ldns/drill: Update vendor branch to 1.6.9
authorJan Lentfer <Jan.Lentfer@web.de>
Fri, 20 May 2011 08:22:39 +0000 (10:22 +0200)
committerJan Lentfer <Jan.Lentfer@web.de>
Fri, 20 May 2011 08:24:58 +0000 (10:24 +0200)
28 files changed:
contrib/ldns/Changelog
contrib/ldns/compat/isascii.c [new file with mode: 0644]
contrib/ldns/dnssec.c
contrib/ldns/dnssec_sign.c
contrib/ldns/dnssec_verify.c
contrib/ldns/dnssec_zone.c
contrib/ldns/drill/drill.c
contrib/ldns/drill/drill_util.c
contrib/ldns/higher.c
contrib/ldns/host2str.c
contrib/ldns/host2wire.c
contrib/ldns/keys.c
contrib/ldns/ldns/packet.h
contrib/ldns/ldns/rdata.h
contrib/ldns/ldns/tsig.h
contrib/ldns/net.c
contrib/ldns/parse.c
contrib/ldns/rbtree.c
contrib/ldns/rdata.c
contrib/ldns/resolver.c
contrib/ldns/rr.c
contrib/ldns/rr_functions.c
contrib/ldns/sha1.c
contrib/ldns/sha2.c
contrib/ldns/str2host.c
contrib/ldns/tsig.c
contrib/ldns/util.c
contrib/ldns/zone.c

index e999567..ffbcb3f 100644 (file)
@@ -1,3 +1,32 @@
+1.6.9  2011-03-16
+       * Fix creating NSEC(3) bitmaps: make array size 65536,
+         don't add doubles.
+       * Fix printout of escaped binary in TXT records.
+       * Parsing TXT records: don't skip starting whitespace that is quoted.
+       * bugfix #358: Check if memory was successfully allocated in
+         ldns_rdf2str().
+       * Added more memory allocation checks in host2str.c
+       * python wrapper for ldns_fetch_valid_domain_keys by Bedrich Kosata.
+       * fix to compile python wrapper with swig 2.0.2.
+       * Don't fallback to SHA-1 when creating NSEC3 hash with another
+         algorithm identifier, fail instead (no other algorithm identifiers
+         are assigned yet).
+
+1.6.8  2011-01-24
+       * Fix ldns zone, so that $TTL definition match RFC 2308.
+       * Fix lots of missing checks on allocation failures and parse of 
+         NSEC with many types and max parse length in hosts_frm_fp routine
+         and off by one in read_anchor_file routine (thanks Dan Kaminsky and
+         Justin Ferguson).
+       * bugfix #335: Drill: Print both SHA-1 and SHA-256 corresponding DS
+         records.
+       * Print correct WHEN in query packet (is not always 1-1-1970)
+       * ldns-test-edns: new example tool that detects EDNS support.
+       * fix ldns_resolver_send without openssl.
+       * bugfix #342: patch for support for more CERT key types (RFC4398).
+       * bugfix #351: fix udp_send hang if UDP checksum error.
+       * fix set_bit (from NSEC3 sign) patch from Jan Komissar.
+
 1.6.7  2010-11-08
        * EXPERIMENTAL ecdsa implementation, please do not enable on real
          servers.
 1.6.7  2010-11-08
        * EXPERIMENTAL ecdsa implementation, please do not enable on real
          servers.
@@ -18,7 +47,7 @@
        * bugfix: read of RR in unknown syntax with missing fields.
        * added ldns_pkt_tsig_sign_next() and ldns_pkt_tsig_verify_next()
          to sign and verify TSIG RRs on subsequent messages
        * bugfix: read of RR in unknown syntax with missing fields.
        * added ldns_pkt_tsig_sign_next() and ldns_pkt_tsig_verify_next()
          to sign and verify TSIG RRs on subsequent messages
-         (section 4.4, RFC 2845).
+         (section 4.4, RFC 2845, thanks to Michael Sheldon).
        * bugfix: signer sigs nsecs with zsks only.
        * bugfix #333: fix ldns_dname_absolute for name ending with backslash.
 
        * bugfix: signer sigs nsecs with zsks only.
        * bugfix #333: fix ldns_dname_absolute for name ending with backslash.
 
diff --git a/contrib/ldns/compat/isascii.c b/contrib/ldns/compat/isascii.c
new file mode 100644 (file)
index 0000000..8a4ab37
--- /dev/null
@@ -0,0 +1,15 @@
+/* Just a replacement, if the original isascii is not
+   present */
+
+#if HAVE_CONFIG_H
+#include <ldns/config.h>
+#endif
+
+int isascii(int c);
+
+/* true if character is ascii. */
+int
+isascii(int c)
+{
+       return c >= 0 && c < 128;
+}
index 5d394d1..ce02ef3 100644 (file)
@@ -378,10 +378,12 @@ ldns_key_buf2dsa_raw(unsigned char* key, size_t len)
                BN_free(Y);
                return NULL;
        }
                BN_free(Y);
                return NULL;
        }
+#ifndef S_SPLINT_S
        dsa->p = P;
        dsa->q = Q;
        dsa->g = G;
        dsa->pub_key = Y;
        dsa->p = P;
        dsa->q = Q;
        dsa->g = G;
        dsa->pub_key = Y;
+#endif /* splint */
 
        return dsa;
 }
 
        return dsa;
 }
@@ -444,8 +446,10 @@ ldns_key_buf2rsa_raw(unsigned char* key, size_t len)
                BN_free(modulus);
                return NULL;
        }
                BN_free(modulus);
                return NULL;
        }
+#ifndef S_SPLINT_S
        rsa->n = modulus;
        rsa->e = exponent;
        rsa->n = modulus;
        rsa->e = exponent;
+#endif /* splint */
 
        return rsa;
 }
 
        return rsa;
 }
@@ -623,7 +627,7 @@ ldns_key_rr2ds(const ldns_rr *key, ldns_hash h)
                        return NULL;
                }
                tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX,
                        return NULL;
                }
                tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX,
-                                           EVP_MD_size(md),
+                                           (size_t)EVP_MD_size(md),
                                            digest);
                ldns_rr_push_rdf(ds, tmp);
 #endif
                                            digest);
                ldns_rr_push_rdf(ds, tmp);
 #endif
@@ -679,6 +683,7 @@ ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[],
 
        bm_len = i_type / 8 + 2;
        bitmap = LDNS_XMALLOC(uint8_t, bm_len);
 
        bm_len = i_type / 8 + 2;
        bitmap = LDNS_XMALLOC(uint8_t, bm_len);
+        if(!bitmap) return NULL;
        for (i = 0; i < bm_len; i++) {
                bitmap[i] = 0;
        }
        for (i = 0; i < bm_len; i++) {
                bitmap[i] = 0;
        }
@@ -700,6 +705,10 @@ ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[],
                                data = LDNS_XREALLOC(data,
                                                                 uint8_t,
                                                                 cur_data_size + cur_window_max + 3);
                                data = LDNS_XREALLOC(data,
                                                                 uint8_t,
                                                                 cur_data_size + cur_window_max + 3);
+                                if(!data) {
+                                        LDNS_FREE(bitmap);
+                                        return NULL;
+                                }
                                data[cur_data_size] = cur_window;
                                data[cur_data_size + 1] = cur_window_max + 1;
                                memcpy(data + cur_data_size + 2,
                                data[cur_data_size] = cur_window;
                                data[cur_data_size + 1] = cur_window_max + 1;
                                memcpy(data + cur_data_size + 2,
@@ -721,6 +730,10 @@ ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[],
                data = LDNS_XREALLOC(data,
                                                 uint8_t,
                                                 cur_data_size + cur_window_max + 3);
                data = LDNS_XREALLOC(data,
                                                 uint8_t,
                                                 cur_data_size + cur_window_max + 3);
+                if(!data) {
+                        LDNS_FREE(bitmap);
+                        return NULL;
+                }
                data[cur_data_size] = cur_window;
                data[cur_data_size + 1] = cur_window_max + 1;
                memcpy(data + cur_data_size + 2, cur_data, cur_window_max+1);
                data[cur_data_size] = cur_window;
                data[cur_data_size + 1] = cur_window_max + 1;
                memcpy(data + cur_data_size + 2, cur_data, cur_window_max+1);
@@ -771,7 +784,7 @@ ldns_dnssec_create_nsec(ldns_dnssec_name *from,
                         ldns_rr_type nsec_type)
 {
        ldns_rr *nsec_rr;
                         ldns_rr_type nsec_type)
 {
        ldns_rr *nsec_rr;
-       ldns_rr_type types[65535];
+       ldns_rr_type types[65536];
        size_t type_count = 0;
        ldns_dnssec_rrsets *cur_rrsets;
 
        size_t type_count = 0;
        ldns_dnssec_rrsets *cur_rrsets;
 
@@ -791,9 +804,13 @@ ldns_dnssec_create_nsec(ldns_dnssec_name *from,
                        cur_rrsets = cur_rrsets->next;
                        continue;
                }
                        cur_rrsets = cur_rrsets->next;
                        continue;
                }
-               types[type_count] = cur_rrsets->type;
-               type_count++;
+               if (cur_rrsets->type != LDNS_RR_TYPE_RRSIG &&
+                   cur_rrsets->type != LDNS_RR_TYPE_NSEC) {
+                       types[type_count] = cur_rrsets->type;
+                       type_count++;
+               }
                cur_rrsets = cur_rrsets->next;
                cur_rrsets = cur_rrsets->next;
+
        }
        types[type_count] = LDNS_RR_TYPE_RRSIG;
        type_count++;
        }
        types[type_count] = LDNS_RR_TYPE_RRSIG;
        type_count++;
@@ -818,7 +835,7 @@ ldns_dnssec_create_nsec3(ldns_dnssec_name *from,
                                        uint8_t *salt)
 {
        ldns_rr *nsec_rr;
                                        uint8_t *salt)
 {
        ldns_rr *nsec_rr;
-       ldns_rr_type types[65535];
+       ldns_rr_type types[65536];
        size_t type_count = 0;
        ldns_dnssec_rrsets *cur_rrsets;
        ldns_status status;
        size_t type_count = 0;
        ldns_dnssec_rrsets *cur_rrsets;
        ldns_status status;
@@ -854,8 +871,10 @@ ldns_dnssec_create_nsec3(ldns_dnssec_name *from,
                        cur_rrsets = cur_rrsets->next;
                        continue;
                }
                        cur_rrsets = cur_rrsets->next;
                        continue;
                }
-               types[type_count] = cur_rrsets->type;
-               type_count++;
+               if (cur_rrsets->type != LDNS_RR_TYPE_RRSIG) {
+                       types[type_count] = cur_rrsets->type;
+                       type_count++;
+               }
                cur_rrsets = cur_rrsets->next;
        }
        /* always add rrsig type if this is not an unsigned
                cur_rrsets = cur_rrsets->next;
        }
        /* always add rrsig type if this is not an unsigned
@@ -900,8 +919,8 @@ ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs)
        uint16_t i_type;
 
        ldns_rr *nsec = NULL;
        uint16_t i_type;
 
        ldns_rr *nsec = NULL;
-    ldns_rr_type i_type_list[65535];
-       int type_count = 0;
+       ldns_rr_type i_type_list[65536];
+       size_t type_count = 0;
 
        nsec = ldns_rr_new();
        ldns_rr_set_type(nsec, LDNS_RR_TYPE_NSEC);
 
        nsec = ldns_rr_new();
        ldns_rr_set_type(nsec, LDNS_RR_TYPE_NSEC);
@@ -913,9 +932,11 @@ ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs)
                if (ldns_rdf_compare(cur_owner,
                                                 ldns_rr_owner(i_rr)) == 0) {
                        i_type = ldns_rr_get_type(i_rr);
                if (ldns_rdf_compare(cur_owner,
                                                 ldns_rr_owner(i_rr)) == 0) {
                        i_type = ldns_rr_get_type(i_rr);
-                       if (type_count == 0 || i_type_list[type_count-1] != i_type) {
-                               i_type_list[type_count] = i_type;
-                               type_count++;
+                       if (i_type != LDNS_RR_TYPE_RRSIG && i_type != LDNS_RR_TYPE_NSEC) {
+                               if (type_count == 0 || i_type_list[type_count-1] != i_type) {
+                                       i_type_list[type_count] = i_type;
+                                       type_count++;
+                               }
                        }
                }
        }
                        }
                }
        }
@@ -951,6 +972,11 @@ ldns_nsec3_hash_name(ldns_rdf *name,
        unsigned char hash[LDNS_SHA1_DIGEST_LENGTH];
        ldns_status status;
 
        unsigned char hash[LDNS_SHA1_DIGEST_LENGTH];
        ldns_status status;
 
+       /* TODO: mnemonic list for hash algs SHA-1, default to 1 now (sha1) */
+       if (algorithm != LDNS_SHA1) {
+               return NULL;
+       }
+
        /* prepare the owner name according to the draft section bla */
        cann = ldns_rdf_clone(name);
        if(!cann) {
        /* prepare the owner name according to the draft section bla */
        cann = ldns_rdf_clone(name);
        if(!cann) {
@@ -959,11 +985,12 @@ ldns_nsec3_hash_name(ldns_rdf *name,
        }
        ldns_dname2canonical(cann);
 
        }
        ldns_dname2canonical(cann);
 
-       /* TODO: mnemonic list for hash algs SHA-1, default to 1 now (sha1) */
-       algorithm = algorithm;
-
        hashed_owner_str_len = salt_length + ldns_rdf_size(cann);
        hashed_owner_str = LDNS_XMALLOC(unsigned char, hashed_owner_str_len);
        hashed_owner_str_len = salt_length + ldns_rdf_size(cann);
        hashed_owner_str = LDNS_XMALLOC(unsigned char, hashed_owner_str_len);
+        if(!hashed_owner_str) {
+               ldns_rdf_deep_free(cann);
+                return NULL;
+        }
        memcpy(hashed_owner_str, ldns_rdf_data(cann), ldns_rdf_size(cann));
        memcpy(hashed_owner_str + ldns_rdf_size(cann), salt, salt_length);
        ldns_rdf_deep_free(cann);
        memcpy(hashed_owner_str, ldns_rdf_data(cann), ldns_rdf_size(cann));
        memcpy(hashed_owner_str + ldns_rdf_size(cann), salt, salt_length);
        ldns_rdf_deep_free(cann);
@@ -976,7 +1003,6 @@ ldns_nsec3_hash_name(ldns_rdf *name,
                hashed_owner_str_len = salt_length + LDNS_SHA1_DIGEST_LENGTH;
                hashed_owner_str = LDNS_XMALLOC(unsigned char, hashed_owner_str_len);
                if (!hashed_owner_str) {
                hashed_owner_str_len = salt_length + LDNS_SHA1_DIGEST_LENGTH;
                hashed_owner_str = LDNS_XMALLOC(unsigned char, hashed_owner_str_len);
                if (!hashed_owner_str) {
-                       fprintf(stderr, "Memory error\n");
                        return NULL;
                }
                memcpy(hashed_owner_str, hash, LDNS_SHA1_DIGEST_LENGTH);
                        return NULL;
                }
                memcpy(hashed_owner_str, hash, LDNS_SHA1_DIGEST_LENGTH);
@@ -990,6 +1016,9 @@ ldns_nsec3_hash_name(ldns_rdf *name,
 
        hashed_owner_b32 = LDNS_XMALLOC(char,
                   ldns_b32_ntop_calculate_size(hashed_owner_str_len) + 1);
 
        hashed_owner_b32 = LDNS_XMALLOC(char,
                   ldns_b32_ntop_calculate_size(hashed_owner_str_len) + 1);
+        if(!hashed_owner_b32) {
+                return NULL;
+        }
         hashed_owner_b32_len = (size_t) ldns_b32_ntop_extended_hex(
                 (uint8_t *) hashed_owner_str,
                 hashed_owner_str_len,
         hashed_owner_b32_len = (size_t) ldns_b32_ntop_extended_hex(
                 (uint8_t *) hashed_owner_str,
                 hashed_owner_str_len,
@@ -1048,11 +1077,20 @@ ldns_nsec3_add_param_rdfs(ldns_rr *rr,
        if (old) ldns_rdf_deep_free(old);
 
        salt_data = LDNS_XMALLOC(uint8_t, salt_length + 1);
        if (old) ldns_rdf_deep_free(old);
 
        salt_data = LDNS_XMALLOC(uint8_t, salt_length + 1);
+        if(!salt_data) {
+                /* no way to return error */
+                return;
+        }
        salt_data[0] = salt_length;
        memcpy(salt_data + 1, salt, salt_length);
        salt_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_NSEC3_SALT,
                                                           salt_length + 1,
                                                           salt_data);
        salt_data[0] = salt_length;
        memcpy(salt_data + 1, salt, salt_length);
        salt_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_NSEC3_SALT,
                                                           salt_length + 1,
                                                           salt_data);
+        if(!salt_rdf) {
+                LDNS_FREE(salt_data);
+                /* no way to return error */
+                return;
+        }
 
        old = ldns_rr_set_rdf(rr, salt_rdf, 3);
        if (old) ldns_rdf_deep_free(old);
 
        old = ldns_rr_set_rdf(rr, salt_rdf, 3);
        if (old) ldns_rdf_deep_free(old);
@@ -1100,7 +1138,7 @@ ldns_create_nsec3(ldns_rdf *cur_owner,
        ldns_status status;
 
     ldns_rr_type i_type_list[1024];
        ldns_status status;
 
     ldns_rr_type i_type_list[1024];
-       int type_count = 0;
+       size_t type_count = 0;
 
        hashed_owner = ldns_nsec3_hash_name(cur_owner,
                                                                 algorithm,
 
        hashed_owner = ldns_nsec3_hash_name(cur_owner,
                                                                 algorithm,
@@ -1228,6 +1266,7 @@ ldns_nsec3_salt_data(const ldns_rr *nsec3_rr)
        if (salt_rdf && ldns_rdf_size(salt_rdf) > 0) {
                salt_length = ldns_rdf_data(salt_rdf)[0];
                salt = LDNS_XMALLOC(uint8_t, salt_length);
        if (salt_rdf && ldns_rdf_size(salt_rdf) > 0) {
                salt_length = ldns_rdf_data(salt_rdf)[0];
                salt = LDNS_XMALLOC(uint8_t, salt_length);
+                if(!salt) return NULL;
                memcpy(salt, &ldns_rdf_data(salt_rdf)[1], salt_length);
                return salt;
        }
                memcpy(salt, &ldns_rdf_data(salt_rdf)[1], salt_length);
                return salt;
        }
@@ -1538,25 +1577,37 @@ ldns_convert_dsa_rrsig_asn12rdf(const ldns_buffer *sig,
                                         (const unsigned char **)&dsasig_data,
                                         sig_len);
        if (!dsasig) {
                                         (const unsigned char **)&dsasig_data,
                                         sig_len);
        if (!dsasig) {
+                DSA_SIG_free(dsasig);
                return NULL;
        }
 
        dsasig_data = LDNS_XMALLOC(unsigned char, 41);
                return NULL;
        }
 
        dsasig_data = LDNS_XMALLOC(unsigned char, 41);
+        if(!dsasig_data) {
+                DSA_SIG_free(dsasig);
+                return NULL;
+        }
        dsasig_data[0] = 0;
        byte_offset = (size_t) (20 - BN_num_bytes(dsasig->r));
        if (byte_offset > 20) {
        dsasig_data[0] = 0;
        byte_offset = (size_t) (20 - BN_num_bytes(dsasig->r));
        if (byte_offset > 20) {
+                DSA_SIG_free(dsasig);
+                LDNS_FREE(dsasig_data);
                return NULL;
        }
        memset(&dsasig_data[1], 0, byte_offset);
        BN_bn2bin(dsasig->r, &dsasig_data[1 + byte_offset]);
        byte_offset = (size_t) (20 - BN_num_bytes(dsasig->s));
        if (byte_offset > 20) {
                return NULL;
        }
        memset(&dsasig_data[1], 0, byte_offset);
        BN_bn2bin(dsasig->r, &dsasig_data[1 + byte_offset]);
        byte_offset = (size_t) (20 - BN_num_bytes(dsasig->s));
        if (byte_offset > 20) {
+                DSA_SIG_free(dsasig);
+                LDNS_FREE(dsasig_data);
                return NULL;
        }
        memset(&dsasig_data[21], 0, byte_offset);
        BN_bn2bin(dsasig->s, &dsasig_data[21 + byte_offset]);
 
        sigdata_rdf = ldns_rdf_new(LDNS_RDF_TYPE_B64, 41, dsasig_data);
                return NULL;
        }
        memset(&dsasig_data[21], 0, byte_offset);
        BN_bn2bin(dsasig->s, &dsasig_data[21 + byte_offset]);
 
        sigdata_rdf = ldns_rdf_new(LDNS_RDF_TYPE_B64, 41, dsasig_data);
+        if(!sigdata_rdf) {
+                LDNS_FREE(dsasig_data);
+        }
        DSA_SIG_free(dsasig);
 
        return sigdata_rdf;
        DSA_SIG_free(dsasig);
 
        return sigdata_rdf;
@@ -1614,6 +1665,7 @@ ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
 }
 
