diff --git a/buffer.c b/buffer.c index 8f6aab59..8c9d2345 100644 --- a/buffer.c +++ b/buffer.c @@ -42,6 +42,10 @@ ldns_buffer_new_frm_data(ldns_buffer *buffer, const void *data, size_t size) { assert(data != NULL); + if (data == NULL) { + return; + } + buffer->_position = 0; buffer->_limit = buffer->_capacity = size; buffer->_fixed = 0; @@ -65,6 +69,10 @@ ldns_buffer_set_capacity(ldns_buffer *buffer, size_t capacity) assert(buffer->_position <= capacity); assert(!buffer->_fixed); + if (buffer->_position > capacity || buffer->_fixed) { + return false; + } + data = (uint8_t *) LDNS_XREALLOC(buffer->_data, uint8_t, capacity); if (!data) { buffer->_status = LDNS_STATUS_MEM_ERR; @@ -106,6 +114,11 @@ ldns_buffer_printf(ldns_buffer *buffer, const char *format, ...) ldns_buffer_invariant(buffer); assert(buffer->_limit == buffer->_capacity); + if (buffer->_limit != buffer->_capacity) { + // @TODO set: buffer->_status = LDNS_STATUS_INTERNAL_ERR; ? + return -1; + } + remaining = ldns_buffer_remaining(buffer); va_start(args, format); written = vsnprintf((char *) ldns_buffer_current(buffer), remaining, diff --git a/dane.c b/dane.c index b8487b53..fc620822 100644 --- a/dane.c +++ b/dane.c @@ -97,6 +97,12 @@ ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, const ldns_rdf* name, assert(name != NULL); assert(ldns_rdf_get_type(name) == LDNS_RDF_TYPE_DNAME); + if (tlsa_owner == NULL || name == NULL || + ldns_rdf_get_type(name) != LDNS_RDF_TYPE_DNAME) { + // @TODO correct error? + return LDNS_STATUS_INTERNAL_ERR; + } + s = (size_t)snprintf(buf, LDNS_MAX_DOMAINLEN, "X_%d", (int)port); buf[0] = (char)(s - 1); @@ -146,6 +152,11 @@ ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert, assert(rdf != NULL); assert(cert != NULL); + if (rdf == NULL || cert == NULL) { + // @TODO correct error? + return LDNS_STATUS_INTERNAL_ERR; + } + switch(selector) { case LDNS_TLSA_SELECTOR_FULL_CERTIFICATE: @@ -263,6 +274,11 @@ ldns_dane_pkix_validate_and_get_chain(STACK_OF(X509)** chain, X509* cert, assert(chain != NULL); + if (chain == NULL) { + // @TODO correct error? + return LDNS_STATUS_INTERNAL_ERR; + } + if (! store) { store = empty_store = X509_STORE_new(); } @@ -311,6 +327,11 @@ ldns_dane_pkix_get_chain(STACK_OF(X509)** chain, assert(chain != NULL); + if (chain == NULL) { + // @TODO correct error? + return LDNS_STATUS_INTERNAL_ERR; + } + empty_store = X509_STORE_new(); s = LDNS_STATUS_SSL_ERR; vrfy_ctx = X509_STORE_CTX_new(); @@ -372,6 +393,11 @@ ldns_dane_pkix_get_last_self_signed(X509** out_cert, assert(out_cert != NULL); + if (out_cert == NULL) { + // @TODO correct error? + return LDNS_STATUS_INTERNAL_ERR; + } + empty_store = X509_STORE_new(); s = LDNS_STATUS_SSL_ERR; vrfy_ctx = X509_STORE_CTX_new(); @@ -413,6 +439,11 @@ ldns_dane_select_certificate(X509** selected_cert, assert(selected_cert != NULL); assert(cert != NULL); + if (selected_cert == NULL || cert == NULL) { + // @TODO correct error? + return LDNS_STATUS_INTERNAL_ERR; + } + /* With PKIX validation explicitly turned off (pkix_validation_store * == NULL), treat the "CA constraint" and "Service certificate * constraint" the same as "Trust anchor assertion" and "Domain issued @@ -520,6 +551,11 @@ ldns_dane_create_tlsa_rr(ldns_rr** tlsa, assert(tlsa != NULL); assert(cert != NULL); + if (tlsa == NULL || cert == NULL) { + // @TODO correct error? + return LDNS_STATUS_INTERNAL_ERR; + } + /* create rr */ *tlsa = ldns_rr_new_frm_type(LDNS_RR_TYPE_TLSA); if (*tlsa == NULL) { @@ -858,6 +894,11 @@ ldns_dane_verify(const ldns_rr_list* tlsas, assert(cert != NULL); + if (cert == NULL) { + // @TODO correct error? + return LDNS_STATUS_INTERNAL_ERR; + } + if (! tlsas || ldns_rr_list_rr_count(tlsas) == 0) /* No TLSA's, so regular PKIX validation */ diff --git a/dname.c b/dname.c index 4f311ee2..e85d07b4 100644 --- a/dname.c +++ b/dname.c @@ -45,6 +45,11 @@ ldns_dname_last_label_is_root_label(const ldns_rdf* dname) } assert(src_pos == ldns_rdf_size(dname)); + // @TODO check that this doesn't destory the logic + if (src_pos != ldns_rdf_size(dname)) { + return 0; + } + return src_pos > 0 && len == 0; } @@ -131,6 +136,10 @@ ldns_dname_reverse(const ldns_rdf *dname) assert(ldns_rdf_get_type(dname) == LDNS_RDF_TYPE_DNAME); + if (!(dname) || !(ldns_rdf_get_type(dname) == LDNS_RDF_TYPE_DNAME)) { + return NULL; + } + rd_size = ldns_rdf_size(dname); buf = LDNS_XMALLOC(uint8_t, rd_size); if (! buf) { @@ -380,6 +389,11 @@ ldns_dname_compare(const ldns_rdf *dname1, const ldns_rdf *dname2) assert(ldns_rdf_get_type(dname1) == LDNS_RDF_TYPE_DNAME); assert(ldns_rdf_get_type(dname2) == LDNS_RDF_TYPE_DNAME); + if (ldns_rdf_get_type(dname1) != LDNS_RDF_TYPE_DNAME || + ldns_rdf_get_type(dname2) != LDNS_RDF_TYPE_DNAME) { + return -1; + } + lc1 = ldns_dname_label_count(dname1); lc2 = ldns_dname_label_count(dname2); @@ -494,6 +508,12 @@ ldns_dname_interval(const ldns_rdf *prev, const ldns_rdf *middle, assert(ldns_rdf_get_type(middle) == LDNS_RDF_TYPE_DNAME); assert(ldns_rdf_get_type(next) == LDNS_RDF_TYPE_DNAME); + if (ldns_rdf_get_type(prev) != LDNS_RDF_TYPE_DNAME || + ldns_rdf_get_type(middle) != LDNS_RDF_TYPE_DNAME || + ldns_rdf_get_type(next) != LDNS_RDF_TYPE_DNAME) { + return 0; + } + prev_check = ldns_dname_compare(prev, middle); next_check = ldns_dname_compare(middle, next); /* <= next. This cannot be the case for nsec, because then we would diff --git a/dnssec.c b/dnssec.c index fbaa518a..cad50c4f 100644 --- a/dnssec.c +++ b/dnssec.c @@ -1408,6 +1408,10 @@ ldns_nsec_bitmap_covers_type(const ldns_rdf* bitmap, ldns_rr_type type) } assert(ldns_rdf_get_type(bitmap) == LDNS_RDF_TYPE_BITMAP); + if (ldns_rdf_get_type(bitmap) != LDNS_RDF_TYPE_BITMAP) { + return false; + } + dptr = ldns_rdf_data(bitmap); dend = ldns_rdf_data(bitmap) + ldns_rdf_size(bitmap); @@ -1445,6 +1449,10 @@ ldns_nsec_bitmap_set_type(ldns_rdf* bitmap, ldns_rr_type type) } assert(ldns_rdf_get_type(bitmap) == LDNS_RDF_TYPE_BITMAP); + if (ldns_rdf_get_type(bitmap) != LDNS_RDF_TYPE_BITMAP) { + return false; + } + dptr = ldns_rdf_data(bitmap); dend = ldns_rdf_data(bitmap) + ldns_rdf_size(bitmap); @@ -1484,6 +1492,10 @@ ldns_nsec_bitmap_clear_type(ldns_rdf* bitmap, ldns_rr_type type) assert(ldns_rdf_get_type(bitmap) == LDNS_RDF_TYPE_BITMAP); + if (ldns_rdf_get_type(bitmap) != LDNS_RDF_TYPE_BITMAP) { + return false; + } + dptr = ldns_rdf_data(bitmap); dend = ldns_rdf_data(bitmap) + ldns_rdf_size(bitmap); diff --git a/dnssec_verify.c b/dnssec_verify.c index d76f32eb..715f5c11 100644 --- a/dnssec_verify.c +++ b/dnssec_verify.c @@ -290,6 +290,10 @@ ldns_dnssec_build_data_chain(ldns_resolver *res, assert(pkt != NULL); + if (pkt == NULL) { + return new_chain; + } + if (!ldns_dnssec_pkt_has_rrsigs(pkt)) { /* hmm. no dnssec data in the packet. go up to try and deny * DS? */ diff --git a/dnssec_zone.c b/dnssec_zone.c index 7be6791e..c5c9cfd8 100644 --- a/dnssec_zone.c +++ b/dnssec_zone.c @@ -924,6 +924,10 @@ ldns_dnssec_zone_hashed_names_from_nsec3( assert(zone != NULL); assert(nsec3rr != NULL); + if (zone == NULL || nsec3rr == NULL) { + return; + } + if (zone->hashed_names) { ldns_traverse_postorder(zone->hashed_names, @@ -956,6 +960,11 @@ ldns_dnssec_name_make_hashed_name(ldns_dnssec_zone *zone, ldns_rbnode_t* new_node; assert(name != NULL); + + if (name == NULL) { + return; + } + if (! zone->_nsec3params) { if (! nsec3rr) { return; diff --git a/edns.c b/edns.c index 3d002d67..ef95c44c 100644 --- a/edns.c +++ b/edns.c @@ -24,6 +24,11 @@ size_t ldns_edns_get_size(const ldns_edns_option *edns) { assert(edns != NULL); + + if (edns == NULL) { + return 0; + } + return edns->_size; } @@ -31,6 +36,11 @@ ldns_edns_option_code ldns_edns_get_code(const ldns_edns_option *edns) { assert(edns != NULL); + + if (edns == NULL) { + return 0; + } + return edns->_code; } @@ -77,6 +87,11 @@ void ldns_edns_set_size(ldns_edns_option *edns, size_t size) { assert(edns != NULL); + + if (edns == NULL) { + return; + } + edns->_size = size; } @@ -84,6 +99,11 @@ void ldns_edns_set_code(ldns_edns_option *edns, ldns_edns_option_code code) { assert(edns != NULL); + + if (edns == NULL) { + return; + } + edns->_code = code; } @@ -92,6 +112,11 @@ ldns_edns_set_data(ldns_edns_option *edns, void *data) { /* only copy the pointer */ assert(edns != NULL); + + if (edns == NULL) { + return; + } + edns->_data = data; } @@ -140,6 +165,10 @@ ldns_edns_clone(ldns_edns_option *edns) assert(edns != NULL); + if (edns == NULL) { + return NULL; + } + new_option = ldns_edns_new_from_data(ldns_edns_get_code(edns), ldns_edns_get_size(edns), ldns_edns_get_data(edns)); @@ -249,6 +278,11 @@ ldns_edns_option_list_get_option(const ldns_edns_option_list *option_list, size_ { if (option_list && index < ldns_edns_option_list_get_count(option_list)) { assert(option_list->_options[index]); + + if (option_list->_options[index] == NULL) { + return NULL; + } + return option_list->_options[index]; } else { return NULL; @@ -274,6 +308,10 @@ ldns_edns_option_list_set_option(ldns_edns_option_list *option_list, assert(option_list != NULL); + if (option_list == NULL) { + return NULL; + } + if (index > ldns_edns_option_list_get_count(option_list)) { return NULL; } @@ -350,6 +388,10 @@ ldns_edns_option_list_pop(ldns_edns_option_list *option_list) assert(option_list != NULL); + if (option_list == NULL) { + return false; + } + cap = option_list->_option_capacity; count = ldns_edns_option_list_get_count(option_list); diff --git a/host2str.c b/host2str.c index 7282db9e..7eea9cc6 100644 --- a/host2str.c +++ b/host2str.c @@ -163,6 +163,10 @@ ldns_output_format_set_type(ldns_output_format* fmt, ldns_rr_type t) ldns_status s; assert(fmt != NULL); + + if (fmt == NULL) { + return LDNS_STATUS_INTERNAL_ERR; + } if (!