NLnetLabs · TCY16 · Aug 22, 2022
diff --git a/buffer.c b/buffer.c
@@ -42,6 +42,10 @@ ldns_buffer_new_frm_data(ldns_buffer *buffer, const void *data, size_t size)
 {
 	assert(data != NULL);
 
+	if (data == NULL) {
+		return;
+	}
+
 	buffer->_position = 0; 
 	buffer->_limit = buffer->_capacity = size;
 	buffer->_fixed = 0;
@@ -65,6 +69,10 @@ ldns_buffer_set_capacity(ldns_buffer *buffer, size_t capacity)
 	assert(buffer->_position <= capacity);
 	assert(!buffer->_fixed);
 
+	if (buffer->_position > capacity || buffer->_fixed) {
+		return false;
+	}
+
 	data = (uint8_t *) LDNS_XREALLOC(buffer->_data, uint8_t, capacity);
 	if (!data) {
 		buffer->_status = LDNS_STATUS_MEM_ERR;
@@ -106,6 +114,11 @@ ldns_buffer_printf(ldns_buffer *buffer, const char *format, ...)
 		ldns_buffer_invariant(buffer);
 		assert(buffer->_limit == buffer->_capacity);
 
+		if (buffer->_limit != buffer->_capacity) {
+			// @TODO set: buffer->_status = LDNS_STATUS_INTERNAL_ERR; ?
+			return -1;
+		}
+
 		remaining = ldns_buffer_remaining(buffer);
 		va_start(args, format);
 		written = vsnprintf((char *) ldns_buffer_current(buffer), remaining,

diff --git a/dane.c b/dane.c
@@ -97,6 +97,12 @@ ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, const ldns_rdf* name,
 	assert(name != NULL);
 	assert(ldns_rdf_get_type(name) == LDNS_RDF_TYPE_DNAME);
 
+	if (tlsa_owner == NULL || name == NULL ||
+		ldns_rdf_get_type(name) != LDNS_RDF_TYPE_DNAME) {
+		// @TODO correct error?
+		return LDNS_STATUS_INTERNAL_ERR;
+	}
+
 	s = (size_t)snprintf(buf, LDNS_MAX_DOMAINLEN, "X_%d", (int)port);
 	buf[0] = (char)(s - 1);
 
@@ -146,6 +152,11 @@ ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
 	assert(rdf != NULL);
 	assert(cert != NULL);
 
+	if (rdf == NULL || cert == NULL) {
+		// @TODO correct error?
+		return LDNS_STATUS_INTERNAL_ERR;
+	}
+
 	switch(selector) {
 	case LDNS_TLSA_SELECTOR_FULL_CERTIFICATE:
 
@@ -263,6 +274,11 @@ ldns_dane_pkix_validate_and_get_chain(STACK_OF(X509)** chain, X509* cert,
 
 	assert(chain != NULL);
 
+	if (chain == NULL) {
+		// @TODO correct error?
+		return LDNS_STATUS_INTERNAL_ERR;
+	}
+
 	if (! store) {
 		store = empty_store = X509_STORE_new();
 	}
@@ -311,6 +327,11 @@ ldns_dane_pkix_get_chain(STACK_OF(X509)** chain,
 
 	assert(chain != NULL);
 
+	if (chain == NULL) {
+		// @TODO correct error?
+		return LDNS_STATUS_INTERNAL_ERR;
+	}
+
 	empty_store = X509_STORE_new();
 	s = LDNS_STATUS_SSL_ERR;
 	vrfy_ctx = X509_STORE_CTX_new();
@@ -372,6 +393,11 @@ ldns_dane_pkix_get_last_self_signed(X509** out_cert,
 
 	assert(out_cert != NULL);
 
+	if (out_cert == NULL) {
+		// @TODO correct error?
+		return LDNS_STATUS_INTERNAL_ERR;
+	}
+
 	empty_store = X509_STORE_new();
 	s = LDNS_STATUS_SSL_ERR;
 	vrfy_ctx = X509_STORE_CTX_new();
@@ -413,6 +439,11 @@ ldns_dane_select_certificate(X509** selected_cert,
 	assert(selected_cert != NULL);
 	assert(cert != NULL);
 