 #ifdef USE_ECDSA
 }
 
 #ifdef USE_ECDSA
+#ifndef S_SPLINT_S
 ldns_rdf *
 ldns_convert_ecdsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len)
 {
 ldns_rdf *
 ldns_convert_ecdsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len)
 {
@@ -1632,8 +1684,8 @@ ldns_convert_ecdsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len)
         }
         BN_bn2bin(ecdsa_sig->r, data);
         BN_bn2bin(ecdsa_sig->s, data+BN_num_bytes(ecdsa_sig->r));
         }
         BN_bn2bin(ecdsa_sig->r, data);
         BN_bn2bin(ecdsa_sig->s, data+BN_num_bytes(ecdsa_sig->r));
-       rdf = ldns_rdf_new(LDNS_RDF_TYPE_B64,
-                BN_num_bytes(ecdsa_sig->r) + BN_num_bytes(ecdsa_sig->s), data);
+       rdf = ldns_rdf_new(LDNS_RDF_TYPE_B64, (size_t)(
+               BN_num_bytes(ecdsa_sig->r) + BN_num_bytes(ecdsa_sig->s)), data);
         ECDSA_SIG_free(ecdsa_sig);
         return rdf;
 }
         ECDSA_SIG_free(ecdsa_sig);
         return rdf;
 }
@@ -1644,7 +1696,7 @@ ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
 {
         ECDSA_SIG* sig;
        int raw_sig_len;
 {
         ECDSA_SIG* sig;
        int raw_sig_len;
-        long bnsize = ldns_rdf_size(sig_rdf) / 2;
+        long bnsize = (long)ldns_rdf_size(sig_rdf) / 2;
         /* if too short, or not even length, do not bother */
         if(bnsize < 16 || (size_t)bnsize*2 != ldns_rdf_size(sig_rdf))
                 return LDNS_STATUS_ERR;
         /* if too short, or not even length, do not bother */
         if(bnsize < 16 || (size_t)bnsize*2 != ldns_rdf_size(sig_rdf))
                 return LDNS_STATUS_ERR;
@@ -1663,14 +1715,16 @@ ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
 
        raw_sig_len = i2d_ECDSA_SIG(sig, NULL);
        if (ldns_buffer_reserve(target_buffer, (size_t) raw_sig_len)) {
 
        raw_sig_len = i2d_ECDSA_SIG(sig, NULL);
        if (ldns_buffer_reserve(target_buffer, (size_t) raw_sig_len)) {
-                unsigned char* pp = ldns_buffer_current(target_buffer);
+                unsigned char* pp = (unsigned char*)
+                       ldns_buffer_current(target_buffer);
                raw_sig_len = i2d_ECDSA_SIG(sig, &pp);
                raw_sig_len = i2d_ECDSA_SIG(sig, &pp);
-                ldns_buffer_skip(target_buffer, (size_t) raw_sig_len);
+                ldns_buffer_skip(target_buffer, (ssize_t) raw_sig_len);
        }
         ECDSA_SIG_free(sig);
 
        return ldns_buffer_status(target_buffer);
 }
 
        }
         ECDSA_SIG_free(sig);
 
        return ldns_buffer_status(target_buffer);
 }
 
+#endif /* S_SPLINT_S */
 #endif /* USE_ECDSA */
 #endif /* HAVE_SSL */
 #endif /* USE_ECDSA */
 #endif /* HAVE_SSL */
index d571c93..b210944 100644 (file)
@@ -120,7 +120,7 @@ ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *current_key)
 
        switch(ldns_key_algorithm(current_key)) {
        case LDNS_SIGN_DSA:
 
        switch(ldns_key_algorithm(current_key)) {
        case LDNS_SIGN_DSA:
-       case LDNS_DSA_NSEC3:
+       case LDNS_SIGN_DSA_NSEC3:
                b64rdf = ldns_sign_public_evp(
                                   sign_buf,
                                   ldns_key_evp_key(current_key),
                b64rdf = ldns_sign_public_evp(
                                   sign_buf,
                                   ldns_key_evp_key(current_key),
@@ -319,10 +319,18 @@ ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key)
                return NULL;
        }
 
                return NULL;
        }
 
-
        sig = DSA_do_sign(sha1_hash, SHA_DIGEST_LENGTH, key);
        sig = DSA_do_sign(sha1_hash, SHA_DIGEST_LENGTH, key);
+        if(!sig) {
+               ldns_buffer_free(b64sig);
+               return NULL;
+        }
 
        data = LDNS_XMALLOC(uint8_t, 1 + 2 * SHA_DIGEST_LENGTH);
 
        data = LDNS_XMALLOC(uint8_t, 1 + 2 * SHA_DIGEST_LENGTH);
+        if(!data) {
+               ldns_buffer_free(b64sig);
+                DSA_SIG_free(sig);
+               return NULL;
+        }
 
        data[0] = 1;
        pad = 20 - (size_t) BN_num_bytes(sig->r);
 
        data[0] = 1;
        pad = 20 - (size_t) BN_num_bytes(sig->r);
@@ -343,11 +351,13 @@ ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key)
 
        ldns_buffer_free(b64sig);
        LDNS_FREE(data);
 
        ldns_buffer_free(b64sig);
        LDNS_FREE(data);
+        DSA_SIG_free(sig);
 
        return sigdata_rdf;
 }
 
 #ifdef USE_ECDSA
 
        return sigdata_rdf;
 }
 
 #ifdef USE_ECDSA
+#ifndef S_SPLINT_S
 static int
 ldns_pkey_is_ecdsa(EVP_PKEY* pkey)
 {
 static int
 ldns_pkey_is_ecdsa(EVP_PKEY* pkey)
 {
@@ -371,6 +381,7 @@ ldns_pkey_is_ecdsa(EVP_PKEY* pkey)
         EC_KEY_free(ec);
         return 0;
 }
         EC_KEY_free(ec);
         return 0;
 }
+#endif /* splint */
 #endif /* USE_ECDSA */
 
 ldns_rdf *
 #endif /* USE_ECDSA */
 
 ldns_rdf *
@@ -422,6 +433,7 @@ ldns_sign_public_evp(ldns_buffer *to_sign,
        }
 
        /* unfortunately, OpenSSL output is differenct from DNS DSA format */
        }
 
        /* unfortunately, OpenSSL output is differenct from DNS DSA format */
+#ifndef S_SPLINT_S
        if (EVP_PKEY_type(key->type) == EVP_PKEY_DSA) {
                sigdata_rdf = ldns_convert_dsa_rrsig_asn12rdf(b64sig, siglen);
 #ifdef USE_ECDSA
        if (EVP_PKEY_type(key->type) == EVP_PKEY_DSA) {
                sigdata_rdf = ldns_convert_dsa_rrsig_asn12rdf(b64sig, siglen);
 #ifdef USE_ECDSA
@@ -434,6 +446,7 @@ ldns_sign_public_evp(ldns_buffer *to_sign,
                sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen,
                                                                         ldns_buffer_begin(b64sig));
        }
                sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen,
                                                                         ldns_buffer_begin(b64sig));
        }
+#endif /* splint */
        ldns_buffer_free(b64sig);
        EVP_MD_CTX_cleanup(&ctx);
        return sigdata_rdf;
        ldns_buffer_free(b64sig);
        EVP_MD_CTX_cleanup(&ctx);
        return sigdata_rdf;
@@ -631,7 +644,10 @@ ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone,
                                                  next_name,
                                                  LDNS_RR_TYPE_NSEC);
                ldns_rr_set_ttl(nsec_rr, nsec_ttl);
                                                  next_name,
                                                  LDNS_RR_TYPE_NSEC);
                ldns_rr_set_ttl(nsec_rr, nsec_ttl);
-               ldns_dnssec_name_add_rr(cur_name, nsec_rr);
+               if(ldns_dnssec_name_add_rr(cur_name, nsec_rr)!=LDNS_STATUS_OK){
+                       ldns_rr_free(nsec_rr);
+                       return LDNS_STATUS_ERR;
+               }
                ldns_rr_list_push_rr(new_rrs, nsec_rr);
                cur_node = next_node;
                if (cur_node) {
                ldns_rr_list_push_rr(new_rrs, nsec_rr);
                cur_node = next_node;
                if (cur_node) {
@@ -647,7 +663,10 @@ ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone,
                                                  next_name,
                                                  LDNS_RR_TYPE_NSEC);
                ldns_rr_set_ttl(nsec_rr, nsec_ttl);
                                                  next_name,
                                                  LDNS_RR_TYPE_NSEC);
                ldns_rr_set_ttl(nsec_rr, nsec_ttl);
-               ldns_dnssec_name_add_rr(cur_name, nsec_rr);
+               if(ldns_dnssec_name_add_rr(cur_name, nsec_rr)!=LDNS_STATUS_OK){
+                       ldns_rr_free(nsec_rr);
+                       return LDNS_STATUS_ERR;
+               }
                ldns_rr_list_push_rr(new_rrs, nsec_rr);
        } else {
                printf("error\n");
                ldns_rr_list_push_rr(new_rrs, nsec_rr);
        } else {
                printf("error\n");
@@ -718,15 +737,18 @@ ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone,
                        ldns_rdf_deep_free(ldns_rr_pop_rdf(nsec_rr));
                }
                ldns_rr_set_ttl(nsec_rr, nsec_ttl);
                        ldns_rdf_deep_free(ldns_rr_pop_rdf(nsec_rr));
                }
                ldns_rr_set_ttl(nsec_rr, nsec_ttl);
-               ldns_dnssec_name_add_rr(current_name, nsec_rr);
+               result = ldns_dnssec_name_add_rr(current_name, nsec_rr);
                ldns_rr_list_push_rr(new_rrs, nsec_rr);
                ldns_rr_list_push_rr(nsec3_list, nsec_rr);
                current_name_node = ldns_dnssec_name_node_next_nonglue(
                                   ldns_rbtree_next(current_name_node));
        }
                ldns_rr_list_push_rr(new_rrs, nsec_rr);
                ldns_rr_list_push_rr(nsec3_list, nsec_rr);
                current_name_node = ldns_dnssec_name_node_next_nonglue(
                                   ldns_rbtree_next(current_name_node));
        }
+       if (result != LDNS_STATUS_OK) {
+               return result;
+       }
 
        ldns_rr_list_sort_nsec3(nsec3_list);
 
        ldns_rr_list_sort_nsec3(nsec3_list);
-       ldns_dnssec_chain_nsec3_list(nsec3_list);
+       result = ldns_dnssec_chain_nsec3_list(nsec3_list);
        if (result != LDNS_STATUS_OK) {
                return result;
        }
        if (result != LDNS_STATUS_OK) {
                return result;
        }
@@ -954,7 +976,7 @@ ldns_dnssec_zone_create_rrsigs_flg(ldns_dnssec_zone *zone,
                                        siglist = ldns_sign_public(rr_list, key_list);
                                        for (i = 0; i < ldns_rr_list_rr_count(siglist); i++) {
                                                if (cur_rrset->signatures) {
                                        siglist = ldns_sign_public(rr_list, key_list);
                                        for (i = 0; i < ldns_rr_list_rr_count(siglist); i++) {
                                                if (cur_rrset->signatures) {
-                                                       ldns_dnssec_rrs_add_rr(cur_rrset->signatures,
+                                                       result = ldns_dnssec_rrs_add_rr(cur_rrset->signatures,
                                                                                           ldns_rr_list_rr(siglist,
                                                                                                                    i));
                                                } else {
                                                                                           ldns_rr_list_rr(siglist,
                                                                                                                    i));
                                                } else {
@@ -989,7 +1011,7 @@ ldns_dnssec_zone_create_rrsigs_flg(ldns_dnssec_zone *zone,
 
                        for (i = 0; i < ldns_rr_list_rr_count(siglist); i++) {
                                if (cur_name->nsec_signatures) {
 
                        for (i = 0; i < ldns_rr_list_rr_count(siglist); i++) {
                                if (cur_name->nsec_signatures) {
-                                       ldns_dnssec_rrs_add_rr(cur_name->nsec_signatures,
+                                       result = ldns_dnssec_rrs_add_rr(cur_name->nsec_signatures,
                                                                           ldns_rr_list_rr(siglist, i));
                                } else {
                                        cur_name->nsec_signatures = ldns_dnssec_rrs_new();
                                                                           ldns_rr_list_rr(siglist, i));
                                } else {
                                        cur_name->nsec_signatures = ldns_dnssec_rrs_new();
@@ -1035,7 +1057,10 @@ ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone,
        }
 
        /* zone is already sorted */
        }
 
        /* zone is already sorted */
-       ldns_dnssec_zone_mark_glue(zone);
+       result = ldns_dnssec_zone_mark_glue(zone);
+       if (result != LDNS_STATUS_OK) {
+               return result;
+       }
 
        /* check whether we need to add nsecs */
        if (zone->names && !((ldns_dnssec_name *)zone->names->root->data)->nsec) {
 
        /* check whether we need to add nsecs */
        if (zone->names && !((ldns_dnssec_name *)zone->names->root->data)->nsec) {
@@ -1088,14 +1113,20 @@ ldns_dnssec_zone_sign_nsec3_flg(ldns_dnssec_zone *zone,
        ldns_status result = LDNS_STATUS_OK;
 
        /* zone is already sorted */
        ldns_status result = LDNS_STATUS_OK;
 
        /* zone is already sorted */
-       ldns_dnssec_zone_mark_glue(zone);
+       result = ldns_dnssec_zone_mark_glue(zone);
+       if (result != LDNS_STATUS_OK) {
+               return result;
+       }
 
        /* TODO if there are already nsec3s presents and their
         * parameters are the same as these, we don't have to recreate
         */
        if (zone->names) {
                /* add empty nonterminals */
 
        /* TODO if there are already nsec3s presents and their
         * parameters are the same as these, we don't have to recreate
         */
        if (zone->names) {
                /* add empty nonterminals */
-               ldns_dnssec_zone_add_empty_nonterminals(zone);
+               result = ldns_dnssec_zone_add_empty_nonterminals(zone);
+               if (result != LDNS_STATUS_OK) {
+                       return result;
+               }
 
                nsec3 = ((ldns_dnssec_name *)zone->names->root->data)->nsec;
                if (nsec3 && ldns_rr_get_type(nsec3) == LDNS_RR_TYPE_NSEC3) {
 
                nsec3 = ((ldns_dnssec_name *)zone->names->root->data)->nsec;
                if (nsec3 && ldns_rr_get_type(nsec3) == LDNS_RR_TYPE_NSEC3) {
@@ -1118,7 +1149,10 @@ ldns_dnssec_zone_sign_nsec3_flg(ldns_dnssec_zone *zone,
                                /* always set bit 7 of the flags to zero, according to
                                 * rfc5155 section 11 */
                                ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(nsec3params, 1)), 7, 0);
                                /* always set bit 7 of the flags to zero, according to
                                 * rfc5155 section 11 */
                                ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(nsec3params, 1)), 7, 0);
-                               ldns_dnssec_zone_add_rr(zone, nsec3params);
+                               result = ldns_dnssec_zone_add_rr(zone, nsec3params);
+                               if (result != LDNS_STATUS_OK) {
+                                       return result;
+                               }
                                ldns_rr_list_push_rr(new_rrs, nsec3params);
                        }
                        result = ldns_dnssec_zone_create_nsec3s(zone,
                                ldns_rr_list_push_rr(new_rrs, nsec3params);
                        }
                        result = ldns_dnssec_zone_create_nsec3s(zone,
index d979c58..352e440 100644 (file)
@@ -19,6 +19,7 @@ ldns_dnssec_data_chain *
 ldns_dnssec_data_chain_new()
 {
        ldns_dnssec_data_chain *nc = LDNS_XMALLOC(ldns_dnssec_data_chain, 1);
 ldns_dnssec_data_chain_new()
 {
        ldns_dnssec_data_chain *nc = LDNS_XMALLOC(ldns_dnssec_data_chain, 1);
+        if(!nc) return NULL;
        nc->rrset = NULL;
        nc->parent_type = 0;
        nc->parent = NULL;
        nc->rrset = NULL;
        nc->parent_type = 0;
        nc->parent = NULL;
@@ -107,6 +108,7 @@ ldns_dnssec_build_data_chain_dnskey(ldns_resolver *res,
                                                                        LDNS_RR_TYPE_DNSKEY,
                                                                        c,
                                                                        qflags);
                                                                        LDNS_RR_TYPE_DNSKEY,
                                                                        c,
                                                                        qflags);
+                       if (my_pkt) {
                        keys = ldns_pkt_rr_list_by_name_and_type(
                                          my_pkt,
                                         key_name,
                        keys = ldns_pkt_rr_list_by_name_and_type(
                                          my_pkt,
                                         key_name,
@@ -120,6 +122,7 @@ ldns_dnssec_build_data_chain_dnskey(ldns_resolver *res,
                                                                                                        NULL);
                        new_chain->parent->packet_qtype = LDNS_RR_TYPE_DNSKEY;
                        ldns_pkt_free(my_pkt);
                                                                                                        NULL);
                        new_chain->parent->packet_qtype = LDNS_RR_TYPE_DNSKEY;
                        ldns_pkt_free(my_pkt);
+                       }
                } else {
                        new_chain->parent = ldns_dnssec_build_data_chain(res,
                                                                                                        qflags,
                } else {
                        new_chain->parent = ldns_dnssec_build_data_chain(res,
                                                                                                        qflags,
@@ -160,6 +163,7 @@ ldns_dnssec_build_data_chain_other(ldns_resolver *res,
                                                        LDNS_RR_TYPE_DS,
                                                        c,
                                                        qflags);
                                                        LDNS_RR_TYPE_DS,
                                                        c,
                                                        qflags);
+       if (my_pkt) {
        dss = ldns_pkt_rr_list_by_name_and_type(my_pkt,
                                                                        key_name,
                                                                        LDNS_RR_TYPE_DS,
        dss = ldns_pkt_rr_list_by_name_and_type(my_pkt,
                                                                        key_name,
                                                                        LDNS_RR_TYPE_DS,
@@ -175,12 +179,14 @@ ldns_dnssec_build_data_chain_other(ldns_resolver *res,
                ldns_rr_list_deep_free(dss);
        }
        ldns_pkt_free(my_pkt);
                ldns_rr_list_deep_free(dss);
        }
        ldns_pkt_free(my_pkt);
+       }
 
