From 8f67f0c283ad6408cdd8e1f836a51a9b98b436b0 Mon Sep 17 00:00:00 2001 From: Otto Moerbeek Date: Mon, 20 Nov 2023 16:06:50 +0100 Subject: [PATCH] rec: fix time_t truncation warnings from coverity by annotating them. Mostly they are due to DNS using 32-bit timestamps. --- pdns/axfr-retriever.cc | 3 ++- pdns/ixfr.cc | 1 + pdns/recursordist/aggressive_nsec.cc | 4 ++++ pdns/recursordist/rec-zonetocache.cc | 1 + pdns/recursordist/rec_channel.cc | 1 + pdns/recursordist/recpacketcache.cc | 1 + pdns/recursordist/recursor_cache.cc | 2 ++ pdns/recursordist/reczones-helpers.cc | 1 + pdns/recursordist/rpzloader.cc | 1 + pdns/recursordist/syncres.cc | 1 + pdns/unix_utility.cc | 1 + 11 files changed, 16 insertions(+), 1 deletion(-) diff --git a/pdns/axfr-retriever.cc b/pdns/axfr-retriever.cc index ce67f06384b2..47a909618b7e 100644 --- a/pdns/axfr-retriever.cc +++ b/pdns/axfr-retriever.cc @@ -175,7 +175,8 @@ void AXFRRetriever::timeoutReadn(uint16_t bytes, uint16_t timeoutsec) int n=0; int numread; while(n, vector>> getIXFRDeltas(const ComboAddr s.connect(primary, xfrTimeout); time_t elapsed = timeoutChecker(); + // coverity[store_truncates_time_t] s.writenWithTimeout(msg.data(), msg.size(), xfrTimeout - elapsed); // CURRENT PRIMARY SOA diff --git a/pdns/recursordist/aggressive_nsec.cc b/pdns/recursordist/aggressive_nsec.cc index b419f5ef2548..f31d2a7704ef 100644 --- a/pdns/recursordist/aggressive_nsec.cc +++ b/pdns/recursordist/aggressive_nsec.cc @@ -505,6 +505,7 @@ bool AggressiveNSECCache::synthesizeFromNSEC3Wildcard(time_t now, const DNSName& addToRRSet(now, wcSet, wcSignatures, name, doDNSSEC, ret, DNSResourceRecord::ANSWER); /* no need for closest encloser proof, the wildcard is there */ + // coverity[store_truncates_time_t] addRecordToRRSet(nextCloser.d_owner, QType::NSEC3, nextCloser.d_ttd - now, nextCloser.d_record, nextCloser.d_signatures, doDNSSEC, ret); /* and of course we won't deny the wildcard either */ @@ -527,6 +528,7 @@ bool AggressiveNSECCache::synthesizeFromNSECWildcard(time_t now, const DNSName& } addToRRSet(now, wcSet, wcSignatures, name, doDNSSEC, ret, DNSResourceRecord::ANSWER); + // coverity[store_truncates_time_t] addRecordToRRSet(nsec.d_owner, QType::NSEC, nsec.d_ttd - now, nsec.d_record, nsec.d_signatures, doDNSSEC, ret); VLOG(log, name << ": Synthesized valid answer from NSECs and wildcard!" << endl); @@ -752,6 +754,7 @@ bool AggressiveNSECCache::getNSEC3Denial(time_t now, std::shared_ptr= timeout) { throw PDNSException("Timeout waiting for control channel data"); } + // coverity[store_truncates_time_t] int ret = waitForData(fd, timeout - elapsed, 0); if (ret == 0) { throw PDNSException("Timeout waiting for control channel data"); diff --git a/pdns/recursordist/recpacketcache.cc b/pdns/recursordist/recpacketcache.cc index 0b54090e058a..c372ee186221 100644 --- a/pdns/recursordist/recpacketcache.cc +++ b/pdns/recursordist/recpacketcache.cc @@ -123,6 +123,7 @@ bool RecursorPacketCache::checkResponseMatches(MapCombo::LockedContent& shard, s } if (now < iter->d_ttd) { // it is right, it is fresh! + // coverity[store_truncates_time_t] *age = static_cast(now - iter->d_creation); // we know ttl is > 0 auto ttl = static_cast(iter->d_ttd - now); diff --git a/pdns/recursordist/recursor_cache.cc b/pdns/recursordist/recursor_cache.cc index 95cfdc1658a2..fd4043401191 100644 --- a/pdns/recursordist/recursor_cache.cc +++ b/pdns/recursordist/recursor_cache.cc @@ -606,6 +606,7 @@ void MemRecursorCache::replace(time_t now, const DNSName& qname, const QType qty prior to calling this function, so the TTL actually holds a TTD. */ cacheEntry.d_ttd = min(maxTTD, static_cast(record.d_ttl)); // XXX this does weird things if TTLs differ in the set + // coverity[store_truncates_time_t] cacheEntry.d_orig_ttl = cacheEntry.d_ttd - ttl_time; // Even though we record the time the ttd was computed, there still seems to be a case where the computed // d_orig_ttl can wrap. @@ -707,6 +708,7 @@ bool MemRecursorCache::doAgeCache(time_t now, const DNSName& name, const QType q return false; // would be dead anyhow } + // coverity[store_truncates_time_t] auto maxTTL = static_cast(cacheEntry.d_ttd - now); if (maxTTL > newTTL) { lockedShard->d_cachecachevalid = false; diff --git a/pdns/recursordist/reczones-helpers.cc b/pdns/recursordist/reczones-helpers.cc index 12770b636d51..2326054f3f6d 100644 --- a/pdns/recursordist/reczones-helpers.cc +++ b/pdns/recursordist/reczones-helpers.cc @@ -133,6 +133,7 @@ void putDefaultHintsIntoCache(time_t now, std::vector& nsvec) arr.d_type = QType::A; aaaarr.d_type = QType::AAAA; nsrr.d_type = QType::NS; + // coverity[store_truncates_time_t] arr.d_ttl = aaaarr.d_ttl = nsrr.d_ttl = now + 3600000; string templ = "a.root-servers.net."; diff --git a/pdns/recursordist/rpzloader.cc b/pdns/recursordist/rpzloader.cc index 9ebae34c2174..62368bb519d4 100644 --- a/pdns/recursordist/rpzloader.cc +++ b/pdns/recursordist/rpzloader.cc @@ -217,6 +217,7 @@ static shared_ptr loadRPZFromServer(Logr::log_t plogger, time_t axfrStart = time(nullptr); time_t axfrNow = time(nullptr); shared_ptr sr; + // coverity[store_truncates_time_t] while (axfr.getChunk(nop, &chunk, (axfrStart + axfrTimeout - axfrNow))) { for (auto& dr : chunk) { if (dr.d_type == QType::NS || dr.d_type == QType::TSIG) { diff --git a/pdns/recursordist/syncres.cc b/pdns/recursordist/syncres.cc index 9f2964fffb82..0e9fdc0a2bc6 100644 --- a/pdns/recursordist/syncres.cc +++ b/pdns/recursordist/syncres.cc @@ -3130,6 +3130,7 @@ static uint32_t getRRSIGTTL(const time_t now, const std::shared_ptrd_sigexpire) { + // coverity[store_truncates_time_t] res = static_cast(rrsig->d_sigexpire) - now; } return res; diff --git a/pdns/unix_utility.cc b/pdns/unix_utility.cc index 60a15d9eecb3..c58bf404221c 100644 --- a/pdns/unix_utility.cc +++ b/pdns/unix_utility.cc @@ -274,6 +274,7 @@ time_t Utility::timegm(struct tm *const t) /* day is now the number of days since 'Jan 1 1970' */ i = 7; + // coverity[store_truncates_time_t] t->tm_wday = (day + 4) % i; /* Sunday=0, Monday=1, ..., Saturday=6 */ i = 24;