+	if (selected_cert == NULL || cert == NULL) {
+		// @TODO correct error?
+		return LDNS_STATUS_INTERNAL_ERR;
+	}
+
 	/* With PKIX validation explicitly turned off (pkix_validation_store
 	 *  == NULL), treat the "CA constraint" and "Service certificate
 	 * constraint" the same as "Trust anchor assertion" and "Domain issued
@@ -520,6 +551,11 @@ ldns_dane_create_tlsa_rr(ldns_rr** tlsa,
 	assert(tlsa != NULL);
 	assert(cert != NULL);
 
+	if (tlsa == NULL || cert == NULL) {
+		// @TODO correct error?
+		return LDNS_STATUS_INTERNAL_ERR;
+	}
+
 	/* create rr */
 	*tlsa = ldns_rr_new_frm_type(LDNS_RR_TYPE_TLSA);
 	if (*tlsa == NULL) {
@@ -858,6 +894,11 @@ ldns_dane_verify(const ldns_rr_list* tlsas,
 
 	assert(cert != NULL);
 
+	if (cert == NULL) {
+		// @TODO correct error?
+		return LDNS_STATUS_INTERNAL_ERR;
+	}
+
 	if (! tlsas || ldns_rr_list_rr_count(tlsas) == 0)
 		/* No TLSA's, so regular PKIX validation
 		 */

diff --git a/dname.c b/dname.c
@@ -45,6 +45,11 @@ ldns_dname_last_label_is_root_label(const ldns_rdf* dname)
 	}
 	assert(src_pos == ldns_rdf_size(dname));
 
+	// @TODO check that this doesn't destory the logic
+	if (src_pos != ldns_rdf_size(dname)) {
+		return 0;
+	}
+
 	return src_pos > 0 && len == 0;
 }
 
@@ -131,6 +136,10 @@ ldns_dname_reverse(const ldns_rdf *dname)
 
 	assert(ldns_rdf_get_type(dname) == LDNS_RDF_TYPE_DNAME);
 
+	if (!(dname) || !(ldns_rdf_get_type(dname) == LDNS_RDF_TYPE_DNAME)) {
+		return NULL;
+	}
+
 	rd_size = ldns_rdf_size(dname);
 	buf = LDNS_XMALLOC(uint8_t, rd_size);
 	if (! buf) {
@@ -380,6 +389,11 @@ ldns_dname_compare(const ldns_rdf *dname1, const ldns_rdf *dname2)
 	assert(ldns_rdf_get_type(dname1) == LDNS_RDF_TYPE_DNAME);
 	assert(ldns_rdf_get_type(dname2) == LDNS_RDF_TYPE_DNAME);
 
+	if (ldns_rdf_get_type(dname1) != LDNS_RDF_TYPE_DNAME || 
+		ldns_rdf_get_type(dname2) != LDNS_RDF_TYPE_DNAME) {
+		return -1;
+	}
+
 	lc1 = ldns_dname_label_count(dname1);
 	lc2 = ldns_dname_label_count(dname2);
 
@@ -494,6 +508,12 @@ ldns_dname_interval(const ldns_rdf *prev, const ldns_rdf *middle,
 	assert(ldns_rdf_get_type(middle) == LDNS_RDF_TYPE_DNAME);
 	assert(ldns_rdf_get_type(next) == LDNS_RDF_TYPE_DNAME);
 