        my_pkt = ldns_resolver_query(res,
                                                        key_name,
                                                        LDNS_RR_TYPE_DNSKEY,
                                                        c,
                                                        qflags);
 
        my_pkt = ldns_resolver_query(res,
                                                        key_name,
                                                        LDNS_RR_TYPE_DNSKEY,
                                                        c,
                                                        qflags);
+       if (my_pkt) {
        signatures2 = ldns_pkt_rr_list_by_name_and_type(my_pkt,
                                                                                   key_name,
                                                                                   LDNS_RR_TYPE_RRSIG,
        signatures2 = ldns_pkt_rr_list_by_name_and_type(my_pkt,
                                                                                   key_name,
                                                                                   LDNS_RR_TYPE_RRSIG,
@@ -194,6 +200,7 @@ ldns_dnssec_build_data_chain_other(ldns_resolver *res,
                new_chain->signatures = signatures2;
        }
        ldns_pkt_free(my_pkt);
                new_chain->signatures = signatures2;
        }
        ldns_pkt_free(my_pkt);
+       }
 }
 
 ldns_dnssec_data_chain *
 }
 
 ldns_dnssec_data_chain *
@@ -223,6 +230,9 @@ ldns_dnssec_build_data_chain_nokeyname(ldns_resolver *res,
                      LDNS_RR_TYPE_DS,
                      LDNS_RR_CLASS_IN,
                      qflags);
                      LDNS_RR_TYPE_DS,
                      LDNS_RR_CLASS_IN,
                      qflags);
+       if (!my_pkt) {
+               return new_chain;
+       }
 
        if (ldns_pkt_ancount(my_pkt) > 0) {
                /* add error, no sigs but DS in parent */
 
        if (ldns_pkt_ancount(my_pkt) > 0) {
                /* add error, no sigs but DS in parent */
@@ -352,8 +362,10 @@ ldns_dnssec_build_data_chain(ldns_resolver *res,
                        signatures = ldns_dnssec_pkt_get_rrsigs_for_type(pkt, type);
                } else {
                        my_pkt = ldns_resolver_query(res, name, type, c, qflags);
                        signatures = ldns_dnssec_pkt_get_rrsigs_for_type(pkt, type);
                } else {
                        my_pkt = ldns_resolver_query(res, name, type, c, qflags);
+                       if (my_pkt) {
                        signatures = ldns_dnssec_pkt_get_rrsigs_for_type(pkt, type);
                        ldns_pkt_free(my_pkt);
                        signatures = ldns_dnssec_pkt_get_rrsigs_for_type(pkt, type);
                        ldns_pkt_free(my_pkt);
+                       }
                }
        } else {
                if (pkt) {
                }
        } else {
                if (pkt) {
@@ -364,11 +376,13 @@ ldns_dnssec_build_data_chain(ldns_resolver *res,
                }
                if (!signatures) {
                        my_pkt = ldns_resolver_query(res, name, type, c, qflags);
                }
                if (!signatures) {
                        my_pkt = ldns_resolver_query(res, name, type, c, qflags);
+                       if (my_pkt) {
                        signatures =
                                ldns_dnssec_pkt_get_rrsigs_for_name_and_type(my_pkt,
                                                                                                        name,
                                                                                                        type);
                        ldns_pkt_free(my_pkt);
                        signatures =
                                ldns_dnssec_pkt_get_rrsigs_for_name_and_type(my_pkt,
                                                                                                        name,
                                                                                                        type);
                        ldns_pkt_free(my_pkt);
+                       }
                }
        }
 
                }
        }
 
@@ -415,6 +429,7 @@ ldns_dnssec_trust_tree_new()
 {
        ldns_dnssec_trust_tree *new_tree = LDNS_XMALLOC(ldns_dnssec_trust_tree,
                                                                                   1);
 {
        ldns_dnssec_trust_tree *new_tree = LDNS_XMALLOC(ldns_dnssec_trust_tree,
                                                                                   1);
+        if(!new_tree) return NULL;
        new_tree->rr = NULL;
        new_tree->rrset = NULL;
        new_tree->parent_count = 0;
        new_tree->rr = NULL;
        new_tree->rrset = NULL;
        new_tree->parent_count = 0;
@@ -481,6 +496,8 @@ ldns_dnssec_trust_tree_print_sm(FILE *out,
        if (!sibmap) {
                treedepth = ldns_dnssec_trust_tree_depth(tree);
                sibmap = malloc(treedepth);
        if (!sibmap) {
                treedepth = ldns_dnssec_trust_tree_depth(tree);
                sibmap = malloc(treedepth);
+                if(!sibmap)
+                        return; /* mem err */
                memset(sibmap, 0, treedepth);
                mapset = true;
        }
                memset(sibmap, 0, treedepth);
                mapset = true;
        }
@@ -638,6 +655,8 @@ ldns_dnssec_derive_trust_tree(ldns_dnssec_data_chain *data_chain, ldns_rr *rr)
        size_t i, j;
 
        ldns_dnssec_trust_tree *new_tree = ldns_dnssec_trust_tree_new();
        size_t i, j;
 
        ldns_dnssec_trust_tree *new_tree = ldns_dnssec_trust_tree_new();
+        if(!new_tree)
+                return NULL;
        
        if (data_chain && data_chain->rrset) {
                cur_rrset = data_chain->rrset;
        
        if (data_chain && data_chain->rrset) {
                cur_rrset = data_chain->rrset;
@@ -1116,12 +1135,9 @@ ldns_validate_domain_dnskey(const ldns_resolver * res,
        ldns_rr_list * trusted_keys = NULL;
 
        /* Fetch keys for the domain */
        ldns_rr_list * trusted_keys = NULL;
 
        /* Fetch keys for the domain */
-       if ((keypkt = ldns_resolver_query(res,
-                                                           domain,
-                                                           LDNS_RR_TYPE_DNSKEY,
-                                                           LDNS_RR_CLASS_IN,
-                                                           LDNS_RD))) {
-
+       keypkt = ldns_resolver_query(res, domain,
+               LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, LDNS_RD);
+       if (keypkt) {
                domain_keys = ldns_pkt_rr_list_by_type(keypkt,
                                                                            LDNS_RR_TYPE_DNSKEY,
                                                                            LDNS_SECTION_ANSWER);
                domain_keys = ldns_pkt_rr_list_by_type(keypkt,
                                                                            LDNS_RR_TYPE_DNSKEY,
                                                                            LDNS_SECTION_ANSWER);
@@ -1205,12 +1221,9 @@ ldns_validate_domain_ds(const ldns_resolver *res,
        ldns_rr_list * trusted_keys = NULL;
 
        /* Fetch DS for the domain */
        ldns_rr_list * trusted_keys = NULL;
 
        /* Fetch DS for the domain */
-       if ((dspkt = ldns_resolver_query(res,
-                                                          domain,
-                                                          LDNS_RR_TYPE_DS,
-                                                          LDNS_RR_CLASS_IN,
-                                                          LDNS_RD))) {
-
+       dspkt = ldns_resolver_query(res, domain,
+               LDNS_RR_TYPE_DS, LDNS_RR_CLASS_IN, LDNS_RD);
+       if (dspkt) {
                rrset = ldns_pkt_rr_list_by_type(dspkt,
                                                                   LDNS_RR_TYPE_DS,
                                                                   LDNS_SECTION_ANSWER);
                rrset = ldns_pkt_rr_list_by_type(dspkt,
                                                                   LDNS_RR_TYPE_DS,
                                                                   LDNS_SECTION_ANSWER);
@@ -1523,7 +1536,7 @@ ldns_gost2pkey_raw(unsigned char* key, size_t keylen)
        memmove(encoded+37, key, 64);
        pp = (unsigned char*)&encoded[0];
 
        memmove(encoded+37, key, 64);
        pp = (unsigned char*)&encoded[0];
 
-       return d2i_PUBKEY(NULL, &pp, sizeof(encoded));
+       return d2i_PUBKEY(NULL, &pp, (int)sizeof(encoded));
 }
 
 static ldns_status
 }
 
 static ldns_status
@@ -1572,7 +1585,7 @@ ldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo)
         * of openssl) for uncompressed data */
        buf[0] = POINT_CONVERSION_UNCOMPRESSED;
        memmove(buf+1, key, keylen);
         * of openssl) for uncompressed data */
        buf[0] = POINT_CONVERSION_UNCOMPRESSED;
        memmove(buf+1, key, keylen);
-        if(!o2i_ECPublicKey(&ec, &pp, keylen+1)) {
+        if(!o2i_ECPublicKey(&ec, &pp, (int)keylen+1)) {
                 EC_KEY_free(ec);
                 return NULL;
         }
                 EC_KEY_free(ec);
                 return NULL;
         }
index 91e5651..e2a5fce 100644 (file)
@@ -11,6 +11,7 @@ ldns_dnssec_rrs_new()
 {
        ldns_dnssec_rrs *new_rrs;
        new_rrs = LDNS_MALLOC(ldns_dnssec_rrs);
 {
        ldns_dnssec_rrs *new_rrs;
        new_rrs = LDNS_MALLOC(ldns_dnssec_rrs);
+        if(!new_rrs) return NULL;
        new_rrs->rr = NULL;
        new_rrs->next = NULL;
        return new_rrs;
        new_rrs->rr = NULL;
        new_rrs->next = NULL;
        return new_rrs;
@@ -96,6 +97,7 @@ ldns_dnssec_rrsets_new()
 {
        ldns_dnssec_rrsets *new_rrsets;
        new_rrsets = LDNS_MALLOC(ldns_dnssec_rrsets);
 {
        ldns_dnssec_rrsets *new_rrsets;
        new_rrsets = LDNS_MALLOC(ldns_dnssec_rrsets);
+        if(!new_rrsets) return NULL;
        new_rrsets->rrs = NULL;
        new_rrsets->type = 0;
        new_rrsets->signatures = NULL;
        new_rrsets->rrs = NULL;
        new_rrsets->type = 0;
        new_rrsets->signatures = NULL;
@@ -318,7 +320,10 @@ ldns_dnssec_name_new_frm_rr(ldns_rr *rr)
        ldns_dnssec_name *new_name = ldns_dnssec_name_new();
 
        new_name->name = ldns_rr_owner(rr);
        ldns_dnssec_name *new_name = ldns_dnssec_name_new();
 
        new_name->name = ldns_rr_owner(rr);
-       ldns_dnssec_name_add_rr(new_name, rr);
+       if(ldns_dnssec_name_add_rr(new_name, rr) != LDNS_STATUS_OK) {
+               ldns_dnssec_name_free(new_name);
+               return NULL;
+       }
 
        return new_name;
 }
 
        return new_name;
 }
@@ -456,7 +461,7 @@ ldns_dnssec_name_add_rr(ldns_dnssec_name *name,
        } else if (typecovered == LDNS_RR_TYPE_NSEC ||
                         typecovered == LDNS_RR_TYPE_NSEC3) {
                if (name->nsec_signatures) {
        } else if (typecovered == LDNS_RR_TYPE_NSEC ||
                         typecovered == LDNS_RR_TYPE_NSEC3) {
                if (name->nsec_signatures) {
-                       ldns_dnssec_rrs_add_rr(name->nsec_signatures, rr);
+                       result = ldns_dnssec_rrs_add_rr(name->nsec_signatures, rr);
                } else {
                        name->nsec_signatures = ldns_dnssec_rrs_new();
                        name->nsec_signatures->rr = rr;
                } else {
                        name->nsec_signatures = ldns_dnssec_rrs_new();
                        name->nsec_signatures->rr = rr;
@@ -514,15 +519,6 @@ ldns_dnssec_zone_find_rrset(ldns_dnssec_zone *zone,
        }
 }
 
        }
 }
 
-static inline void
-print_indent(FILE *out, int c)
-{
-       int i;
-       for (i=0; i<c; i++) {
-               fprintf(out, "    ");
-       }
-}
-
 void
 ldns_dnssec_name_print_soa(FILE *out, ldns_dnssec_name *name, bool show_soa)
 {
 void
 ldns_dnssec_name_print_soa(FILE *out, ldns_dnssec_name *name, bool show_soa)
 {
@@ -555,6 +551,7 @@ ldns_dnssec_zone *
 ldns_dnssec_zone_new()
 {
        ldns_dnssec_zone *zone = LDNS_MALLOC(ldns_dnssec_zone);
 ldns_dnssec_zone_new()
 {
        ldns_dnssec_zone *zone = LDNS_MALLOC(ldns_dnssec_zone);
+        if(!zone) return NULL;
        zone->soa = NULL;
        zone->names = NULL;
 
        zone->soa = NULL;
        zone->names = NULL;
 
@@ -653,6 +650,7 @@ ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone, ldns_rr *rr)
 
        if (!zone->names) {
                zone->names = ldns_rbtree_create(ldns_dname_compare_v);
 
        if (!zone->names) {
                zone->names = ldns_rbtree_create(ldns_dname_compare_v);
+                if(!zone->names) return LDNS_STATUS_MEM_ERR;
        }
 
        /* we need the original of the hashed name if this is
        }
 
        /* we need the original of the hashed name if this is
@@ -674,13 +672,18 @@ ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone, ldns_rr *rr)
        if (!cur_node) {
                /* add */
                cur_name = ldns_dnssec_name_new_frm_rr(rr);
        if (!cur_node) {
                /* add */
                cur_name = ldns_dnssec_name_new_frm_rr(rr);
+                if(!cur_name) return LDNS_STATUS_MEM_ERR;
                cur_node = LDNS_MALLOC(ldns_rbnode_t);
                cur_node = LDNS_MALLOC(ldns_rbnode_t);
+                if(!cur_node) {
+                        ldns_dnssec_name_free(cur_name);
+                        return LDNS_STATUS_MEM_ERR;
+                }
                cur_node->key = ldns_rr_owner(rr);
                cur_node->data = cur_name;
                cur_node->key = ldns_rr_owner(rr);
                cur_node->data = cur_name;
-               ldns_rbtree_insert(zone->names, cur_node);
+               (void)ldns_rbtree_insert(zone->names, cur_node);
        } else {
                cur_name = (ldns_dnssec_name *) cur_node->data;
        } else {
                cur_name = (ldns_dnssec_name *) cur_node->data;
-               ldns_dnssec_name_add_rr(cur_name, rr);
+               result = ldns_dnssec_name_add_rr(cur_name, rr);
        }
 
        if (result != LDNS_STATUS_OK) {
        }
 
        if (result != LDNS_STATUS_OK) {
@@ -784,9 +787,9 @@ ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone)
                 * label in the current name (counting from the end)
                 */
                for (i = 1; i < next_label_count - soa_label_count; i++) {
                 * label in the current name (counting from the end)
                 */
                for (i = 1; i < next_label_count - soa_label_count; i++) {
-                       lpos = cur_label_count - next_label_count + i;
+                       lpos = (int)cur_label_count - (int)next_label_count + (int)i;
                        if (lpos >= 0) {
                        if (lpos >= 0) {
-                               l1 = ldns_dname_label(cur_name, lpos);
+                               l1 = ldns_dname_label(cur_name, (uint8_t)lpos);
                        } else {
                                l1 = NULL;
                        }
                        } else {
                                l1 = NULL;
                        }
@@ -814,7 +817,7 @@ ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone)
                                }
                                new_node->key = new_name->name;
                                new_node->data = new_name;
                                }
                                new_node->key = new_name->name;
                                new_node->data = new_name;
-                               ldns_rbtree_insert(zone->names, new_node);
+                               (void)ldns_rbtree_insert(zone->names, new_node);
                        }
                        ldns_rdf_deep_free(l1);
                        ldns_rdf_deep_free(l2);
                        }
                        ldns_rdf_deep_free(l1);
                        ldns_rdf_deep_free(l2);
index bae04db..abd0ff6 100644 (file)
@@ -866,8 +866,8 @@ main(int argc, char *argv[])
                                                for(key_count = 0; key_count < ldns_rr_list_rr_count(key_verified);
                                                                key_count++) {
                                                        if (verbosity != -1) {
                                                for(key_count = 0; key_count < ldns_rr_list_rr_count(key_verified);
                                                                key_count++) {
                                                        if (verbosity != -1) {
-                                                               printf("; VALIDATED by id = %d, owner = ",
-                                                                               (int)ldns_calc_keytag(
+                                                               printf("; VALIDATED by id = %u, owner = ",
+                                                                               (unsigned int)ldns_calc_keytag(
                                                                                                      ldns_rr_list_rr(key_verified, key_count)));
                                                                ldns_rdf_print(stdout, ldns_rr_owner(
                                                                                        ldns_rr_list_rr(key_list, key_count)));
                                                                                                      ldns_rr_list_rr(key_verified, key_count)));
                                                                ldns_rdf_print(stdout, ldns_rr_owner(
                                                                                        ldns_rr_list_rr(key_list, key_count)));
@@ -878,9 +878,9 @@ main(int argc, char *argv[])
                                                for(key_count = 0; key_count < ldns_rr_list_rr_count(key_list);
                                                                key_count++) {
                                                        if (verbosity != -1) {
                                                for(key_count = 0; key_count < ldns_rr_list_rr_count(key_list);
                                                                key_count++) {
                                                        if (verbosity != -1) {
-                                                               printf("; %s for id = %d, owner = ",
+                                                               printf("; %s for id = %u, owner = ",
                                                                       ldns_get_errorstr_by_id(result),
                                                                       ldns_get_errorstr_by_id(result),
-                                                                      (int)ldns_calc_keytag(
+                                                                      (unsigned int)ldns_calc_keytag(
                                                                                                      ldns_rr_list_rr(key_list, key_count)));
                                                                ldns_rdf_print(stdout, ldns_rr_owner(
 
