Inc. ("ISC")
  *
  * Permission to use, copy modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -86,6 +87,10 @@ dst_hmac_md5_sign(const int mode, DST_KEY *d_key, void **context,
 	int sign_len = 0;
 	MD5_CTX *ctx = NULL;
 
+	if (d_key == NULL || d_key->dk_KEY_struct == NULL)
+		return (-1);
+	key = (HMAC_Key *) d_key->dk_KEY_struct;
+
 	if (mode & SIG_MODE_INIT) 
 		ctx = (MD5_CTX *) malloc(sizeof(*ctx));
 	else if (context)
@@ -93,10 +98,6 @@ dst_hmac_md5_sign(const int mode, DST_KEY *d_key, void **context,
 	if (ctx == NULL) 
 		return (-1);
 
-	if (d_key == NULL || d_key->dk_KEY_struct == NULL)
-		return (-1);
-	key = (HMAC_Key *) d_key->dk_KEY_struct;
-
 	if (mode & SIG_MODE_INIT) {
 		MD5Init(ctx);
 		MD5Update(ctx, key->hk_ipad, HMAC_LEN);
@@ -153,6 +154,10 @@ dst_hmac_md5_verify(const int mode, DST_KEY *d_key, void **context,
 	HMAC_Key *key;
 	MD5_CTX *ctx = NULL;
 
+	if (d_key == NULL || d_key->dk_KEY_struct == NULL)
+		return (-1);
+	key = (HMAC_Key *) d_key->dk_KEY_struct;
+
 	if (mode & SIG_MODE_INIT) 
 		ctx = (MD5_CTX *) malloc(sizeof(*ctx));
 	else if (context)
@@ -160,10 +165,6 @@ dst_hmac_md5_verify(const int mode, DST_KEY *d_key, void **context,
 	if (ctx == NULL) 
 		return (-1);
 
-	if (d_key == NULL || d_key->dk_KEY_struct == NULL)
-		return (-1);
-
-	key = (HMAC_Key *) d_key->dk_KEY_struct;
 	if (mode & SIG_MODE_INIT) {
 		MD5Init(ctx);
 		MD5Update(ctx, key->hk_ipad, HMAC_LEN);
@@ -215,8 +216,11 @@ dst_buffer_to_hmac_md5(DST_KEY *dkey, const u_char *key, const unsigned keylen)
 	HMAC_Key *hkey = NULL;
 	MD5_CTX ctx;
 	unsigned local_keylen = keylen;
+	u_char tk[MD5_LEN];
 
-	if (dkey == NULL || key == NULL || keylen < 0)
+	/* Do we need to check if keylen == 0?  The original
+	 * code didn't, so we don't currently */
+	if (dkey == NULL || key == NULL)
 		return (-1);
 
 	if ((hkey = (HMAC_Key *) malloc(sizeof(HMAC_Key))) == NULL)
@@ -227,7 +231,7 @@ dst_buffer_to_hmac_md5(DST_KEY *dkey, const u_char *key, const unsigned keylen)
 
 	/* if key is longer than HMAC_LEN bytes reset it to key=MD5(key) */
 	if (keylen > HMAC_LEN) {
-		u_char tk[MD5_LEN];
+		memset(tk, 0, sizeof(tk));
 		MD5Init(&ctx);
 		MD5Update(&ctx, (const unsigned char *)key, keylen);
 		MD5Final(tk, &ctx);
@@ -268,7 +272,7 @@ dst_hmac_md5_key_to_file_format(const DST_KEY *dkey, char *buff,
 			    const unsigned buff_len)
 {
 	char *bp;
-	int i;
+	int i, res;
 	unsigned len, b_len, key_len;
 	u_char key[HMAC_LEN];
 	HMAC_Key *hkey;
@@ -298,9 +302,10 @@ dst_hmac_md5_key_to_file_format(const DST_KEY *dkey, char *buff,
 	bp += strlen("Key: ");
 	b_len = buff_len - (bp - buff);
 
-	len = b64_ntop(key, key_len, bp, b_len);
-	if (len < 0) 
+	res = b64_ntop(key, key_len, bp, b_len);
+	if (res < 0) 
 		return (-1);
+	len = (unsigned) res;
 	bp += len;
 	*(bp++) = '\n';
 	*bp = '\0';
diff --git a/dst/prandom.c b/dst/prandom.c
index 6c4a2baa..18cbae7f 100644
--- a/dst/prandom.c
+++ b/dst/prandom.c
@@ -450,12 +450,12 @@ digest_file(dst_work *work)
 	struct timeval tv;
 	u_char buf[1024];
 