(fmt_st->flags & LDNS_FMT_RFC3597)) { ldns_output_format_set(fmt, LDNS_FMT_RFC3597); @@ -184,6 +188,10 @@ ldns_output_format_clear_type(ldns_output_format* fmt, ldns_rr_type t) assert(fmt != NULL); + if (fmt == NULL) { + return LDNS_STATUS_INTERNAL_ERR; + } + if (!(fmt_st->flags & LDNS_FMT_RFC3597)) { ldns_output_format_set(fmt, LDNS_FMT_RFC3597); } diff --git a/net.c b/net.c index 57d4dff2..0a8a1ed4 100644 --- a/net.c +++ b/net.c @@ -512,6 +512,10 @@ ldns_send_buffer(ldns_pkt **result, ldns_resolver *r, ldns_buffer *qb, ldns_rdf assert(r != NULL); + if (r == NULL) { + return LDNS_STATUS_INTERNAL_ERR; + } + status = LDNS_STATUS_OK; rtt = ldns_resolver_rtt(r); ns_array = ldns_resolver_nameservers(r); @@ -624,6 +628,11 @@ ldns_send_buffer(ldns_pkt **result, ldns_resolver *r, ldns_buffer *qb, ldns_rdf } assert(reply); + if (reply == NULL) { + LDNS_FREE(ns); + return LDNS_STATUS_INTERNAL_ERR; + } + LDNS_FREE(ns); gettimeofday(&tv_e, NULL); diff --git a/radix.c b/radix.c index 9695e137..f05e4c90 100644 --- a/radix.c +++ b/radix.c @@ -183,6 +183,12 @@ ldns_radix_insert(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len, if (!ldns_radix_find_prefix(tree, key, len, &prefix, &pos)) { /** No prefix found */ assert(tree->root == NULL); + + if (tree->root != NULL) { + LDNS_FREE(add); + return LDNS_STATUS_INTERNAL_ERR; + } + if (len == 0) { /** * Example 1: The root: @@ -237,6 +243,12 @@ ldns_radix_insert(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len, /** Prefix found */ uint8_t byte = key[pos]; assert(pos < len); + + if (pos >= len) { + LDNS_FREE(add); + return LDNS_STATUS_INTERNAL_ERR; + } + if (byte < prefix->offset || (byte - prefix->offset) >= prefix->len) { /** Find some space in the array for the byte. */ @@ -252,6 +264,12 @@ ldns_radix_insert(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len, } assert(byte >= prefix->offset); assert((byte - prefix->offset) <= prefix->len); + + if (byte < prefix->offset || (byte - prefix->offset) > prefix->len) { + LDNS_FREE(add); + return LDNS_STATUS_INTERNAL_ERR; + } + byte -= prefix->offset; if (pos+1 < len) { /** Create remainder of the string. */ @@ -563,6 +581,11 @@ ldns_radix_prev(ldns_radix_node_t* node) ldns_radix_node_t* prev; node = node->parent; assert(node->len > 0); + + if (node->len <= 0) { + return NULL; + } + prev = ldns_radix_prev_from_index(node, index); if (prev) { return prev; @@ -839,6 +862,11 @@ ldns_radix_array_space(ldns_radix_node_t* node, uint8_t byte) /** Is there an array? */ if (!node->array) { assert(node->capacity == 0); + + if (node->capacity != 0) { + return 0; + } + /** No array, create new array */ node->array = LDNS_MALLOC(ldns_radix_array_t); if (!node->array) { @@ -854,6 +882,10 @@ ldns_radix_array_space(ldns_radix_node_t* node, uint8_t byte) assert(node->array != NULL); assert(node->capacity > 0); + if (node->array == NULL || node->capacity <= 0) { + return 0; + } + if (node->len == 0) { /** Unused array */ node->len = 1; @@ -929,6 +961,11 @@ ldns_radix_array_grow(ldns_radix_node_t* node, unsigned need) } assert(node->len <= node->capacity); assert(node->capacity < size); + + if (node->len <= node->capacity || node->capacity >= size) { + return 0; + } + memcpy(&a[0], &node->array[0], node->len*sizeof(ldns_radix_array_t)); LDNS_FREE(node->array); node->array = a; @@ -1016,6 +1053,11 @@ ldns_radix_array_split(ldns_radix_array_t* array, uint8_t* key, * ----| [n+s] ldns **/ assert(strlen_to_add < array->len); + + if (strlen_to_add >= array->len) { + return 0; + } + /** Store the remainder in the split string */ if (array->len - strlen_to_add > 1) { if (!ldns_radix_prefix_remainder(strlen_to_add+1, @@ -1070,6 +1112,11 @@ ldns_radix_array_split(ldns_radix_array_t* array, uint8_t* key, uint8_t* split_str = NULL; radix_strlen_t split_len = 0; assert(array->len < strlen_to_add); + + if (array->len >= strlen_to_add) { + return 0; + } + if (strlen_to_add - array->len > 1) { if (!ldns_radix_prefix_remainder(array->len+1, str_to_add, strlen_to_add, &split_str, @@ -1112,6 +1159,11 @@ ldns_radix_array_split(ldns_radix_array_t* array, uint8_t* key, str_to_add, strlen_to_add); assert(common_len < array->len); assert(common_len < strlen_to_add); + + if (common_len >= array->len | common_len >= strlen_to_add) { + return 0; + } + /** Create the new common node. */ common = ldns_radix_new_node(NULL, (uint8_t*)"", 0); if (!common) { @@ -1388,6 +1440,11 @@ ldns_radix_cleanup_onechild(ldns_radix_node_t* node) /** Node has one child, merge the child node into the parent node. */ assert(parent_index < parent->len); + + if (parent_index >= parent->len) { + return; + } + join_len = parent->array[parent_index].len + node->array[0].len + 1; join_str = LDNS_XMALLOC(uint8_t, join_len); @@ -1430,6 +1487,11 @@ ldns_radix_cleanup_leaf(ldns_radix_node_t* node) ldns_radix_node_t* parent = node->parent; /** Delete lead node and fix parent array. */ assert(parent_index < parent->len); + + if (parent_index >= parent->len) { + return; + } + ldns_radix_node_free(node, NULL); LDNS_FREE(parent->array[parent_index].str); parent->array[parent_index].str = NULL; @@ -1511,6 +1573,11 @@ ldns_radix_node_array_free_front(ldns_radix_node_t* node) } assert(n < node->len); assert((int) n <= (255 - (int) node->offset)); + + if (n >= node->len || (int) n > (255 - (int) node->offset)) { + return; + } + memmove(&node->array[0], &node->array[n], (node->len - n)*sizeof(ldns_radix_array_t)); node->offset += n; @@ -1546,6 +1613,11 @@ ldns_radix_node_array_free_end(ldns_radix_node_t* node) return; } assert(n < node->len); + + if (n >= node->len) { + return; + } + node->len -= n; ldns_radix_array_reduce(node); return; diff --git a/rdata.c b/rdata.c index 3f899a21..5c3311fa 100644 --- a/rdata.c +++ b/rdata.c @@ -24,6 +24,11 @@ size_t ldns_rdf_size(const ldns_rdf *rd) { assert(rd != NULL); + + if (rd == NULL) { + return 0; + } + return rd->_size; } @@ -31,6 +36,12 @@ ldns_rdf_type ldns_rdf_get_type(const ldns_rdf *rd) { assert(rd != NULL); + + if (rd == NULL) { + return 0; + } + + return rd->_type; } @@ -38,6 +49,11 @@ uint8_t * ldns_rdf_data(const ldns_rdf *rd) { assert(rd != NULL); + + if (rd == NULL) { + return NULL; + } + return rd->_data; } @@ -46,6 +62,11 @@ void ldns_rdf_set_size(ldns_rdf *rd, size_t size) { assert(rd != NULL); + + if (rd == NULL) { + return; + } + rd->_size = size; } @@ -53,6 +74,11 @@ void ldns_rdf_set_type(ldns_rdf *rd, ldns_rdf_type type) { assert(rd != NULL); + + if (rd == NULL) { + return; + } + rd->_type = type; } @@ -61,6 +87,11 @@ ldns_rdf_set_data(ldns_rdf *rd, void *data) { /* only copy the pointer */ assert(rd != NULL); + + if (rd == NULL) { + return; + } + rd->_data = data; } @@ -222,6 +253,11 @@ ldns_rdf * ldns_rdf_clone(const ldns_rdf *rd) { assert(rd != NULL); + + if (rd == NULL) { + return NULL; + } + return (ldns_rdf_new_frm_data( ldns_rdf_get_type(rd), ldns_rdf_size(rd), ldns_rdf_data(rd))); } diff --git a/resolver.c b/resolver.c index f9ec65a5..8c930d47 100644 --- a/resolver.c +++ b/resolver.c @@ -186,6 +186,10 @@ ldns_resolver_nameserver_rtt(const ldns_resolver *r, size_t pos) assert(r != NULL); + if (r == NULL) { + return 0; + } + rtt = ldns_resolver_rtt(r); if (pos >= ldns_resolver_nameserver_count(r)) { @@ -256,6 +260,10 @@ ldns_resolver_pop_nameserver(ldns_resolver *r) assert(r != NULL); + if (r == NULL) { + return NULL; + } + ns_count = ldns_resolver_nameserver_count(r); nameservers = ldns_resolver_nameservers(r); rtt = ldns_resolver_rtt(r); @@ -509,6 +517,10 @@ ldns_resolver_set_nameserver_rtt(ldns_resolver *r, size_t pos, size_t value) assert(r != NULL); + if (r == NULL) { + return; + } + rtt = ldns_resolver_rtt(r); if (pos >= ldns_resolver_nameserver_count(r)) { @@ -669,6 +681,10 @@ ldns_resolver_clone(ldns_resolver *src) assert(src != NULL); + if (src == NULL) { + return NULL; + } + if (!(dst = LDNS_MALLOC(ldns_resolver))) return NULL; (void) memcpy(dst, src, sizeof(ldns_resolver)); @@ -1382,6 +1398,10 @@ ldns_resolver_send(ldns_pkt **answer, ldns_resolver *r, const ldns_rdf *name, assert(r != NULL); assert(name != NULL); + if (r == NULL || name == NULL) { + return LDNS_STATUS_INTERNAL_ERR; + } + answer_pkt = NULL; /* do all the preprocessing here, then fire of an query to @@ -1582,6 +1602,10 @@ ldns_resolver_nameservers_randomize(ldns_resolver *r) /* should I check for ldns_resolver_random?? */ assert(r != NULL); + if (r == NULL) { + return; + } + ns = ldns_resolver_nameservers(r); rtt = ldns_resolver_rtt(r); for (i = 0; i < ldns_resolver_nameserver_count(r); i++) { diff --git a/rr.c b/rr.c index 95ab71d3..39f92929 100644 --- a/rr.c +++ b/rr.c @@ -983,6 +983,11 @@ void ldns_rr_list_set_rr_count(ldns_rr_list *rr_list, size_t count) { assert(count <= rr_list->_rr_capacity); + + if (count > rr_list->_rr_capacity) { + return; + } + rr_list->_rr_count = count; } @@ -1299,6 +1304,10 @@ ldns_rr_set_push_rr(ldns_rr_list *rr_list, ldns_rr *rr) assert(rr != NULL); + if (rr == NULL) { + return false; + } + rr_count = ldns_rr_list_rr_count(rr_list); if (rr_count == 0) { @@ -1565,6 +1574,10 @@ ldns_rr_compare_no_rdata(const ldns_rr *rr1, const ldns_rr *rr2) assert(rr1 != NULL); assert(rr2 != NULL); + if (rr1 == NULL || rr2 == NULL) { + return 0; + } + rr1_len = ldns_rr_uncompressed_size(rr1); rr2_len = ldns_rr_uncompressed_size(rr2); @@ -1742,6 +1755,10 @@ ldns_rr_list_compare(const ldns_rr_list *rrl1, const ldns_rr_list *rrl2) assert(rrl1 != NULL); assert(rrl2 != NULL); + if (rrl1 == NULL || rrl2 == NULL) { + return 0; + } + for (i = 0; i < ldns_rr_list_rr_count(rrl1) && i < ldns_rr_list_rr_count(rrl2); i++) { rr_cmp = ldns_rr_compare(ldns_rr_list_rr(rrl1, i), ldns_rr_list_rr(rrl2, i)); if (rr_cmp != 0) { @@ -2569,6 +2586,10 @@ ldns_rdf_bitmap_known_rr_types_set(ldns_rdf** rdf, int value) assert(rdf != NULL); + if (rdf == NULL) { + return LDNS_STATUS_INTERNAL_ERR; + } + /* Which windows need to be in the bitmap rdf? */ for (d=rdata_field_descriptors; d < rdata_field_descriptors_end; d++) { @@ -2679,6 +2700,13 @@ ldns_rr_descriptor_field_type(const ldns_rr_descriptor *descriptor, assert(descriptor != NULL); assert(index < descriptor->_maximum || descriptor->_variable != LDNS_RDF_TYPE_NONE); + + if (descriptor == NULL || + (index > descriptor->_maximum + || descriptor->_variable == LDNS_RDF_TYPE_NONE)) { + return LDNS_RDF_TYPE_NONE; + } + if (index < descriptor->_maximum) { return descriptor->_wireformat[index]; } else { diff --git a/sha2.c b/sha2.c index 8988ee06..d52d8a48 100644 --- a/sha2.c +++ b/sha2.c @@ -510,6 +510,10 @@ void ldns_sha256_update(ldns_sha256_CTX* context, const sha2_byte *data, size_t /* Sanity check: */ assert(context != (ldns_sha256_CTX*)0 && data != (sha2_byte*)0); + if (context == (ldns_sha256_CTX*)0 || data == (sha2_byte*)0) { + return; + } + usedspace = (context->bitcount >> 3) % LDNS_SHA256_BLOCK_LENGTH; if (usedspace > 0) { /* Calculate how much free space is available in the buffer */ @@ -562,6 +566,10 @@ void ldns_sha256_final(sha2_byte digest[LDNS_SHA256_DIGEST_LENGTH], ldns_sha256_ /* Sanity check: */ assert(context != (ldns_sha256_CTX*)0); + if (context == (ldns_sha256_CTX*)0) { + return; + } + /* If no digest buffer is passed, we don't bother doing this: */ if (digest != (sha2_byte*)0) { usedspace = (context->bitcount >> 3) % LDNS_SHA256_BLOCK_LENGTH; @@ -823,6 +831,10 @@ void ldns_sha512_update(ldns_sha512_CTX* context, const sha2_byte *data, size_t /* Sanity check: */ assert(context != (ldns_sha512_CTX*)0 && data != (sha2_byte*)0); + if (context == (ldns_sha512_CTX*)0 || data == (sha2_byte*)0) { + return; + } + usedspace = (context->bitcount[0] >> 3) % LDNS_SHA512_BLOCK_LENGTH; if (usedspace > 0) { /* Calculate how much free space is available in the buffer */ @@ -911,6 +923,10 @@ void ldns_sha512_final(sha2_byte digest[LDNS_SHA512_DIGEST_LENGTH], ldns_sha512_ /* Sanity check: */ assert(context != (ldns_sha512_CTX*)0); + if (context = (ldns_sha512_CTX*)0) { + return; + } + /* If no digest buffer is passed, we don't bother doing this: */ if (digest != (sha2_byte*)0) { ldns_sha512_Last(context); @@ -964,6 +980,10 @@ void ldns_sha384_final(sha2_byte digest[LDNS_SHA384_DIGEST_LENGTH], ldns_sha384_ /* Sanity check: */ assert(context != (ldns_sha384_CTX*)0); + if (context == (ldns_sha384_CTX*)0) { + return; + } + /* If no digest buffer is passed, we don't bother doing this: */ if (digest != (sha2_byte*)0) { ldns_sha512_Last((ldns_sha512_CTX*)context); diff --git a/wire2host.c b/wire2host.c index 63b67a0d..455d7a56 100644 --- a/wire2host.c +++ b/wire2host.c @@ -169,6 +169,10 @@ ldns_wire2rdf(ldns_rr *rr, const uint8_t *wire, size_t max, size_t *pos) assert(rr != NULL); + if (rr == NULL) { + return LDNS_STATUS_INTERNAL_ERR; + } + descriptor = ldns_rr_descript(ldns_rr_get_type(rr)); if (*pos + 2 > max) { diff --git a/zone.c b/zone.c index 9a5d4c4e..fdeb50db 100644 --- a/zone.c +++ b/zone.c @@ -361,6 +361,10 @@ ldns_zone_sort(ldns_zone *zone) ldns_rr_list *zrr; assert(zone != NULL); + if (zone == NULL) { + return; + } + zrr = ldns_zone_rrs(zone); ldns_rr_list_sort(zrr); }