                                                                                                      ldns_rr_list_rr(key_list, key_count)));
                                                                ldns_rdf_print(stdout, ldns_rr_owner(
 
index f75b416..596be9d 100644 (file)
@@ -95,6 +95,16 @@ ldns_rdf_new_addr_frm_str(char *str)
        return a;
 }
 
        return a;
 }
 
+static inline void
+local_print_ds(FILE* out, const char* pre, ldns_rr* ds)
+{
+       if (out && ds) {
+               fprintf(out, "%s", pre);
+               ldns_rr_print(out, ds);
+               ldns_rr_free(ds);
+       }
+}
+
 /*
  * For all keys in a packet print the DS 
  */
 /*
  * For all keys in a packet print the DS 
  */
@@ -106,7 +116,7 @@ print_ds_of_keys(ldns_pkt *p)
        ldns_rr *ds;
 
        /* TODO fix the section stuff, here or in ldns */
        ldns_rr *ds;
 
        /* TODO fix the section stuff, here or in ldns */
-       keys = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_DNSKEY, 
+       keys = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_DNSKEY,
                        LDNS_SECTION_ANSWER);
 
        /* this also returns the question section rr, which does not
                        LDNS_SECTION_ANSWER);
 
        /* this also returns the question section rr, which does not
@@ -114,12 +124,13 @@ print_ds_of_keys(ldns_pkt *p)
 
        if (keys) {
                for (i = 0; i < ldns_rr_list_rr_count(keys); i++) {
 
        if (keys) {
                for (i = 0; i < ldns_rr_list_rr_count(keys); i++) {
+                       fprintf(stdout, ";\n; equivalent DS records for key %u:\n",
+                               (unsigned int)ldns_calc_keytag(ldns_rr_list_rr(keys, i)));
+
                        ds = ldns_key_rr2ds(ldns_rr_list_rr(keys, i), LDNS_SHA1);
                        ds = ldns_key_rr2ds(ldns_rr_list_rr(keys, i), LDNS_SHA1);
-                       if (ds) {
-                               printf("; ");
-                               ldns_rr_print(stdout, ds);
-                               printf("\n");
-                       }
+                       local_print_ds(stdout, "; sha1: ", ds);
+                       ds = ldns_key_rr2ds(ldns_rr_list_rr(keys, i), LDNS_SHA256);
+                       local_print_ds(stdout, "; sha256: ", ds);
                }
        }
 }
                }
        }
 }
@@ -215,16 +226,16 @@ print_dnskey_abbr(FILE *fp, ldns_rr *key)
         ldns_rdf_print(fp, ldns_rr_rdf(key, 2));
 
        if (ldns_rdf2native_int16(ldns_rr_rdf(key, 0)) == 256) {
         ldns_rdf_print(fp, ldns_rr_rdf(key, 2));
 
        if (ldns_rdf2native_int16(ldns_rr_rdf(key, 0)) == 256) {
-               fprintf(fp, " ;{id = %d (zsk), size = %db}", (int)ldns_calc_keytag(key),
+               fprintf(fp, " ;{id = %u (zsk), size = %db}", (unsigned int)ldns_calc_keytag(key),
                                (int)ldns_rr_dnskey_key_size(key));
                return;
        }
        if (ldns_rdf2native_int16(ldns_rr_rdf(key, 0)) == 257) {
                                (int)ldns_rr_dnskey_key_size(key));
                return;
        }
        if (ldns_rdf2native_int16(ldns_rr_rdf(key, 0)) == 257) {
-               fprintf(fp, " ;{id = %d (ksk), size = %db}", (int)ldns_calc_keytag(key),
+               fprintf(fp, " ;{id = %u (ksk), size = %db}", (unsigned int)ldns_calc_keytag(key),
                                (int)ldns_rr_dnskey_key_size(key));
                return;
        }
                                (int)ldns_rr_dnskey_key_size(key));
                return;
        }
-       fprintf(fp, " ;{id = %d, size = %db}", (int)ldns_calc_keytag(key),
+       fprintf(fp, " ;{id = %u, size = %db}", (unsigned int)ldns_calc_keytag(key),
                        (int)ldns_rr_dnskey_key_size(key));
 }
 
                        (int)ldns_rr_dnskey_key_size(key));
 }
 
index a4ab06f..1563e82 100644 (file)
@@ -173,8 +173,8 @@ ldns_get_rr_list_hosts_frm_fp_l(FILE *fp, int *line_nr)
                return NULL;
        }
 
                return NULL;
        }
 
-       for(i = ldns_fget_token_l(fp, line, "\n", 0, line_nr);
-                       i > 0; i = ldns_fget_token_l(fp, line, "\n", 0, line_nr)) {
+       for(i = ldns_fget_token_l(fp, line, "\n", LDNS_MAX_LINELEN, line_nr);
+                       i > 0; i = ldns_fget_token_l(fp, line, "\n", LDNS_MAX_LINELEN, line_nr)) {
                /* # is comment */
                if (line[0] == '#') {
                        continue;
                /* # is comment */
                if (line[0] == '#') {
                        continue;
@@ -191,9 +191,9 @@ ldns_get_rr_list_hosts_frm_fp_l(FILE *fp, int *line_nr)
                }
 
                ldns_buffer_new_frm_data(linebuf, line, (size_t) i);
                }
 
                ldns_buffer_new_frm_data(linebuf, line, (size_t) i);
-               for(cnt = 0, j = ldns_bget_token(linebuf, word, LDNS_PARSE_NO_NL, 0);
+               for(cnt = 0, j = ldns_bget_token(linebuf, word, LDNS_PARSE_NO_NL, LDNS_MAX_LINELEN);
                                j > 0;
                                j > 0;
-                               j = ldns_bget_token(linebuf, word, LDNS_PARSE_NO_NL, 0), cnt++) {
+                               j = ldns_bget_token(linebuf, word, LDNS_PARSE_NO_NL, LDNS_MAX_LINELEN), cnt++) {
                        if (cnt == 0) {
                                /* the address */
                                if ((tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_AAAA, 
                        if (cnt == 0) {
                                /* the address */
                                if ((tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_AAAA, 
@@ -212,7 +212,7 @@ ldns_get_rr_list_hosts_frm_fp_l(FILE *fp, int *line_nr)
                                                break;
                                        }
                                }
                                                break;
                                        }
                                }
-                               strlcpy(addr, word, LDNS_MAX_LINELEN+1);
+                               (void)strlcpy(addr, word, LDNS_MAX_LINELEN+1);
                        } else {
                                /* la al la la */
                                if (ip6) {
                        } else {
                                /* la al la la */
                                if (ip6) {
index 32ef8a5..6942f6a 100644 (file)
@@ -63,13 +63,18 @@ ldns_lookup_table ldns_algorithms[] = {
         { 0, NULL }
 };
 
         { 0, NULL }
 };
 
-/* Taken from RFC 2538  */
+/* Taken from RFC 4398  */
 ldns_lookup_table ldns_cert_algorithms[] = {
         { LDNS_CERT_PKIX, "PKIX" },
 ldns_lookup_table ldns_cert_algorithms[] = {
         { LDNS_CERT_PKIX, "PKIX" },
-       { LDNS_CERT_SPKI, "SPKI" },
-       { LDNS_CERT_PGP, "PGP" },
-       { LDNS_CERT_URI, "URI" },
-       { LDNS_CERT_OID, "OID" },
+        { LDNS_CERT_SPKI, "SPKI" },
+        { LDNS_CERT_PGP, "PGP" },
+        { LDNS_CERT_IPKIX, "IPKIX" },
+        { LDNS_CERT_ISPKI, "ISPKI" },
+        { LDNS_CERT_IPGP, "IPGP" },
+        { LDNS_CERT_ACPKIX, "ACPKIX" },
+        { LDNS_CERT_IACPKIX, "IACPKIX" },
+        { LDNS_CERT_URI, "URI" },
+        { LDNS_CERT_OID, "OID" },
         { 0, NULL }
 };
 
         { 0, NULL }
 };
 
@@ -168,8 +173,11 @@ ldns_pkt_opcode2str(ldns_pkt_opcode opcode)
        ldns_buffer *buf;
 
        buf = ldns_buffer_new(12);
        ldns_buffer *buf;
 
        buf = ldns_buffer_new(12);
-       str = NULL;
+       if (!buf) {
+               return NULL;
+       }
 
 
+       str = NULL;
        if (ldns_pkt_opcode2buffer_str(buf, opcode) == LDNS_STATUS_OK) {
                str = ldns_buffer2str(buf);
        }
        if (ldns_pkt_opcode2buffer_str(buf, opcode) == LDNS_STATUS_OK) {
                str = ldns_buffer2str(buf);
        }
@@ -185,8 +193,11 @@ ldns_pkt_rcode2str(ldns_pkt_rcode rcode)
        ldns_buffer *buf;
 
        buf = ldns_buffer_new(10);
        ldns_buffer *buf;
 
        buf = ldns_buffer_new(10);
-       str = NULL;
+       if (!buf) {
+               return NULL;
+       }
 
 
+       str = NULL;
        if (ldns_pkt_rcode2buffer_str(buf, rcode) == LDNS_STATUS_OK) {
                str = ldns_buffer2str(buf);
        }
        if (ldns_pkt_rcode2buffer_str(buf, rcode) == LDNS_STATUS_OK) {
                str = ldns_buffer2str(buf);
        }
@@ -202,8 +213,11 @@ ldns_pkt_algorithm2str(ldns_algorithm algorithm)
        ldns_buffer *buf;
 
        buf = ldns_buffer_new(10);
        ldns_buffer *buf;
 
        buf = ldns_buffer_new(10);
-       str = NULL;
+       if (!buf) {
+               return NULL;
+       }
 
 
+       str = NULL;
        if (ldns_algorithm2buffer_str(buf, algorithm)
            == LDNS_STATUS_OK) {
                str = ldns_buffer2str(buf);
        if (ldns_algorithm2buffer_str(buf, algorithm)
            == LDNS_STATUS_OK) {
                str = ldns_buffer2str(buf);
@@ -220,8 +234,11 @@ ldns_pkt_cert_algorithm2str(ldns_cert_algorithm cert_algorithm)
        ldns_buffer *buf;
 
        buf = ldns_buffer_new(10);
        ldns_buffer *buf;
 
        buf = ldns_buffer_new(10);
-       str = NULL;
+       if (!buf) {
+               return NULL;
+       }
 
 
+       str = NULL;
        if (ldns_cert_algorithm2buffer_str(buf, cert_algorithm)
            == LDNS_STATUS_OK) {
                str = ldns_buffer2str(buf);
        if (ldns_cert_algorithm2buffer_str(buf, cert_algorithm)
            == LDNS_STATUS_OK) {
                str = ldns_buffer2str(buf);
@@ -241,6 +258,7 @@ ldns_rdf2buffer_str_dname(ldns_buffer *output, const ldns_rdf *dname)
        uint8_t len;
        uint8_t *data;
        uint8_t i;
        uint8_t len;
        uint8_t *data;
        uint8_t i;
+       unsigned char c;
 
        data = (uint8_t*)ldns_rdf_data(dname);
        len = data[src_pos];
 
        data = (uint8_t*)ldns_rdf_data(dname);
        len = data[src_pos];
@@ -260,14 +278,15 @@ ldns_rdf2buffer_str_dname(ldns_buffer *output, const ldns_rdf *dname)
                                /* paranoia check for various 'strange'
                                   characters in dnames
                                */
                                /* paranoia check for various 'strange'
                                   characters in dnames
                                */
-                               if(data[src_pos]=='.' || data[src_pos]==';' ||
-                                  data[src_pos]=='(' || data[src_pos]==')' ||
-                                  data[src_pos]=='\\') {
+                               c = (unsigned char) data[src_pos];
+                               if(c == '.' || c == ';' ||
+                                  c == '(' || c == ')' ||
+                                  c == '\\') {
                                        ldns_buffer_printf(output, "\\%c",
                                                        data[src_pos]);
                                        ldns_buffer_printf(output, "\\%c",
                                                        data[src_pos]);
-                               } else if (!isgraph((int) data[src_pos])) {
+                               } else if (!(isascii(c) && isgraph(c))) {
                                        ldns_buffer_printf(output, "\\%03u",
                                        ldns_buffer_printf(output, "\\%03u",
-                                                       data[src_pos]);
+                                                       data[src_pos]);
                                } else {
                                        ldns_buffer_printf(output, "%c", data[src_pos]);
                                }
                                } else {
                                        ldns_buffer_printf(output, "%c", data[src_pos]);
                                }
@@ -362,7 +381,8 @@ ldns_rdf2buffer_str_str(ldns_buffer *output, const ldns_rdf *rdf)
                        else
                                ldns_buffer_printf(output, "%c", ch);
                } else {
                        else
                                ldns_buffer_printf(output, "%c", ch);
                } else {
-                       ldns_buffer_printf(output, "\\%03u", (unsigned) ch);
+                       ldns_buffer_printf(output, "\\%03u",
+                                (unsigned)(uint8_t) ch);
                }
        }
        ldns_buffer_printf(output, "\"");
                }
        }
        ldns_buffer_printf(output, "\"");
@@ -526,8 +546,11 @@ ldns_rr_type2str(const ldns_rr_type type)
        ldns_buffer *buf;
 
        buf = ldns_buffer_new(10);
        ldns_buffer *buf;
 
        buf = ldns_buffer_new(10);
-       str = NULL;
+       if (!buf) {
+               return NULL;
+       }
 
 
+       str = NULL;
        if (ldns_rr_type2buffer_str(buf, type) == LDNS_STATUS_OK) {
                str = ldns_buffer2str(buf);
        }
        if (ldns_rr_type2buffer_str(buf, type) == LDNS_STATUS_OK) {
                str = ldns_buffer2str(buf);
        }
@@ -558,8 +581,12 @@ ldns_rr_class2str(const ldns_rr_class klass)
        ldns_buffer *buf;
        char *str;
 
        ldns_buffer *buf;
        char *str;
 
-       str = NULL;
        buf = ldns_buffer_new(10);
        buf = ldns_buffer_new(10);
+       if (!buf) {
+               return NULL;
+       }
+
+       str = NULL;
        if (ldns_rr_class2buffer_str(buf, klass) == LDNS_STATUS_OK) {
                str = ldns_buffer2str(buf);
        }
        if (ldns_rr_class2buffer_str(buf, klass) == LDNS_STATUS_OK) {
                str = ldns_buffer2str(buf);
        }
@@ -761,6 +788,10 @@ ldns_rdf2buffer_str_nsec3_salt(ldns_buffer *output, const ldns_rdf *rdf)
 
        uint8_t *data = ldns_rdf_data(rdf);
 
 
        uint8_t *data = ldns_rdf_data(rdf);
 
+        if(ldns_rdf_size(rdf) == 0) {
+                output->_status = LDNS_STATUS_ERR;
+               return ldns_buffer_status(output);
+        }
        salt_length = data[0];
        /* from now there are variable length entries so remember pos */
        if (salt_length == 0 || ((size_t)salt_length)+1 > ldns_rdf_size(rdf)) {
        salt_length = data[0];
        /* from now there are variable length entries so remember pos */
        if (salt_length == 0 || ((size_t)salt_length)+1 > ldns_rdf_size(rdf)) {
@@ -813,11 +844,11 @@ ldns_rdf2buffer_str_apl(ldns_buffer *output, const ldns_rdf *rdf)
        uint8_t prefix;
        bool negation;
        uint8_t adf_length;
        uint8_t prefix;
        bool negation;
        uint8_t adf_length;
-       unsigned short i;
-       unsigned int pos = 0;
+       size_t i;
+       size_t pos = 0;
 
        while (pos < (unsigned int) ldns_rdf_size(rdf)) {
 
        while (pos < (unsigned int) ldns_rdf_size(rdf)) {
-                if(pos + 3 >= ldns_rdf_size(rdf))
+                if(pos + 3 >= (unsigned)ldns_rdf_size(rdf))
                         return LDNS_STATUS_SYNTAX_RDATA_ERR;
                address_family = ldns_read_uint16(&data[pos]);
                prefix = data[pos + 2];
                         return LDNS_STATUS_SYNTAX_RDATA_ERR;
                address_family = ldns_read_uint16(&data[pos]);
                prefix = data[pos + 2];
@@ -887,6 +918,8 @@ ldns_rdf2buffer_str_int16_data(ldns_buffer *output, const ldns_rdf *rdf)
        /* Subtract the size (2) of the number that specifies the length */
        size_t size = ldns_b64_ntop_calculate_size(ldns_rdf_size(rdf) - 2);
        char *b64 = LDNS_XMALLOC(char, size);
        /* Subtract the size (2) of the number that specifies the length */
        size_t size = ldns_b64_ntop_calculate_size(ldns_rdf_size(rdf) - 2);
        char *b64 = LDNS_XMALLOC(char, size);
+        if(!b64)
+                return LDNS_STATUS_MEM_ERR;
 
        ldns_buffer_printf(output, "%u ", ldns_rdf_size(rdf) - 2);
 
 
        ldns_buffer_printf(output, "%u ", ldns_rdf_size(rdf) - 2);
 