+	name = files[f_cnt++]; 
 	if (f_round == 0 || files[f_cnt] == NULL || work->file_digest == NULL) 
 		if (gettimeofday(&tv, NULL)) /* only do this if needed */
 			return (0);
 	if (f_round == 0)   /* first time called set to one hour ago */
 		f_round = (tv.tv_sec - MAX_OLD); 
-	name = files[f_cnt++]; 
 	if (files[f_cnt] == NULL) {  /* end of list of files */
 		if(f_cnt <= 1)       /* list is too short */
 			return (0);
@@ -673,8 +673,10 @@ get_hmac_key(int step, int block)
 	new->step = step;
 	new->block = block;
 	new->key = new_key;
-	if (dst_sign_data(SIG_MODE_INIT, new_key, &new->ctx, NULL, 0, NULL, 0))
+	if (dst_sign_data(SIG_MODE_INIT, new_key, &new->ctx, NULL, 0, NULL, 0)) {
+		SAFE_FREE(new);
 		return (NULL);
+	}
 
 	return (new);
 }
@@ -818,8 +820,10 @@ dst_s_random(u_char *output, unsigned size)
 						    DST_HASH_SIZE *
 						    DST_NUM_HASHES);
 		my_work->file_digest = NULL;
-		if (my_work->output == NULL)
+		if (my_work->output == NULL) {
+			SAFE_FREE(my_work);
 			return (n);
+		}
 		memset(my_work->output, 0x0, my_work->needed);
 /* allocate upto 4 different HMAC hash functions out of order */
 #if DST_NUM_HASHES >= 3
@@ -832,8 +836,17 @@ dst_s_random(u_char *output, unsigned size)
 		my_work->hash[3] = get_hmac_key(5, DST_RANDOM_BLOCK_SIZE / 4);
 #endif
 		my_work->hash[0] = get_hmac_key(1, DST_RANDOM_BLOCK_SIZE);
-		if (my_work->hash[0] == NULL)	/* if failure bail out */
+		if (my_work->hash[0] == NULL) {	/* if failure bail out */
+			for (i = 1; i < DST_NUM_HASHES; i++) {
+				if (my_work->hash[i] != NULL) {
+					dst_free_key(my_work->hash[i]->key);
+					SAFE_FREE(my_work->hash[i]);
+				}
+			}
+			SAFE_FREE(my_work->output);
+			SAFE_FREE(my_work);
 			return (n);
+		}
 		s = own_random(my_work);
 /* if more generated than needed store it for future use */
 		if (s >= my_work->needed) {
@@ -843,6 +856,9 @@ dst_s_random(u_char *output, unsigned size)
 			n += my_work->needed;
 			/* saving unused data for next time */
 			unused = s - my_work->needed;
+			if (unused > sizeof(old_unused)) {
+				unused = sizeof(old_unused);
+			}
 			memcpy(old_unused, &my_work->output[my_work->needed],
 			       unused);
 		} else {
@@ -854,8 +870,10 @@ dst_s_random(u_char *output, unsigned size)
 
 /* delete the allocated work area */
 		for (i = 0; i < DST_NUM_HASHES; i++) {
-			dst_free_key(my_work->hash[i]->key);
-			SAFE_FREE(my_work->hash[i]);
+			if (my_work->hash[i] != NULL) {
+				dst_free_key(my_work->hash[i]->key);
+				SAFE_FREE(my_work->hash[i]);
+			}
 		}
 		SAFE_FREE(my_work->output);
 		SAFE_FREE(my_work);
@@ -889,7 +907,7 @@ dst_s_semi_random(u_char *output, unsigned size)
 	prand_hash *hash;
 	unsigned out = 0;
 	unsigned i;
-	int n;
+	int n, res;
 
 	if (output == NULL || size <= 0)
 		return (-2);
@@ -938,9 +956,13 @@ dst_s_semi_random(u_char *output, unsigned size)
 		for (n = 0; n < DST_NUMBER_OF_COUNTERS; n++)
 			i = (int) counter[n]++;
 
-		i = dst_sign_data(SIG_MODE_ALL, my_key, NULL, 
+		res = dst_sign_data(SIG_MODE_ALL, my_key, NULL, 
 				  (u_char *) counter, hb_size,
 				  semi_old, sizeof(semi_old));
+		if (res < 0) {
+			return res;
+		}
+		i = (unsigned) res;
 		if (i != hb_size)
 			EREPORT(("HMAC SIGNATURE FAILURE %d\n", i));
 		cnt++;