+	if (ldns_rdf_get_type(prev) != LDNS_RDF_TYPE_DNAME ||
+		ldns_rdf_get_type(middle) != LDNS_RDF_TYPE_DNAME ||
+		ldns_rdf_get_type(next) != LDNS_RDF_TYPE_DNAME) {
+		return 0;
+	}
+
 	prev_check = ldns_dname_compare(prev, middle);
 	next_check = ldns_dname_compare(middle, next);
 	/* <= next. This cannot be the case for nsec, because then we would

diff --git a/dnssec.c b/dnssec.c
@@ -1408,6 +1408,10 @@ ldns_nsec_bitmap_covers_type(const ldns_rdf* bitmap, ldns_rr_type type)
 	}
 	assert(ldns_rdf_get_type(bitmap) == LDNS_RDF_TYPE_BITMAP);
 
+	if (ldns_rdf_get_type(bitmap) != LDNS_RDF_TYPE_BITMAP) {
+		return false;
+	}
+
 	dptr = ldns_rdf_data(bitmap);
 	dend = ldns_rdf_data(bitmap) + ldns_rdf_size(bitmap);
 
@@ -1445,6 +1449,10 @@ ldns_nsec_bitmap_set_type(ldns_rdf* bitmap, ldns_rr_type type)
 	}
 	assert(ldns_rdf_get_type(bitmap) == LDNS_RDF_TYPE_BITMAP);
 
+	if (ldns_rdf_get_type(bitmap) != LDNS_RDF_TYPE_BITMAP) {
+		return false;
+	}
+
 	dptr = ldns_rdf_data(bitmap);
 	dend = ldns_rdf_data(bitmap) + ldns_rdf_size(bitmap);
 
@@ -1484,6 +1492,10 @@ ldns_nsec_bitmap_clear_type(ldns_rdf* bitmap, ldns_rr_type type)
 
 	assert(ldns_rdf_get_type(bitmap) == LDNS_RDF_TYPE_BITMAP);
 
+	if (ldns_rdf_get_type(bitmap) != LDNS_RDF_TYPE_BITMAP) {
+		return false;
+	}
+
 	dptr = ldns_rdf_data(bitmap);
 	dend = ldns_rdf_data(bitmap) + ldns_rdf_size(bitmap);
 

diff --git a/dnssec_verify.c b/dnssec_verify.c
@@ -290,6 +290,10 @@ ldns_dnssec_build_data_chain(ldns_resolver *res,
 
 	assert(pkt != NULL);
 
+	if (pkt == NULL) {
+		return new_chain;
+	}
+
 	if (!ldns_dnssec_pkt_has_rrsigs(pkt)) {
 		/* hmm. no dnssec data in the packet. go up to try and deny
 		 * DS? */

diff --git a/dnssec_zone.c b/dnssec_zone.c
@@ -924,6 +924,10 @@ ldns_dnssec_zone_hashed_names_from_nsec3(
 
 	assert(zone != NULL);
 	assert(nsec3rr != NULL);
+	if (zone == NULL || nsec3rr == NULL) {
+		return;
+	}
+
 
 	if (zone->hashed_names) {
 		ldns_traverse_postorder(zone->hashed_names,
@@ -956,6 +960,11 @@ ldns_dnssec_name_make_hashed_name(ldns_dnssec_zone *zone,
 	ldns_rbnode_t* new_node;
 
 	assert(name != NULL);
+
+	if (name == NULL) {
+		return;
+	}
+
 	if (! zone->_nsec3params) {
 		if (! nsec3rr) {
 			return;

diff --git a/edns.c b/edns.c
@@ -24,13 +24,23 @@ size_t
 ldns_edns_get_size(const ldns_edns_option *edns)
 {
 	assert(edns != NULL);
+
+	if (edns == NULL) {
+		return 0;
+	}
+
 	return edns->_size;
 }
 
 ldns_edns_option_code
 ldns_edns_get_code(const ldns_edns_option *edns)
 {
 	assert(edns != NULL);
+
+	if (edns == NULL) {
+		return 0;
+	}
+
 	return edns->_code;
 }
 