@@ -932,16 +965,28 @@ ldns_rdf2buffer_str_ipseckey(ldns_buffer *output, const ldns_rdf *rdf)
                        break;
                case 1:
                        gateway_data = LDNS_XMALLOC(uint8_t, LDNS_IP4ADDRLEN);
                        break;
                case 1:
                        gateway_data = LDNS_XMALLOC(uint8_t, LDNS_IP4ADDRLEN);
+                        if(!gateway_data)
+                                return LDNS_STATUS_MEM_ERR;
                        memcpy(gateway_data, &data[offset], LDNS_IP4ADDRLEN);
                        gateway = ldns_rdf_new(LDNS_RDF_TYPE_A, LDNS_IP4ADDRLEN , gateway_data);
                        offset += LDNS_IP4ADDRLEN;
                        memcpy(gateway_data, &data[offset], LDNS_IP4ADDRLEN);
                        gateway = ldns_rdf_new(LDNS_RDF_TYPE_A, LDNS_IP4ADDRLEN , gateway_data);
                        offset += LDNS_IP4ADDRLEN;
+                        if(!gateway) {
+                                LDNS_FREE(gateway_data);
+                                return LDNS_STATUS_MEM_ERR;
+                        }
                        break;
                case 2:
                        gateway_data = LDNS_XMALLOC(uint8_t, LDNS_IP6ADDRLEN);
                        break;
                case 2:
                        gateway_data = LDNS_XMALLOC(uint8_t, LDNS_IP6ADDRLEN);
+                        if(!gateway_data)
+                                return LDNS_STATUS_MEM_ERR;
                        memcpy(gateway_data, &data[offset], LDNS_IP6ADDRLEN);
                        offset += LDNS_IP6ADDRLEN;
                        gateway =
                                ldns_rdf_new(LDNS_RDF_TYPE_AAAA, LDNS_IP6ADDRLEN, gateway_data);
                        memcpy(gateway_data, &data[offset], LDNS_IP6ADDRLEN);
                        offset += LDNS_IP6ADDRLEN;
                        gateway =
                                ldns_rdf_new(LDNS_RDF_TYPE_AAAA, LDNS_IP6ADDRLEN, gateway_data);
+                        if(!gateway) {
+                                LDNS_FREE(gateway_data);
+                                return LDNS_STATUS_MEM_ERR;
+                        }
                        break;
                case 3:
                        status = ldns_wire2dname(&gateway, data, ldns_rdf_size(rdf), &offset);
                        break;
                case 3:
                        status = ldns_wire2dname(&gateway, data, ldns_rdf_size(rdf), &offset);
@@ -955,8 +1000,17 @@ ldns_rdf2buffer_str_ipseckey(ldns_buffer *output, const ldns_rdf *rdf)
 
        public_key_size = ldns_rdf_size(rdf) - offset;
        public_key_data = LDNS_XMALLOC(uint8_t, public_key_size);
 
        public_key_size = ldns_rdf_size(rdf) - offset;
        public_key_data = LDNS_XMALLOC(uint8_t, public_key_size);
+        if(!public_key_data) {
+                ldns_rdf_free(gateway);
+                return LDNS_STATUS_MEM_ERR;
+        }
        memcpy(public_key_data, &data[offset], public_key_size);
        public_key = ldns_rdf_new(LDNS_RDF_TYPE_B64, public_key_size, public_key_data);
        memcpy(public_key_data, &data[offset], public_key_size);
        public_key = ldns_rdf_new(LDNS_RDF_TYPE_B64, public_key_size, public_key_data);
+        if(!public_key) {
+                LDNS_FREE(public_key_data);
+                ldns_rdf_free(gateway);
+                return LDNS_STATUS_MEM_ERR;
+        }
 
        ldns_buffer_printf(output, "%u %u %u ", precedence, gateway_type, algorithm);
     if (gateway)
 
        ldns_buffer_printf(output, "%u %u %u ", precedence, gateway_type, algorithm);
     if (gateway)
@@ -1142,20 +1196,20 @@ ldns_rr2buffer_str(ldns_buffer *output, const ldns_rr *rr)
                                                flags = ldns_rdf2native_int16(ldns_rr_rdf(rr, 0));
                                                if (flags == 256 || flags == 384) {
                                                        ldns_buffer_printf(output,
                                                flags = ldns_rdf2native_int16(ldns_rr_rdf(rr, 0));
                                                if (flags == 256 || flags == 384) {
                                                        ldns_buffer_printf(output,
-                                                                       " ;{id = %d (zsk), size = %db}",
-                                                                       ldns_calc_keytag(rr),
+                                                                       " ;{id = %u (zsk), size = %db}",
+                                                                       (unsigned int) ldns_calc_keytag(rr),
                                                                        ldns_rr_dnskey_key_size(rr));
                                                        break;
                                                }
                                                if (flags == 257 || flags == 385) {
                                                        ldns_buffer_printf(output,
                                                                        ldns_rr_dnskey_key_size(rr));
                                                        break;
                                                }
                                                if (flags == 257 || flags == 385) {
                                                        ldns_buffer_printf(output,
-                                                                       " ;{id = %d (ksk), size = %db}",
-                                                                       ldns_calc_keytag(rr),
+                                                                       " ;{id = %u (ksk), size = %db}",
+                                                                       (unsigned int) ldns_calc_keytag(rr),
                                                                        ldns_rr_dnskey_key_size(rr));
                                                        break;
                                                }
                                                                        ldns_rr_dnskey_key_size(rr));
                                                        break;
                                                }
-                                               ldns_buffer_printf(output, " ;{id = %d, size = %db}",
-                                                               ldns_calc_keytag(rr),
+                                               ldns_buffer_printf(output, " ;{id = %u, size = %db}",
+                                                               (unsigned int) ldns_calc_keytag(rr),
                                                                ldns_rr_dnskey_key_size(rr));
                                        }
                                        break;
                                                                ldns_rr_dnskey_key_size(rr));
                                        }
                                        break;
@@ -1398,7 +1452,7 @@ ldns_gost_key2buffer_str(ldns_buffer *output, EVP_PKEY *p)
        ldns_buffer_printf(output, "GostAsn1: ");
 
        ret = i2d_PrivateKey(p, &pp);
        ldns_buffer_printf(output, "GostAsn1: ");
 
        ret = i2d_PrivateKey(p, &pp);
-       b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, ret, pp);
+       b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, (size_t)ret, pp);
        status = ldns_rdf2buffer_str(output, b64_bignum);
 
        ldns_rdf_deep_free(b64_bignum);
        status = ldns_rdf2buffer_str(output, b64_bignum);
 
        ldns_rdf_deep_free(b64_bignum);
@@ -1413,11 +1467,13 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
 {
        ldns_status status = LDNS_STATUS_OK;
        unsigned char  *bignum;
 {
        ldns_status status = LDNS_STATUS_OK;
        unsigned char  *bignum;
+#ifndef S_SPLINT_S
+       uint16_t i;
+#endif
 
 #ifdef HAVE_SSL
        /* not used when ssl is not defined */
        ldns_rdf *b64_bignum = NULL;
 
 #ifdef HAVE_SSL
        /* not used when ssl is not defined */
        ldns_rdf *b64_bignum = NULL;
-       uint16_t i;
 
        RSA *rsa;
        DSA *dsa;
 
        RSA *rsa;
        DSA *dsa;
@@ -1487,6 +1543,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
                                /* print to buf, convert to bin, convert to b64,
                                 * print to buf */
                                ldns_buffer_printf(output, "Modulus: ");
                                /* print to buf, convert to bin, convert to b64,
                                 * print to buf */
                                ldns_buffer_printf(output, "Modulus: ");
+#ifndef S_SPLINT_S
                                i = (uint16_t)BN_bn2bin(rsa->n, bignum);
                                if (i > LDNS_MAX_KEYLEN) {
                                        goto error;
                                i = (uint16_t)BN_bn2bin(rsa->n, bignum);
                                if (i > LDNS_MAX_KEYLEN) {
                                        goto error;
@@ -1604,6 +1661,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
                                } else {
                                        ldns_buffer_printf(output, "(Not available)\n");
                                }
                                } else {
                                        ldns_buffer_printf(output, "(Not available)\n");
                                }
+#endif /* splint */
 
                                RSA_free(rsa);
                                break;
 
                                RSA_free(rsa);
                                break;
@@ -1621,6 +1679,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
                                /* print to buf, convert to bin, convert to b64,
                                 * print to buf */
                                ldns_buffer_printf(output, "Prime(p): ");
                                /* print to buf, convert to bin, convert to b64,
                                 * print to buf */
                                ldns_buffer_printf(output, "Prime(p): ");
+#ifndef S_SPLINT_S
                                if (dsa->p) {
                                        i = (uint16_t)BN_bn2bin(dsa->p, bignum);
                                        if (i > LDNS_MAX_KEYLEN) {
                                if (dsa->p) {
                                        i = (uint16_t)BN_bn2bin(dsa->p, bignum);
                                        if (i > LDNS_MAX_KEYLEN) {
@@ -1699,13 +1758,21 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
                                } else {
                                        printf("(Not available)\n");
                                }
                                } else {
                                        printf("(Not available)\n");
                                }
+#endif /* splint */
                                break;
                        case LDNS_SIGN_ECC_GOST:
                                /* no format defined, use blob */
 #if defined(HAVE_SSL) && defined(USE_GOST)
                                ldns_buffer_printf(output, "Private-key-format: v1.2\n");
                                ldns_buffer_printf(output, "Algorithm: %d (ECC-GOST)\n", LDNS_SIGN_ECC_GOST);
                                break;
                        case LDNS_SIGN_ECC_GOST:
                                /* no format defined, use blob */
 #if defined(HAVE_SSL) && defined(USE_GOST)
                                ldns_buffer_printf(output, "Private-key-format: v1.2\n");
                                ldns_buffer_printf(output, "Algorithm: %d (ECC-GOST)\n", LDNS_SIGN_ECC_GOST);
-                               status = ldns_gost_key2buffer_str(output, k->_key.key);
+                               status = ldns_gost_key2buffer_str(output, 
+#ifndef S_SPLINT_S
+                                       k->_key.key
+#else
+                                       NULL
+#endif
+                               );
+
 #endif
                                break;
 #ifdef USE_ECDSA
 #endif
                                break;
 #ifdef USE_ECDSA
@@ -1713,7 +1780,8 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
                        case LDNS_SIGN_ECDSAP384SHA384:
                                 ldns_buffer_printf(output, "Private-key-format: v1.2\n");
                                ldns_buffer_printf(output, "Algorithm: %d (", ldns_key_algorithm(k));
                        case LDNS_SIGN_ECDSAP384SHA384:
                                 ldns_buffer_printf(output, "Private-key-format: v1.2\n");
                                ldns_buffer_printf(output, "Algorithm: %d (", ldns_key_algorithm(k));
-                                ldns_algorithm2buffer_str(output, ldns_key_algorithm(k));
+                                status=ldns_algorithm2buffer_str(output, (ldns_algorithm)ldns_key_algorithm(k));
+#ifndef S_SPLINT_S
                                ldns_buffer_printf(output, ")\n");
                                 if(k->_key.key) {
                                         EC_KEY* ec = EVP_PKEY_get1_EC_KEY(k->_key.key);
                                ldns_buffer_printf(output, ")\n");
                                 if(k->_key.key) {
                                         EC_KEY* ec = EVP_PKEY_get1_EC_KEY(k->_key.key);
@@ -1733,6 +1801,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
                                          * its still assigned to the PKEY */
                                         EC_KEY_free(ec);
                                 }
                                          * its still assigned to the PKEY */
                                         EC_KEY_free(ec);
                                 }
+#endif /* splint */
                                 break;
 #endif
                        case LDNS_SIGN_HMACMD5:
                                 break;
 #endif
                        case LDNS_SIGN_HMACMD5:
@@ -1796,6 +1865,9 @@ ldns_buffer2str(ldns_buffer *buffer)
 
        tmp_str = ldns_buffer_export(buffer);
        str = LDNS_XMALLOC(char, strlen(tmp_str) + 1);
 
        tmp_str = ldns_buffer_export(buffer);
        str = LDNS_XMALLOC(char, strlen(tmp_str) + 1);
+        if(!str) {
+                return NULL;
+        }
        memcpy(str, tmp_str, strlen(tmp_str) + 1);
 
        return str;
        memcpy(str, tmp_str, strlen(tmp_str) + 1);
 
        return str;
@@ -1807,11 +1879,13 @@ ldns_rdf2str(const ldns_rdf *rdf)
        char *result = NULL;
        ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
 
        char *result = NULL;
        ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
 
+       if (!tmp_buffer) {
+               return NULL;
+       }
        if (ldns_rdf2buffer_str(tmp_buffer, rdf) == LDNS_STATUS_OK) {
                /* export and return string, destroy rest */
                result = ldns_buffer2str(tmp_buffer);
        }
        if (ldns_rdf2buffer_str(tmp_buffer, rdf) == LDNS_STATUS_OK) {
                /* export and return string, destroy rest */
                result = ldns_buffer2str(tmp_buffer);
        }
-
        ldns_buffer_free(tmp_buffer);
        return result;
 }
        ldns_buffer_free(tmp_buffer);
        return result;
 }
@@ -1822,6 +1896,9 @@ ldns_rr2str(const ldns_rr *rr)
        char *result = NULL;
        ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
 
        char *result = NULL;
        ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
 
+       if (!tmp_buffer) {
+               return NULL;
+       }
        if (ldns_rr2buffer_str(tmp_buffer, rr) == LDNS_STATUS_OK) {
                /* export and return string, destroy rest */
                result = ldns_buffer2str(tmp_buffer);
        if (ldns_rr2buffer_str(tmp_buffer, rr) == LDNS_STATUS_OK) {
                /* export and return string, destroy rest */
                result = ldns_buffer2str(tmp_buffer);
@@ -1836,6 +1913,9 @@ ldns_pkt2str(const ldns_pkt *pkt)
        char *result = NULL;
        ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
 
        char *result = NULL;
        ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
 
+       if (!tmp_buffer) {
+               return NULL;
+       }
        if (ldns_pkt2buffer_str(tmp_buffer, pkt) == LDNS_STATUS_OK) {
                /* export and return string, destroy rest */
                result = ldns_buffer2str(tmp_buffer);
        if (ldns_pkt2buffer_str(tmp_buffer, pkt) == LDNS_STATUS_OK) {
                /* export and return string, destroy rest */
                result = ldns_buffer2str(tmp_buffer);
@@ -1850,6 +1930,10 @@ ldns_key2str(const ldns_key *k)
 {
        char *result = NULL;
        ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
 {
        char *result = NULL;
        ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
+
+       if (!tmp_buffer) {
+               return NULL;
+       }
        if (ldns_key2buffer_str(tmp_buffer, k) == LDNS_STATUS_OK) {
                /* export and return string, destroy rest */
                result = ldns_buffer2str(tmp_buffer);
        if (ldns_key2buffer_str(tmp_buffer, k) == LDNS_STATUS_OK) {
                /* export and return string, destroy rest */
                result = ldns_buffer2str(tmp_buffer);
@@ -1864,6 +1948,9 @@ ldns_rr_list2str(const ldns_rr_list *list)
        char *result = NULL;
        ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
 
        char *result = NULL;
        ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
 
+       if (!tmp_buffer) {
+               return NULL;
+       }
        if (list) {
                if (ldns_rr_list2buffer_str(tmp_buffer, list) == LDNS_STATUS_OK) {
                }
        if (list) {
                if (ldns_rr_list2buffer_str(tmp_buffer, list) == LDNS_STATUS_OK) {
                }
@@ -1954,7 +2041,9 @@ ldns_resolver_print(FILE *output, const ldns_resolver *r)
        fprintf(output, "trust anchors (%d listed):\n",
                (int)ldns_rr_list_rr_count(ldns_resolver_dnssec_anchors(r)));
        ldns_rr_list_print(output, ldns_resolver_dnssec_anchors(r));
        fprintf(output, "trust anchors (%d listed):\n",
                (int)ldns_rr_list_rr_count(ldns_resolver_dnssec_anchors(r)));
        ldns_rr_list_print(output, ldns_resolver_dnssec_anchors(r));
-       fprintf(output, "tsig: %s %s\n", ldns_resolver_tsig_keyname(r), ldns_resolver_tsig_algorithm(r));
+       fprintf(output, "tsig: %s %s\n",
+                ldns_resolver_tsig_keyname(r)?ldns_resolver_tsig_keyname(r):"-",
+                ldns_resolver_tsig_algorithm(r)?ldns_resolver_tsig_algorithm(r):"-");
        fprintf(output, "debug: %d\n", ldns_resolver_debug(r));
 
        fprintf(output, "default domain: ");
        fprintf(output, "debug: %d\n", ldns_resolver_debug(r));
 
        fprintf(output, "default domain: ");
index 93b017d..1ffb0f5 100644 (file)
@@ -75,7 +75,7 @@ ldns_rr_list2buffer_wire(ldns_buffer *buffer,const ldns_rr_list *rr_list)
 
        rr_count = ldns_rr_list_rr_count(rr_list);
        for(i = 0; i < rr_count; i++) {
 
        rr_count = ldns_rr_list_rr_count(rr_list);
        for(i = 0; i < rr_count; i++) {
-               ldns_rr2buffer_wire(buffer, ldns_rr_list_rr(rr_list, i), 
+               (void)ldns_rr2buffer_wire(buffer, ldns_rr_list_rr(rr_list, i), 
                                          LDNS_SECTION_ANY);
        }
        return ldns_buffer_status(buffer);
                                          LDNS_SECTION_ANY);
        }
        return ldns_buffer_status(buffer);
@@ -323,7 +323,7 @@ ldns_pkt2buffer_wire(ldns_buffer *buffer, const ldns_pkt *packet)
                (void)ldns_rr2buffer_wire(buffer, edns_rr, LDNS_SECTION_ADDITIONAL);
                /* take the edns rdata back out of the rr before we free rr */
                if (packet->_edns_data)
                (void)ldns_rr2buffer_wire(buffer, edns_rr, LDNS_SECTION_ADDITIONAL);
                /* take the edns rdata back out of the rr before we free rr */
                if (packet->_edns_data)
-                       ldns_rr_pop_rdf (edns_rr);
+                       (void)ldns_rr_pop_rdf (edns_rr);
                ldns_rr_free(edns_rr);
        }
        
                ldns_rr_free(edns_rr);
        }
        
index e0fffc7..c224cd6 100644 (file)
@@ -95,14 +95,21 @@ ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm
        ldns_key *k;
 
        k = ldns_key_new();
        ldns_key *k;
 
        k = ldns_key_new();
+        if(!k) return LDNS_STATUS_MEM_ERR;
+#ifndef S_SPLINT_S
        k->_key.key = ENGINE_load_private_key(e, key_id, UI_OpenSSL(), NULL);
        k->_key.key = ENGINE_load_private_key(e, key_id, UI_OpenSSL(), NULL);
+        if(!k->_key.key) {
+                ldns_key_free(k);
+                return LDNS_STATUS_ERR;
+        }
        ldns_key_set_algorithm(k, (ldns_signing_algorithm) alg);
        if (!k->_key.key) {
        ldns_key_set_algorithm(k, (ldns_signing_algorithm) alg);
        if (!k->_key.key) {
+                ldns_key_free(k);
                return LDNS_STATUS_ENGINE_KEY_NOT_LOADED;
                return LDNS_STATUS_ENGINE_KEY_NOT_LOADED;
-       } else {
-               *key = k;
-               return LDNS_STATUS_OK;
-       }
+       } 
+#endif /* splint */
+       *key = k;
+       return LDNS_STATUS_OK;
 }
 #endif
 
 }
 #endif
 
@@ -194,7 +201,7 @@ ldns_key_new_frm_fp_gost_l(FILE* fp, int* line_nr)
        if(ldns_str2rdf_b64(&b64rdf, token) != LDNS_STATUS_OK)
                return NULL;
        pp = (unsigned char*)ldns_rdf_data(b64rdf);
        if(ldns_str2rdf_b64(&b64rdf, token) != LDNS_STATUS_OK)
                return NULL;
        pp = (unsigned char*)ldns_rdf_data(b64rdf);
-       pkey = d2i_PrivateKey(gost_id, NULL, &pp, ldns_rdf_size(b64rdf));
+       pkey = d2i_PrivateKey(gost_id, NULL, &pp, (int)ldns_rdf_size(b64rdf));
        ldns_rdf_deep_free(b64rdf);
        return pkey;
 }
        ldns_rdf_deep_free(b64rdf);
        return pkey;
 }
@@ -253,7 +260,7 @@ ldns_key_new_frm_fp_ecdsa_l(FILE* fp, ldns_algorithm alg, int* line_nr)
                ldns_rdf_deep_free(b64rdf);
                 return NULL;
         }
                ldns_rdf_deep_free(b64rdf);
                 return NULL;
         }
-       bn = BN_bin2bn(pp, ldns_rdf_size(b64rdf), NULL);
+       bn = BN_bin2bn(pp, (int)ldns_rdf_size(b64rdf), NULL);
        ldns_rdf_deep_free(b64rdf);
         if(!bn) {
                 EC_KEY_free(ec);
        ldns_rdf_deep_free(b64rdf);
         if(!bn) {
                 EC_KEY_free(ec);
@@ -295,6 +302,8 @@ ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
 
        d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
        if (!k || !d) {
 
        d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
        if (!k || !d) {
+                ldns_key_free(k);
+                LDNS_FREE(d);
                return LDNS_STATUS_MEM_ERR;
        }
 
                return LDNS_STATUS_MEM_ERR;
        }
 
@@ -310,9 +319,13 @@ ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
        if (ldns_fget_keyword_data_l(fp, "Private-key-format", ": ", d, "\n",
                                LDNS_MAX_LINELEN, line_nr) == -1) {
                /* no version information */
        if (ldns_fget_keyword_data_l(fp, "Private-key-format", ": ", d, "\n",
                                LDNS_MAX_LINELEN, line_nr) == -1) {
                /* no version information */
+                ldns_key_free(k);
+                LDNS_FREE(d);
                return LDNS_STATUS_SYNTAX_ERR;
        }
        if (strncmp(d, "v1.2", strlen(d)) != 0) {
                return LDNS_STATUS_SYNTAX_ERR;
        }
        if (strncmp(d, "v1.2", strlen(d)) != 0) {
+                ldns_key_free(k);
+                LDNS_FREE(d);
                return LDNS_STATUS_SYNTAX_VERSION_ERR;
        }
 
                return LDNS_STATUS_SYNTAX_VERSION_ERR;
        }
 
@@ -321,6 +334,8 @@ ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
        if (ldns_fget_keyword_data_l(fp, "Algorithm", ": ", d, "\n",
                                LDNS_MAX_LINELEN, line_nr) == -1) {
                /* no alg information */
        if (ldns_fget_keyword_data_l(fp, "Algorithm", ": ", d, "\n",
                                LDNS_MAX_LINELEN, line_nr) == -1) {
                /* no alg information */
+                ldns_key_free(k);
+                LDNS_FREE(d);
                return LDNS_STATUS_SYNTAX_ALG_ERR;
        }
 
                return LDNS_STATUS_SYNTAX_ALG_ERR;
        }
 
@@ -372,10 +387,10 @@ ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
        }
 #ifdef USE_ECDSA
        if (strncmp(d, "13 ECDSAP256SHA256", 3) == 0) {
        }
 #ifdef USE_ECDSA
        if (strncmp(d, "13 ECDSAP256SHA256", 3) == 0) {
-                alg = LDNS_ECDSAP256SHA256;
+                alg = LDNS_SIGN_ECDSAP256SHA256;
         }
        if (strncmp(d, "14 ECDSAP384SHA384", 3) == 0) {
         }
        if (strncmp(d, "14 ECDSAP384SHA384", 3) == 0) {
-                alg = LDNS_ECDSAP384SHA384;
+                alg = LDNS_SIGN_ECDSAP384SHA384;
         }
 #endif
        if (strncmp(d, "157 HMAC-MD5", 4) == 0) {
         }
 #endif
        if (strncmp(d, "157 HMAC-MD5", 4) == 0) {
@@ -393,7 +408,7 @@ ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
        switch(alg) {
                case LDNS_SIGN_RSAMD5:
                case LDNS_SIGN_RSASHA1:
        switch(alg) {
                case LDNS_SIGN_RSAMD5:
                case LDNS_SIGN_RSASHA1:
-               case LDNS_RSASHA1_NSEC3:
+               case LDNS_SIGN_RSASHA1_NSEC3:
 #ifdef USE_SHA2
                case LDNS_SIGN_RSASHA256:
                case LDNS_SIGN_RSASHA512:
 #ifdef USE_SHA2
                case LDNS_SIGN_RSASHA256:
                case LDNS_SIGN_RSASHA512:
@@ -410,7 +425,7 @@ ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
 #endif /* HAVE_SSL */
                        break;
                case LDNS_SIGN_DSA:
 #endif /* HAVE_SSL */
                        break;
                case LDNS_SIGN_DSA:
-               case LDNS_DSA_NSEC3:
+               case LDNS_SIGN_DSA_NSEC3:
                        ldns_key_set_algorithm(k, alg);
 #ifdef HAVE_SSL
                        dsa = ldns_key_new_frm_fp_dsa_l(fp, line_nr);
                        ldns_key_set_algorithm(k, alg);
 #ifdef HAVE_SSL
                        dsa = ldns_key_new_frm_fp_dsa_l(fp, line_nr);
@@ -445,10 +460,12 @@ ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
                         }
                        ldns_key_set_evp_key(k, 
                                ldns_key_new_frm_fp_gost_l(fp, line_nr));
                         }
                        ldns_key_set_evp_key(k, 
                                ldns_key_new_frm_fp_gost_l(fp, line_nr));
+#ifndef S_SPLINT_S
                        if(!k->_key.key) {
                                ldns_key_free(k);
                                return LDNS_STATUS_ERR;
                        }
                        if(!k->_key.key) {
                                ldns_key_free(k);
                                return LDNS_STATUS_ERR;
                        }
+#endif /* splint */
 #endif
                        break;
 #ifdef USE_ECDSA
 #endif
                        break;
 #ifdef USE_ECDSA
@@ -456,15 +473,17 @@ ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
                case LDNS_SIGN_ECDSAP384SHA384:
                         ldns_key_set_algorithm(k, alg);
                         ldns_key_set_evp_key(k,
                case LDNS_SIGN_ECDSAP384SHA384:
                         ldns_key_set_algorithm(k, alg);
                         ldns_key_set_evp_key(k,
-                                ldns_key_new_frm_fp_ecdsa_l(fp, alg, line_nr));
+                                ldns_key_new_frm_fp_ecdsa_l(fp, (ldns_algorithm)alg, line_nr));
+#ifndef S_SPLINT_S
                        if(!k->_key.key) {
                                ldns_key_free(k);
                                return LDNS_STATUS_ERR;
                        }
                        if(!k->_key.key) {
                                ldns_key_free(k);
                                return LDNS_STATUS_ERR;
                        }
+#endif /* splint */
                        break;
 #endif
                        break;
 #endif
-               case 0:
                default:
                default:
+                       ldns_key_free(k);
                        return LDNS_STATUS_SYNTAX_ALG_ERR;
        }
        key_rr = ldns_key2rr(k);
                        return LDNS_STATUS_SYNTAX_ALG_ERR;
        }
        key_rr = ldns_key2rr(k);
@@ -522,7 +541,7 @@ ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr)
        buf = LDNS_XMALLOC(uint8_t, LDNS_MAX_LINELEN);
        rsa = RSA_new();
        if (!d || !rsa || !buf) {
        buf = LDNS_XMALLOC(uint8_t, LDNS_MAX_LINELEN);
        rsa = RSA_new();
        if (!d || !rsa || !buf) {
-               return NULL;
+                goto error;
        }
 
        /* I could use functions again, but that seems an overkill,
        }
 
        /* I could use functions again, but that seems an overkill,
@@ -534,6 +553,7 @@ ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr)
                goto error;
        }
        i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
                goto error;
        }
        i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
+#ifndef S_SPLINT_S
        rsa->n = BN_bin2bn((const char unsigned*)buf, i, NULL);
        if (!rsa->n) {
                goto error;
        rsa->n = BN_bin2bn((const char unsigned*)buf, i, NULL);
        if (!rsa->n) {
                goto error;
@@ -608,6 +628,7 @@ ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr)
        if (!rsa->iqmp) {
                goto error;
        }
        if (!rsa->iqmp) {
                goto error;
        }
+#endif /* splint */
 
        LDNS_FREE(buf);
        LDNS_FREE(d);
 
        LDNS_FREE(buf);
        LDNS_FREE(d);
@@ -639,8 +660,8 @@ ldns_key_new_frm_fp_dsa_l(FILE *f, int *line_nr)
        d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
        buf = LDNS_XMALLOC(uint8_t, LDNS_MAX_LINELEN);
        dsa = DSA_new();
        d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
        buf = LDNS_XMALLOC(uint8_t, LDNS_MAX_LINELEN);
        dsa = DSA_new();
-       if (!d || !dsa) {
-               return NULL;
+       if (!d || !dsa || !buf) {
+                goto error;
        }
 
        /* the line parser removes the () from the input... */
        }
 
        /* the line parser removes the () from the input... */
@@ -650,6 +671,7 @@ ldns_key_new_frm_fp_dsa_l(FILE *f, int *line_nr)
                goto error;
        }
        i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
                goto error;
        }
        i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
+#ifndef S_SPLINT_S
        dsa->p = BN_bin2bn((const char unsigned*)buf, i, NULL);
        if (!dsa->p) {
                goto error;
        dsa->p = BN_bin2bn((const char unsigned*)buf, i, NULL);
        if (!dsa->p) {
                goto error;
@@ -694,6 +716,7 @@ ldns_key_new_frm_fp_dsa_l(FILE *f, int *line_nr)
        if (!dsa->pub_key) {
                goto error;
        }
        if (!dsa->pub_key) {
                goto error;
        }
+#endif /* splint */
 
        LDNS_FREE(buf);
        LDNS_FREE(d);
 
        LDNS_FREE(buf);
        LDNS_FREE(d);
@@ -703,6 +726,7 @@ ldns_key_new_frm_fp_dsa_l(FILE *f, int *line_nr)
 error:
        LDNS_FREE(d);
        LDNS_FREE(buf);
 error:
        LDNS_FREE(d);
        LDNS_FREE(buf);
+        DSA_free(dsa);
        return NULL;
 }
 
        return NULL;
 }
 
@@ -723,6 +747,9 @@ ldns_key_new_frm_fp_hmac_l(FILE *f, int *line_nr, size_t *hmac_size)
 
        d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
        buf = LDNS_XMALLOC(unsigned char, LDNS_MAX_LINELEN);
 
        d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
        buf = LDNS_XMALLOC(unsigned char, LDNS_MAX_LINELEN);
+        if(!d || !buf) {
+                goto error;
+        }
 
        if (ldns_fget_keyword_data_l(f, "Key", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
                goto error;
 
        if (ldns_fget_keyword_data_l(f, "Key", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
                goto error;
@@ -804,7 +831,12 @@ ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
                case LDNS_SIGN_RSASHA512:
 #ifdef HAVE_SSL
                        r = RSA_generate_key((int)size, RSA_F4, NULL, NULL);
                case LDNS_SIGN_RSASHA512:
 #ifdef HAVE_SSL
                        r = RSA_generate_key((int)size, RSA_F4, NULL, NULL);
+                        if(!r) {
+                               ldns_key_free(k);
+                               return NULL;
+                       }
                        if (RSA_check_key(r) != 1) {
                        if (RSA_check_key(r) != 1) {
+                               ldns_key_free(k);
                                return NULL;
                        }
 
                                return NULL;
                        }
 
@@ -816,9 +848,11 @@ ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
 #ifdef HAVE_SSL
                        d = DSA_generate_parameters((int)size, NULL, 0, NULL, NULL, NULL, NULL);
                        if (!d) {
 #ifdef HAVE_SSL
                        d = DSA_generate_parameters((int)size, NULL, 0, NULL, NULL, NULL, NULL);
                        if (!d) {
+                               ldns_key_free(k);
                                return NULL;
                        }
                        if (DSA_generate_key(d) != 1) {
                                return NULL;
                        }
                        if (DSA_generate_key(d) != 1) {
+                               ldns_key_free(k);
                                return NULL;
                        }
                        ldns_key_set_dsa_key(k, d);
                                return NULL;
                        }
                        ldns_key_set_dsa_key(k, d);
@@ -828,12 +862,18 @@ ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
                case LDNS_SIGN_HMACSHA1:
                case LDNS_SIGN_HMACSHA256:
 #ifdef HAVE_SSL
                case LDNS_SIGN_HMACSHA1:
                case LDNS_SIGN_HMACSHA256:
 #ifdef HAVE_SSL
+#ifndef S_SPLINT_S
                        k->_key.key = NULL;
                        k->_key.key = NULL;
+#endif /* splint */
 #endif /* HAVE_SSL */
                        size = size / 8;
                        ldns_key_set_hmac_size(k, size);
 
                        hmac = LDNS_XMALLOC(unsigned char, size);
 #endif /* HAVE_SSL */
                        size = size / 8;
                        ldns_key_set_hmac_size(k, size);
 
                        hmac = LDNS_XMALLOC(unsigned char, size);
+                        if(!hmac) {
+                               ldns_key_free(k);
+                               return NULL;
+                        }
 #ifdef HAVE_SSL
                        if (RAND_bytes(hmac, (int) size) != 1) {
                                LDNS_FREE(hmac);
 #ifdef HAVE_SSL
                        if (RAND_bytes(hmac, (int) size) != 1) {
                                LDNS_FREE(hmac);
@@ -858,26 +898,39 @@ ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
                case LDNS_SIGN_ECC_GOST:
 #if defined(HAVE_SSL) && defined(USE_GOST)
                        ldns_key_set_evp_key(k, ldns_gen_gost_key());
                case LDNS_SIGN_ECC_GOST:
 #if defined(HAVE_SSL) && defined(USE_GOST)
                        ldns_key_set_evp_key(k, ldns_gen_gost_key());
+#ifndef S_SPLINT_S
+                        if(!k->_key.key) {
+                                ldns_key_free(k);
+                                return NULL;
+                        }
+#endif /* splint */
 #endif /* HAVE_SSL and USE_GOST */
                         break;
 #ifdef USE_ECDSA
 #endif /* HAVE_SSL and USE_GOST */
                         break;
 #ifdef USE_ECDSA
-                case LDNS_ECDSAP256SHA256:
-                case LDNS_ECDSAP384SHA384:
-                        if(alg == LDNS_ECDSAP256SHA256)
+                case LDNS_SIGN_ECDSAP256SHA256:
+                case LDNS_SIGN_ECDSAP384SHA384:
+                        if(alg == LDNS_SIGN_ECDSAP256SHA256)
                                 ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
                                 ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
-                        else if(alg == LDNS_ECDSAP384SHA384)
+                        else if(alg == LDNS_SIGN_ECDSAP384SHA384)
                                 ec = EC_KEY_new_by_curve_name(NID_secp384r1);
                                 ec = EC_KEY_new_by_curve_name(NID_secp384r1);
-                        if(!ec) return NULL;
+                        if(!ec) {
+                                ldns_key_free(k);
+                                return NULL;
+                        }
                         if(!EC_KEY_generate_key(ec)) {
                         if(!EC_KEY_generate_key(ec)) {
+                                ldns_key_free(k);
                                 EC_KEY_free(ec);
                                 return NULL;
                         }
                                 EC_KEY_free(ec);
                                 return NULL;
                         }
+#ifndef S_SPLINT_S
                         k->_key.key = EVP_PKEY_new();
                         if(!k->_key.key) {
                         k->_key.key = EVP_PKEY_new();
                         if(!k->_key.key) {
+                                ldns_key_free(k);
                                 EC_KEY_free(ec);
                                 return NULL;
                         }
                         EVP_PKEY_assign_EC_KEY(k->_key.key, ec);
                                 EC_KEY_free(ec);
                                 return NULL;
                         }
                         EVP_PKEY_assign_EC_KEY(k->_key.key, ec);
+#endif /* splint */
                        break;
 #endif
        }
                        break;
 #endif
        }
@@ -911,6 +964,7 @@ ldns_key_set_flags(ldns_key *k, uint16_t f)
 }
 
 #ifdef HAVE_SSL
 }
 
 #ifdef HAVE_SSL
+#ifndef S_SPLINT_S
 void
 ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e)
 {
 void
 ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e)
 {
@@ -932,6 +986,7 @@ ldns_key_set_dsa_key(ldns_key *k, DSA *d)
        EVP_PKEY_set1_DSA(key, d);
        k->_key.key  = key;
 }
        EVP_PKEY_set1_DSA(key, d);
        k->_key.key  = key;
 }
+#endif /* splint */
 #endif /* HAVE_SSL */
 
 void
 #endif /* HAVE_SSL */
 
 void
@@ -1023,6 +1078,7 @@ ldns_key_use(const ldns_key *k)
 }
 
 #ifdef HAVE_SSL
 }
 
 #ifdef HAVE_SSL
+#ifndef S_SPLINT_S
 EVP_PKEY *
 ldns_key_evp_key(const ldns_key *k)
 {
 EVP_PKEY *
 ldns_key_evp_key(const ldns_key *k)
 {
@@ -1048,6 +1104,7 @@ ldns_key_dsa_key(const ldns_key *k)
                return NULL;
        }
 }
                return NULL;
        }
 }
+#endif /* splint */
 #endif /* HAVE_SSL */
 
 unsigned char *
 #endif /* HAVE_SSL */
 
 unsigned char *
@@ -1156,6 +1213,7 @@ ldns_key *
 ldns_key_list_pop_key(ldns_key_list *key_list)
 {                               
         size_t key_count;
 ldns_key_list_pop_key(ldns_key_list *key_list)
 {                               
         size_t key_count;
+        ldns_key** a;
         ldns_key *pop;
 
        if (!key_list) {
         ldns_key *pop;
 
        if (!key_list) {
@@ -1170,8 +1228,10 @@ ldns_key_list_pop_key(ldns_key_list *key_list)
         pop = ldns_key_list_key(key_list, key_count);
         
         /* shrink the array */
         pop = ldns_key_list_key(key_list, key_count);
         
         /* shrink the array */
-        key_list->_keys = LDNS_XREALLOC(
-                key_list->_keys, ldns_key *, key_count - 1);
+        a = LDNS_XREALLOC(key_list->_keys, ldns_key *, key_count - 1);
+        if(a) {
+                key_list->_keys = a;
+        }
 
         ldns_key_list_set_key_count(key_list, key_count - 1);
 
 
         ldns_key_list_set_key_count(key_list, key_count - 1);
 