@@ -77,13 +87,23 @@ void
 ldns_edns_set_size(ldns_edns_option *edns, size_t size)
 {
 	assert(edns != NULL);
+
+	if (edns == NULL) {
+		return;
+	}
+
 	edns->_size = size;
 }
 
 void
 ldns_edns_set_code(ldns_edns_option *edns, ldns_edns_option_code code)
 {
 	assert(edns != NULL);
+
+	if (edns == NULL) {
+		return;
+	}
+
 	edns->_code = code;
 }
 
@@ -92,6 +112,11 @@ ldns_edns_set_data(ldns_edns_option *edns, void *data)
 {
 	/* only copy the pointer */
 	assert(edns != NULL);
+
+	if (edns == NULL) {
+		return;
+	}
+
 	edns->_data = data;
 }
 
@@ -140,6 +165,10 @@ ldns_edns_clone(ldns_edns_option *edns)
 
 	assert(edns != NULL);
 
+	if (edns == NULL) {
+		return NULL;
+	}
+
 	new_option = ldns_edns_new_from_data(ldns_edns_get_code(edns),
 		ldns_edns_get_size(edns),
 		ldns_edns_get_data(edns));
@@ -249,6 +278,11 @@ ldns_edns_option_list_get_option(const ldns_edns_option_list *option_list, size_
 {
 	if (option_list && index < ldns_edns_option_list_get_count(option_list)) {
 		assert(option_list->_options[index]);
+
+		if (option_list->_options[index] == NULL) {
+			return NULL;
+		}
+
 		return option_list->_options[index];
 	} else {
 		return NULL;
@@ -274,6 +308,10 @@ ldns_edns_option_list_set_option(ldns_edns_option_list *option_list,
 
 	assert(option_list != NULL);
 
+	if (option_list == NULL) {
+		return NULL;
+	}
+
 	if (index > ldns_edns_option_list_get_count(option_list)) {
 		return NULL;
 	}
@@ -350,6 +388,10 @@ ldns_edns_option_list_pop(ldns_edns_option_list *option_list)
 
 	assert(option_list != NULL);
 
+	if (option_list == NULL) {
+		return false;
+	}
+
 	cap = option_list->_option_capacity;
 	count = ldns_edns_option_list_get_count(option_list);
 

diff --git a/host2str.c b/host2str.c
@@ -163,6 +163,10 @@ ldns_output_format_set_type(ldns_output_format* fmt, ldns_rr_type t)
 	ldns_status s;
 
 	assert(fmt != NULL);
+
+	if (fmt == NULL) {
+		return LDNS_STATUS_INTERNAL_ERR;
+	}
 
 	if (!(fmt_st->flags & LDNS_FMT_RFC3597)) {
 		ldns_output_format_set(fmt, LDNS_FMT_RFC3597);
@@ -184,6 +188,10 @@ ldns_output_format_clear_type(ldns_output_format* fmt, ldns_rr_type t)
 
 	assert(fmt != NULL);
 
+	if (fmt == NULL) {
+		return LDNS_STATUS_INTERNAL_ERR;
+	}
+
 	if (!(fmt_st->flags & LDNS_FMT_RFC3597)) {
 		ldns_output_format_set(fmt, LDNS_FMT_RFC3597);
 	}

diff --git a/net.c b/net.c
@@ -512,6 +512,10 @@ ldns_send_buffer(ldns_pkt **result, ldns_resolver *r, ldns_buffer *qb, ldns_rdf
 
 	assert(r != NULL);
 
+	if (r == NULL) {
+		return LDNS_STATUS_INTERNAL_ERR;
+	}
+
 	status = LDNS_STATUS_OK;
 	rtt = ldns_resolver_rtt(r);
 	ns_array = ldns_resolver_nameservers(r);
@@ -624,6 +628,11 @@ ldns_send_buffer(ldns_pkt **result, ldns_resolver *r, ldns_buffer *qb, ldns_rdf
 		}
 		assert(reply);
 
+		if (reply == NULL) {
+			LDNS_FREE(ns);
+			return LDNS_STATUS_INTERNAL_ERR;
+		}
+
 		LDNS_FREE(ns);
 		gettimeofday(&tv_e, NULL);