@@ -1179,6 +1239,8 @@ ldns_key_list_pop_key(ldns_key_list *key_list)
 }       
 
 #ifdef HAVE_SSL
 }       
 
 #ifdef HAVE_SSL
+#ifndef S_SPLINT_S
+/* data pointer must be large enough (LDNS_MAX_KEYLEN) */
 static bool
 ldns_key_rsa2bin(unsigned char *data, RSA *k, uint16_t *size)
 {
 static bool
 ldns_key_rsa2bin(unsigned char *data, RSA *k, uint16_t *size)
 {
@@ -1210,6 +1272,7 @@ ldns_key_rsa2bin(unsigned char *data, RSA *k, uint16_t *size)
        return true;
 }
 
        return true;
 }
 
+/* data pointer must be large enough (LDNS_MAX_KEYLEN) */
 static bool
 ldns_key_dsa2bin(unsigned char *data, DSA *k, uint16_t *size)
 {
 static bool
 ldns_key_dsa2bin(unsigned char *data, DSA *k, uint16_t *size)
 {
@@ -1259,6 +1322,7 @@ ldns_key_gost2bin(unsigned char* data, EVP_PKEY* k, uint16_t* size)
        return true;
 }
 #endif /* USE_GOST */
        return true;
 }
 #endif /* USE_GOST */
+#endif /* splint */
 #endif /* HAVE_SSL */
 
 ldns_rr *
 #endif /* HAVE_SSL */
 
 ldns_rr *
@@ -1311,11 +1375,11 @@ ldns_key2rr(const ldns_key *k)
 
        /* third - da algorithm */
        switch(ldns_key_algorithm(k)) {
 
        /* third - da algorithm */
        switch(ldns_key_algorithm(k)) {
-               case LDNS_RSAMD5:
-               case LDNS_RSASHA1:
-               case LDNS_RSASHA1_NSEC3:
-               case LDNS_RSASHA256:
-               case LDNS_RSASHA512:
+               case LDNS_SIGN_RSAMD5:
+               case LDNS_SIGN_RSASHA1:
+               case LDNS_SIGN_RSASHA1_NSEC3:
+               case LDNS_SIGN_RSASHA256:
+               case LDNS_SIGN_RSASHA512:
                        ldns_rr_push_rdf(pubkey,
                                                  ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
 #ifdef HAVE_SSL
                        ldns_rr_push_rdf(pubkey,
                                                  ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
 #ifdef HAVE_SSL
@@ -1323,9 +1387,12 @@ ldns_key2rr(const ldns_key *k)
                        if (rsa) {
                                bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
                                if (!bin) {
                        if (rsa) {
                                bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
                                if (!bin) {
+                                        ldns_rr_free(pubkey);
                                        return NULL;
                                }
                                if (!ldns_key_rsa2bin(bin, rsa, &size)) {
                                        return NULL;
                                }
                                if (!ldns_key_rsa2bin(bin, rsa, &size)) {
+                                       LDNS_FREE(bin);
+                                        ldns_rr_free(pubkey);
                                        return NULL;
                                }
                                RSA_free(rsa);
                                        return NULL;
                                }
                                RSA_free(rsa);
@@ -1342,9 +1409,12 @@ ldns_key2rr(const ldns_key *k)
                        if (dsa) {
                                bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
                                if (!bin) {
                        if (dsa) {
                                bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
                                if (!bin) {
+                                        ldns_rr_free(pubkey);
                                        return NULL;
                                }
                                if (!ldns_key_dsa2bin(bin, dsa, &size)) {
                                        return NULL;
                                }
                                if (!ldns_key_dsa2bin(bin, dsa, &size)) {
+                                       LDNS_FREE(bin);
+                                        ldns_rr_free(pubkey);
                                        return NULL;
                                }
                                DSA_free(dsa);
                                        return NULL;
                                }
                                DSA_free(dsa);
@@ -1352,7 +1422,7 @@ ldns_key2rr(const ldns_key *k)
                        }
 #endif /* HAVE_SSL */
                        break;
                        }
 #endif /* HAVE_SSL */
                        break;
-               case LDNS_DSA_NSEC3:
+               case LDNS_SIGN_DSA_NSEC3:
                        ldns_rr_push_rdf(pubkey,
                                        ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA_NSEC3));
 #ifdef HAVE_SSL
                        ldns_rr_push_rdf(pubkey,
                                        ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA_NSEC3));
 #ifdef HAVE_SSL
@@ -1360,9 +1430,12 @@ ldns_key2rr(const ldns_key *k)
                        if (dsa) {
                                bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
                                if (!bin) {
                        if (dsa) {
                                bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
                                if (!bin) {
+                                        ldns_rr_free(pubkey);
                                        return NULL;
                                }
                                if (!ldns_key_dsa2bin(bin, dsa, &size)) {
                                        return NULL;
                                }
                                if (!ldns_key_dsa2bin(bin, dsa, &size)) {
+                                       LDNS_FREE(bin);
+                                        ldns_rr_free(pubkey);
                                        return NULL;
                                }
                                DSA_free(dsa);
                                        return NULL;
                                }
                                DSA_free(dsa);
@@ -1375,11 +1448,17 @@ ldns_key2rr(const ldns_key *k)
                                LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
 #if defined(HAVE_SSL) && defined(USE_GOST)
                        bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
                                LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
 #if defined(HAVE_SSL) && defined(USE_GOST)
                        bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
-                       if (!bin) 
+                       if (!bin) {
+                                ldns_rr_free(pubkey);
                                return NULL;
                                return NULL;
+                        }
+#ifndef S_SPLINT_S
                        if (!ldns_key_gost2bin(bin, k->_key.key, &size)) {
                        if (!ldns_key_gost2bin(bin, k->_key.key, &size)) {
+                               LDNS_FREE(bin);
+                                ldns_rr_free(pubkey);
                                return NULL;
                        }
                                return NULL;
                        }
+#endif /* splint */
                        internal_data = 1;
 #endif /* HAVE_SSL and USE_GOST */
                        break;
                        internal_data = 1;
 #endif /* HAVE_SSL and USE_GOST */
                        break;
@@ -1389,11 +1468,16 @@ ldns_key2rr(const ldns_key *k)
                        ldns_rr_push_rdf(pubkey, ldns_native2rdf_int8(
                                LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
                         bin = NULL;
                        ldns_rr_push_rdf(pubkey, ldns_native2rdf_int8(
                                LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
                         bin = NULL;
+#ifndef S_SPLINT_S
                         ec = EVP_PKEY_get1_EC_KEY(k->_key.key);
                         ec = EVP_PKEY_get1_EC_KEY(k->_key.key);
+#endif
                         EC_KEY_set_conv_form(ec, POINT_CONVERSION_UNCOMPRESSED);
                         EC_KEY_set_conv_form(ec, POINT_CONVERSION_UNCOMPRESSED);
-                        size = i2o_ECPublicKey(ec, NULL);
-                        if(!i2o_ECPublicKey(ec, &bin))
+                        size = (uint16_t)i2o_ECPublicKey(ec, NULL);
+                        if(!i2o_ECPublicKey(ec, &bin)) {
+                                EC_KEY_free(ec);
+                                ldns_rr_free(pubkey);
                                 return NULL;
                                 return NULL;
+                        }
                        if(size > 1) {
                                /* move back one byte to shave off the 0x02
                                 * 'uncompressed' indicator that openssl made
                        if(size > 1) {
                                /* move back one byte to shave off the 0x02
                                 * 'uncompressed' indicator that openssl made
@@ -1414,6 +1498,7 @@ ldns_key2rr(const ldns_key *k)
                case LDNS_SIGN_HMACSHA256:
                        bin = LDNS_XMALLOC(unsigned char, ldns_key_hmac_size(k));
                        if (!bin) {
                case LDNS_SIGN_HMACSHA256:
                        bin = LDNS_XMALLOC(unsigned char, ldns_key_hmac_size(k));
                        if (!bin) {
+                                ldns_rr_free(pubkey);
                                return NULL;
                        }
                        ldns_rr_push_rdf(pubkey,
                                return NULL;
                        }
                        ldns_rr_push_rdf(pubkey,
@@ -1477,6 +1562,9 @@ ldns_read_anchor_file(const char *filename)
        size_t i = 0;
        ldns_rr *r;
        ldns_status status;
        size_t i = 0;
        ldns_rr *r;
        ldns_status status;
+        if(!line) {
+                return NULL;
+        }
 
        fp = fopen(filename, "r");
        if (!fp) {
 
        fp = fopen(filename, "r");
        if (!fp) {
@@ -1485,7 +1573,7 @@ ldns_read_anchor_file(const char *filename)
                return NULL;
        }
        
                return NULL;
        }
        
-       while ((c = fgetc(fp)) && i < LDNS_MAX_PACKETLEN && c != EOF) {
+       while ((c = fgetc(fp)) && i+1 < LDNS_MAX_PACKETLEN && c != EOF) {
                line[i] = c;
                i++;
        }
                line[i] = c;
                i++;
        }
index 1a927d2..687a6a2 100644 (file)
@@ -626,7 +626,7 @@ void ldns_pkt_set_size(ldns_pkt *p, size_t s);
  * \param[in] p the packet
  * \param[in] timeval the timestamp
  */
  * \param[in] p the packet
  * \param[in] timeval the timestamp
  */
-void ldns_pkt_set_timestamp(ldns_pkt *p, struct timeval);
+void ldns_pkt_set_timestamp(ldns_pkt *p, struct timeval timeval);
 /**
  * Set a packet's section count to x
  * \param[in] p the packet
 /**
  * Set a packet's section count to x
  * \param[in] p the packet
index 2d5af88..90dcbf1 100644 (file)
@@ -113,11 +113,16 @@ typedef enum ldns_enum_rdf_type ldns_rdf_type;
  */
 enum ldns_enum_cert_algorithm
 {
  */
 enum ldns_enum_cert_algorithm
 {
-       LDNS_CERT_PKIX          = 1,
-       LDNS_CERT_SPKI          = 2,
-       LDNS_CERT_PGP           = 3,
-       LDNS_CERT_URI           = 253,
-       LDNS_CERT_OID           = 254
+        LDNS_CERT_PKIX         = 1,
+        LDNS_CERT_SPKI         = 2,
+        LDNS_CERT_PGP          = 3,
+        LDNS_CERT_IPKIX         = 4,
+        LDNS_CERT_ISPKI         = 5,
+        LDNS_CERT_IPGP          = 6,
+        LDNS_CERT_ACPKIX        = 7,
+        LDNS_CERT_IACPKIX       = 8,
+        LDNS_CERT_URI          = 253,
+        LDNS_CERT_OID          = 254
 };
 typedef enum ldns_enum_cert_algorithm ldns_cert_algorithm;
 
 };
 typedef enum ldns_enum_cert_algorithm ldns_cert_algorithm;
 
index 4ce666a..676045f 100644 (file)
@@ -46,12 +46,23 @@ char *ldns_tsig_keydata_clone(ldns_tsig_credentials *);
  * \param[in] key_name the name of the shared key
  * \param[in] key_data the key in base 64 format
  * \param[in] mac original mac
  * \param[in] key_name the name of the shared key
  * \param[in] key_data the key in base 64 format
  * \param[in] mac original mac
- * \param[in] tsig_timers_only must be zero for the first packet and positive for subsequent packets. If zero, all digest
-   components are used to verify the _mac. If non-zero, only the TSIG timers are used to verify the mac.
  * \return true if tsig is correct, false if not, or if tsig is not set
  */
 bool ldns_pkt_tsig_verify(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac);
 
  * \return true if tsig is correct, false if not, or if tsig is not set
  */
 bool ldns_pkt_tsig_verify(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac);
 
+/**
+ * verifies the tsig rr for the given packet and key.
+ * The wire must be given too because tsig does not sign normalized packets.
+ * \param[in] pkt the packet to verify
+ * \param[in] wire needed to verify the mac
+ * \param[in] wire_size size of wire
+ * \param[in] key_name the name of the shared key
+ * \param[in] key_data the key in base 64 format
+ * \param[in] mac original mac
+ * \param[in] tsig_timers_only must be zero for the first packet and positive for subsequent packets. If zero, all digest
+   components are used to verify the _mac. If non-zero, only the TSIG timers are used to verify the mac.
+ * \return true if tsig is correct, false if not, or if tsig is not set
+ */
 bool ldns_pkt_tsig_verify_next(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac,
     int tsig_timers_only);
 
 bool ldns_pkt_tsig_verify_next(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac,
     int tsig_timers_only);
 
@@ -63,13 +74,23 @@ bool ldns_pkt_tsig_verify_next(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, c
  * \param[in] fudge seconds of error permitted in time signed
  * \param[in] algorithm_name the name of the algorithm used
  * \param[in] query_mac is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers)
  * \param[in] fudge seconds of error permitted in time signed
  * \param[in] algorithm_name the name of the algorithm used
  * \param[in] query_mac is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers)
- * \param[in] tsig_timers_only must be zero for the first packet and positive for subsequent packets. If zero, all digest
-   components are used to create the query_mac. If non-zero, only the TSIG timers are used to create the query_mac.
  * \return status (OK if success)
  */
 ldns_status ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge,
     const char *algorithm_name, ldns_rdf *query_mac);
 
  * \return status (OK if success)
  */
 ldns_status ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge,
     const char *algorithm_name, ldns_rdf *query_mac);
 
+/**
+ * creates a tsig rr for the given packet and key.
+ * \param[in] pkt the packet to sign
+ * \param[in] key_name the name of the shared key
+ * \param[in] key_data the key in base 64 format
+ * \param[in] fudge seconds of error permitted in time signed
+ * \param[in] algorithm_name the name of the algorithm used
+ * \param[in] query_mac is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers)
+ * \param[in] tsig_timers_only must be zero for the first packet and positive for subsequent packets. If zero, all digest
+   components are used to create the query_mac. If non-zero, only the TSIG timers are used to create the query_mac.
+ * \return status (OK if success)
+ */
 ldns_status ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge,
     const char *algorithm_name, ldns_rdf *query_mac, int tsig_timers_only);
 
 ldns_status ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge,
     const char *algorithm_name, ldns_rdf *query_mac, int tsig_timers_only);
 
index 1b06754..bf8766b 100644 (file)
@@ -267,8 +267,10 @@ ldns_sock_wait(int sockfd, struct timeval timeout, int write)
 {
        fd_set fds;
        int ret;
 {
        fd_set fds;
        int ret;
+#ifndef S_SPLINT_S
        FD_ZERO(&fds);
        FD_SET(FD_SET_T sockfd, &fds);
        FD_ZERO(&fds);
        FD_SET(FD_SET_T sockfd, &fds);
+#endif
        if(write)
                ret = select(sockfd+1, NULL, &fds, NULL, &timeout);
        else
        if(write)
                ret = select(sockfd+1, NULL, &fds, NULL, &timeout);
        else
@@ -305,6 +307,11 @@ ldns_udp_send(uint8_t **result, ldns_buffer *qbin, const struct sockaddr_storage
                return LDNS_STATUS_NETWORK_ERR;
        }
 
                return LDNS_STATUS_NETWORK_ERR;
        }
 
+        /* set to nonblocking, so if the checksum is bad, it becomes
+         * an EGAIN error and the ldns_udp_send function does not block,
+         * but returns a 'NETWORK_ERROR' much like a timeout. */
+        ldns_sock_nonblock(sockfd);
+
        answer = ldns_udp_read_wire(sockfd, answer_size, NULL, NULL);
 #ifndef USE_WINSOCK
        close(sockfd);
        answer = ldns_udp_read_wire(sockfd, answer_size, NULL, NULL);
 #ifndef USE_WINSOCK
        close(sockfd);
@@ -546,6 +553,10 @@ ldns_tcp_read_wire_timeout(int sockfd, size_t *size, struct timeval timeout)
        
        LDNS_FREE(wire);
        wire = LDNS_XMALLOC(uint8_t, wire_size);
        
        LDNS_FREE(wire);
        wire = LDNS_XMALLOC(uint8_t, wire_size);
+       if (!wire) {
+               *size = 0;
+               return NULL;
+       }
        bytes = 0;
 
        while (bytes < (ssize_t) wire_size) {
        bytes = 0;
 
        while (bytes < (ssize_t) wire_size) {
@@ -596,6 +607,10 @@ ldns_tcp_read_wire(int sockfd, size_t *size)
        
        LDNS_FREE(wire);
        wire = LDNS_XMALLOC(uint8_t, wire_size);
        
        LDNS_FREE(wire);
        wire = LDNS_XMALLOC(uint8_t, wire_size);
+       if (!wire) {
+               *size = 0;
+               return NULL;
+       }
        bytes = 0;
 
        while (bytes < (ssize_t) wire_size) {
        bytes = 0;
 
        while (bytes < (ssize_t) wire_size) {
@@ -642,8 +657,11 @@ ldns_tcp_send(uint8_t **result,  ldns_buffer *qbin, const struct sockaddr_storag
        }
 
        /* resize accordingly */
        }
 
        /* resize accordingly */
-       answer = (uint8_t*)LDNS_XREALLOC(answer, uint8_t *, (size_t)*answer_size);
-       *result = answer;
+       *result = (uint8_t*)LDNS_XREALLOC(answer, uint8_t *, (size_t)*answer_size);
+        if(!*result) {
+                LDNS_FREE(answer);
+                return LDNS_STATUS_MEM_ERR;
+        }
        return LDNS_STATUS_OK;
 }
 
        return LDNS_STATUS_OK;
 }
 
@@ -805,6 +823,18 @@ ldns_axfr_start(ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class class)
          * Is this necessary?
          */
         query_wire = ldns_buffer_new(LDNS_MAX_PACKETLEN);
          * Is this necessary?
          */
         query_wire = ldns_buffer_new(LDNS_MAX_PACKETLEN);
+        if(!query_wire) {
+                ldns_pkt_free(query);
+                LDNS_FREE(ns);
+#ifndef USE_WINSOCK
+               close(resolver->_socket);
+#else
+               closesocket(resolver->_socket);
+#endif
+               resolver->_socket = 0;
+
+                return LDNS_STATUS_MEM_ERR;
+        }
         status = ldns_pkt2buffer_wire(query_wire, query);
         if (status != LDNS_STATUS_OK) {
                 ldns_pkt_free(query);
         status = ldns_pkt2buffer_wire(query_wire, query);
         if (status != LDNS_STATUS_OK) {
                 ldns_pkt_free(query);
index 9e11975..0487873 100644 (file)
@@ -183,6 +183,8 @@ ldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_del, char *
        char *fkeyword;
        ssize_t i;
 
        char *fkeyword;
        ssize_t i;
 
+       if(strlen(keyword) >= LDNS_MAX_KEYWORDLEN)
+               return -1;
        fkeyword = LDNS_XMALLOC(char, LDNS_MAX_KEYWORDLEN);
        if(!fkeyword)
                return -1;
        fkeyword = LDNS_XMALLOC(char, LDNS_MAX_KEYWORDLEN);
        if(!fkeyword)
                return -1;
@@ -416,6 +418,8 @@ ldns_bget_keyword_data(ldns_buffer *b, const char *keyword, const char *k_del, c
        char *fkeyword;
        ssize_t i;
 
        char *fkeyword;
        ssize_t i;
 
+       if(strlen(keyword) >= LDNS_MAX_KEYWORDLEN)
+               return -1;
        fkeyword = LDNS_XMALLOC(char, LDNS_MAX_KEYWORDLEN);
        if(!fkeyword)
                return -1; /* out of memory */
        fkeyword = LDNS_XMALLOC(char, LDNS_MAX_KEYWORDLEN);
        if(!fkeyword)
                return -1; /* out of memory */
index 9177775..217e61d 100644 (file)
@@ -629,7 +629,7 @@ ldns_rbtree_split(ldns_rbtree_t *tree,
        cur_node = ldns_rbtree_first(tree);
        while (count < elements && cur_node != LDNS_RBTREE_NULL) {
                move_node = ldns_rbtree_delete(tree, cur_node->key);
        cur_node = ldns_rbtree_first(tree);
        while (count < elements && cur_node != LDNS_RBTREE_NULL) {
                move_node = ldns_rbtree_delete(tree, cur_node->key);
-               ldns_rbtree_insert(new_tree, move_node);
+               (void)ldns_rbtree_insert(new_tree, move_node);
                cur_node = ldns_rbtree_first(tree);
                count++;
        }
                cur_node = ldns_rbtree_first(tree);
                count++;
        }
index 37e36e6..8af16a1 100644 (file)
@@ -483,7 +483,7 @@ ldns_rdf_address_reverse(ldns_rdf *rd)
                                LDNS_FREE(char_dname);
                                return NULL;
                        }
                                LDNS_FREE(char_dname);
                                return NULL;
                        }
-               
+
                        /* convert rev to a string */
                        ret_dname = ldns_dname_new_frm_str(char_dname);
                        LDNS_FREE(char_dname);
                        /* convert rev to a string */
                        ret_dname = ldns_dname_new_frm_str(char_dname);
                        LDNS_FREE(char_dname);
@@ -497,7 +497,7 @@ ldns_rdf_address_reverse(ldns_rdf *rd)
        }
        /* add the suffix */
        rev = ldns_dname_cat_clone(ret_dname, in_addr);
        }
        /* add the suffix */
        rev = ldns_dname_cat_clone(ret_dname, in_addr);
-       
+
        ldns_rdf_deep_free(ret_dname);
        ldns_rdf_deep_free(in_addr);
        return rev;
        ldns_rdf_deep_free(ret_dname);
        ldns_rdf_deep_free(in_addr);
        return rev;
index db238c3..735e6f1 100644 (file)
@@ -256,8 +256,10 @@ ldns_resolver_pop_nameserver(ldns_resolver *r)
        nameservers = LDNS_XREALLOC(nameservers, ldns_rdf *, (ns_count - 1));
        rtt = LDNS_XREALLOC(rtt, size_t, (ns_count - 1));
 
        nameservers = LDNS_XREALLOC(nameservers, ldns_rdf *, (ns_count - 1));
        rtt = LDNS_XREALLOC(rtt, size_t, (ns_count - 1));
 
-       ldns_resolver_set_nameservers(r, nameservers);
-       ldns_resolver_set_rtt(r, rtt);
+        if(nameservers)
+               ldns_resolver_set_nameservers(r, nameservers);
+        if(rtt)
+               ldns_resolver_set_rtt(r, rtt);
        /* decr the count */
        ldns_resolver_dec_nameserver_count(r);
        return pop;
        /* decr the count */
        ldns_resolver_dec_nameserver_count(r);
        return pop;
@@ -280,13 +282,26 @@ ldns_resolver_push_nameserver(ldns_resolver *r, ldns_rdf *n)
        rtt = ldns_resolver_rtt(r);
 
        /* make room for the next one */
        rtt = ldns_resolver_rtt(r);
 
        /* make room for the next one */
-       nameservers = LDNS_XREALLOC(nameservers, ldns_rdf *, (ns_count + 1));
-       /* don't forget the rtt */
-       rtt = LDNS_XREALLOC(rtt, size_t, (ns_count + 1));
+       if (ns_count == 0) {
+               nameservers = LDNS_XMALLOC(ldns_rdf *, 1);
+       } else {
+               nameservers = LDNS_XREALLOC(nameservers, ldns_rdf *, (ns_count + 1));
+       }
+        if(!nameservers)
+                return LDNS_STATUS_MEM_ERR;
 
        /* set the new value in the resolver */
        ldns_resolver_set_nameservers(r, nameservers);
 
 
        /* set the new value in the resolver */
        ldns_resolver_set_nameservers(r, nameservers);
 
+       /* don't forget the rtt */
+       if (ns_count == 0) {
+               rtt = LDNS_XMALLOC(size_t, 1);
+       } else {
+               rtt = LDNS_XREALLOC(rtt, size_t, (ns_count + 1));
+       }
+        if(!rtt)
+                return LDNS_STATUS_MEM_ERR;
+
        /* slide n in its slot. */
        /* we clone it here, because then we can free the original
         * rr's where it stood */
        /* slide n in its slot. */
        /* we clone it here, because then we can free the original
         * rr's where it stood */
@@ -326,6 +341,7 @@ ldns_resolver_push_nameserver_rr_list(ldns_resolver *r, ldns_rr_list *rrlist)
                        rr = ldns_rr_list_rr(rrlist, i);
                        if (ldns_resolver_push_nameserver_rr(r, rr) != LDNS_STATUS_OK) {
                                stat = LDNS_STATUS_ERR;
                        rr = ldns_rr_list_rr(rrlist, i);
                        if (ldns_resolver_push_nameserver_rr(r, rr) != LDNS_STATUS_OK) {
                                stat = LDNS_STATUS_ERR;
+                               break;
                        }
                }
                return stat;
                        }
                }
                return stat;
@@ -536,7 +552,7 @@ ldns_resolver_push_searchlist(ldns_resolver *r, ldns_rdf *d)
 
                searchlist[list_count] = ldns_rdf_clone(d);
                ldns_resolver_set_searchlist_count(r, list_count + 1);
 
                searchlist[list_count] = ldns_rdf_clone(d);
                ldns_resolver_set_searchlist_count(r, list_count + 1);
-       }
+       } /* no way to report mem err */
 }
 
 void
 }
 
 void
@@ -1063,6 +1079,8 @@ ldns_resolver_prepare_query_pkt(ldns_pkt **query_pkt, ldns_resolver *r,
                                 const ldns_rdf *name, ldns_rr_type t,
                                 ldns_rr_class c, uint16_t flags)
 {
                                 const ldns_rdf *name, ldns_rr_type t,
                                 ldns_rr_class c, uint16_t flags)
 {
+       struct timeval now;
+
        /* prepare a question pkt from the parameters
         * and then send this */
        *query_pkt = ldns_pkt_query_new(ldns_rdf_clone(name), t, c, flags);
        /* prepare a question pkt from the parameters
         * and then send this */
        *query_pkt = ldns_pkt_query_new(ldns_rdf_clone(name), t, c, flags);
@@ -1086,6 +1104,12 @@ ldns_resolver_prepare_query_pkt(ldns_pkt **query_pkt, ldns_resolver *r,
                ldns_pkt_set_edns_udp_size(*query_pkt, ldns_resolver_edns_udp_size(r));
        }
 
                ldns_pkt_set_edns_udp_size(*query_pkt, ldns_resolver_edns_udp_size(r));
        }
 
+       /* set the timestamp */
+       now.tv_sec = time(NULL);
+       now.tv_usec = 0;
+       ldns_pkt_set_timestamp(*query_pkt, now);
+
+
        if (ldns_resolver_debug(r)) {
                ldns_pkt_print(stdout, *query_pkt);
        }
        if (ldns_resolver_debug(r)) {
                ldns_pkt_print(stdout, *query_pkt);
        }
@@ -1140,8 +1164,8 @@ ldns_resolver_send(ldns_pkt **answer, ldns_resolver *r, const ldns_rdf *name,
          Jelte
          should this go in pkt_prepare?
        */
          Jelte
          should this go in pkt_prepare?
        */
-#ifdef HAVE_SSL
        if (ldns_resolver_tsig_keyname(r) && ldns_resolver_tsig_keydata(r)) {
        if (ldns_resolver_tsig_keyname(r) && ldns_resolver_tsig_keydata(r)) {
+#ifdef HAVE_SSL
                status = ldns_pkt_tsig_sign(query_pkt,
                                            ldns_resolver_tsig_keyname(r),
                                            ldns_resolver_tsig_keydata(r),
                status = ldns_pkt_tsig_sign(query_pkt,
                                            ldns_resolver_tsig_keyname(r),
                                            ldns_resolver_tsig_keydata(r),
@@ -1149,10 +1173,10 @@ ldns_resolver_send(ldns_pkt **answer, ldns_resolver *r, const ldns_rdf *name,
                if (status != LDNS_STATUS_OK) {
                        return LDNS_STATUS_CRYPTO_TSIG_ERR;
                }
                if (status != LDNS_STATUS_OK) {
                        return LDNS_STATUS_CRYPTO_TSIG_ERR;
                }
-       }
 #else
 #else
-       return LDNS_STATUS_CRYPTO_TSIG_ERR;
+               return LDNS_STATUS_CRYPTO_TSIG_ERR;
 #endif /* HAVE_SSL */
 #endif /* HAVE_SSL */
+       }
 
        status = ldns_resolver_send_pkt(&answer_pkt, r, query_pkt);
        ldns_pkt_free(query_pkt);
 
        status = ldns_resolver_send_pkt(&answer_pkt, r, query_pkt);
        ldns_pkt_free(query_pkt);
index 60ce498..7b799b9 100644 (file)
@@ -53,6 +53,10 @@ ldns_rr_new_frm_type(ldns_rr_type t)
        desc = ldns_rr_descript(t);
 
        rr->_rdata_fields = LDNS_XMALLOC(ldns_rdf *, ldns_rr_descriptor_minimum(desc));
        desc = ldns_rr_descript(t);
 
        rr->_rdata_fields = LDNS_XMALLOC(ldns_rdf *, ldns_rr_descriptor_minimum(desc));
+        if(!rr->_rdata_fields) {
+                LDNS_FREE(rr);
+                return NULL;
+        }
        for (i = 0; i < ldns_rr_descriptor_minimum(desc); i++) {
                rr->_rdata_fields[i] = NULL;
        }
        for (i = 0; i < ldns_rr_descriptor_minimum(desc); i++) {
                rr->_rdata_fields[i] = NULL;
        }
@@ -105,23 +109,24 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
        ldns_rr *new;
        const ldns_rr_descriptor *desc;
        ldns_rr_type rr_type;
        ldns_rr *new;
        const ldns_rr_descriptor *desc;
        ldns_rr_type rr_type;
-       ldns_buffer *rr_buf;
-       ldns_buffer *rd_buf;
+       ldns_buffer *rr_buf = NULL;
+       ldns_buffer *rd_buf = NULL;
        uint32_t ttl_val;
        uint32_t ttl_val;
-       char  *owner;
-       char  *ttl;
+       char  *owner = NULL;
+       char  *ttl = NULL;
        ldns_rr_class clas_val;
        ldns_rr_class clas_val;
-       char  *clas;
+       char  *clas = NULL;
        char  *type = NULL;
        char  *type = NULL;
-       char  *rdata;
-       char  *rd;
-       char  *b64;
+       char  *rdata = NULL;
+       char  *rd = NULL;
+       char  *b64 = NULL;
        size_t rd_strlen;
        const char *delimiters;
        ssize_t c;
        ldns_rdf *owner_dname;
         const char* endptr;
         int was_unknown_rr_format = 0;
        size_t rd_strlen;
        const char *delimiters;
        ssize_t c;
        ldns_rdf *owner_dname;
         const char* endptr;
         int was_unknown_rr_format = 0;
+       ldns_status status = LDNS_STATUS_OK;
 
        /* used for types with unknown number of rdatas */
        bool done;
 
        /* used for types with unknown number of rdatas */
        bool done;
@@ -144,36 +149,24 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
        rd = LDNS_XMALLOC(char, LDNS_MAX_RDFLEN);
        b64 = LDNS_XMALLOC(char, LDNS_MAX_RDFLEN);
        if (!new || !owner || !ttl || !clas || !rdata || !rr_buf || !rd_buf || !rd || !b64 ) {
        rd = LDNS_XMALLOC(char, LDNS_MAX_RDFLEN);
        b64 = LDNS_XMALLOC(char, LDNS_MAX_RDFLEN);
        if (!new || !owner || !ttl || !clas || !rdata || !rr_buf || !rd_buf || !rd || !b64 ) {
-               return LDNS_STATUS_MEM_ERR;
+               status = LDNS_STATUS_MEM_ERR;
+               LDNS_FREE(rr_buf);
+               goto ldnserror;
        }
 
        ldns_buffer_new_frm_data(rr_buf, (char*)str, strlen(str));
 
        /* split the rr in its parts -1 signals trouble */
        if (ldns_bget_token(rr_buf, owner, "\t\n ", LDNS_MAX_DOMAINLEN) == -1) {
        }
 
        ldns_buffer_new_frm_data(rr_buf, (char*)str, strlen(str));
 
        /* split the rr in its parts -1 signals trouble */
        if (ldns_bget_token(rr_buf, owner, "\t\n ", LDNS_MAX_DOMAINLEN) == -1) {
-               LDNS_FREE(owner);
-               LDNS_FREE(ttl);
-               LDNS_FREE(clas);
-               LDNS_FREE(rdata);
-               LDNS_FREE(rd);
-               LDNS_FREE(rd_buf);
-               LDNS_FREE(b64);
+               status = LDNS_STATUS_SYNTAX_ERR;
                ldns_buffer_free(rr_buf);
                ldns_buffer_free(rr_buf);
-               ldns_rr_free(new);
-               return LDNS_STATUS_SYNTAX_ERR;
+               goto ldnserror;
        }
 
        if (ldns_bget_token(rr_buf, ttl, "\t\n ", LDNS_TTL_DATALEN) == -1) {
        }
 
        if (ldns_bget_token(rr_buf, ttl, "\t\n ", LDNS_TTL_DATALEN) == -1) {
-               LDNS_FREE(owner);
-               LDNS_FREE(ttl);
-               LDNS_FREE(clas);
-               LDNS_FREE(rdata);
-               LDNS_FREE(rd);
-               LDNS_FREE(rd_buf);
-               LDNS_FREE(b64);
+               status = LDNS_STATUS_SYNTAX_TTL_ERR;
                ldns_buffer_free(rr_buf);
                ldns_buffer_free(rr_buf);
-               ldns_rr_free(new);
-               return LDNS_STATUS_SYNTAX_TTL_ERR;
+               goto ldnserror;
        }
        ttl_val = (uint32_t) ldns_str2period(ttl, &endptr);
 
        }
        ttl_val = (uint32_t) ldns_str2period(ttl, &endptr);
 
@@ -196,20 +189,18 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
                if (clas_val == 0) {
                        clas_val = LDNS_RR_CLASS_IN;
                        type = LDNS_XMALLOC(char, strlen(ttl) + 1);
                if (clas_val == 0) {
                        clas_val = LDNS_RR_CLASS_IN;
                        type = LDNS_XMALLOC(char, strlen(ttl) + 1);
+                       if(!type) {
+                               status = LDNS_STATUS_MEM_ERR;
+                               ldns_buffer_free(rr_buf);
+                               goto ldnserror;
+                       }
                        strncpy(type, ttl, strlen(ttl) + 1);
                }
        } else {
                if (ldns_bget_token(rr_buf, clas, "\t\n ", LDNS_SYNTAX_DATALEN) == -1) {
                        strncpy(type, ttl, strlen(ttl) + 1);
                }
        } else {
                if (ldns_bget_token(rr_buf, clas, "\t\n ", LDNS_SYNTAX_DATALEN) == -1) {
-                       LDNS_FREE(owner);
-                       LDNS_FREE(ttl);
-                       LDNS_FREE(clas);
-                       LDNS_FREE(rdata);
-                       LDNS_FREE(rd);
-                       LDNS_FREE(rd_buf);
-                       LDNS_FREE(b64);
+                       status = LDNS_STATUS_SYNTAX_CLASS_ERR;
                        ldns_buffer_free(rr_buf);
                        ldns_buffer_free(rr_buf);
-                       ldns_rr_free(new);
-                       return LDNS_STATUS_SYNTAX_CLASS_ERR;
+                       goto ldnserror;
                }
                clas_val = ldns_get_rr_class_by_name(clas);
                /* class can be left out too, assume IN, current
                }
                clas_val = ldns_get_rr_class_by_name(clas);
                /* class can be left out too, assume IN, current
@@ -218,6 +209,11 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
                if (clas_val == 0) {
                        clas_val = LDNS_RR_CLASS_IN;
                        type = LDNS_XMALLOC(char, strlen(clas) + 1);
                if (clas_val == 0) {
                        clas_val = LDNS_RR_CLASS_IN;
                        type = LDNS_XMALLOC(char, strlen(clas) + 1);
+                       if(!type) {
+                               status = LDNS_STATUS_MEM_ERR;
+                               ldns_buffer_free(rr_buf);
+                               goto ldnserror;
+                       }
                        strncpy(type, clas, strlen(clas) + 1);
                }
        }
                        strncpy(type, clas, strlen(clas) + 1);
                }
        }
@@ -225,33 +221,21 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
 
        if (!type) {
                type = LDNS_XMALLOC(char, LDNS_SYNTAX_DATALEN);
 
        if (!type) {
                type = LDNS_XMALLOC(char, LDNS_SYNTAX_DATALEN);
+               if(!type) {
+                       status = LDNS_STATUS_MEM_ERR;
+                       ldns_buffer_free(rr_buf);
+                       goto ldnserror;
+               }
                if (ldns_bget_token(rr_buf, type, "\t\n ", LDNS_SYNTAX_DATALEN) == -1) {
                if (ldns_bget_token(rr_buf, type, "\t\n ", LDNS_SYNTAX_DATALEN) == -1) {
-                       LDNS_FREE(owner);
-                       LDNS_FREE(ttl);
-                       LDNS_FREE(clas);
-                       LDNS_FREE(rdata);
-                       LDNS_FREE(rd);
-                       LDNS_FREE(rd_buf);
-                       LDNS_FREE(b64);
+                       status = LDNS_STATUS_SYNTAX_TYPE_ERR;
                        ldns_buffer_free(rr_buf);
                        ldns_buffer_free(rr_buf);
-                       ldns_rr_free(new);
-                       return LDNS_STATUS_SYNTAX_TYPE_ERR;
+                       goto ldnserror;
                }
        }
 
        if (ldns_bget_token(rr_buf, rdata, "\0", LDNS_MAX_PACKETLEN) == -1) {
                /* apparently we are done, and it's only a question RR
                }
        }
 
        if (ldns_bget_token(rr_buf, rdata, "\0", LDNS_MAX_PACKETLEN) == -1) {
                /* apparently we are done, and it's only a question RR
-                * so do not free and error here
-               LDNS_FREE(owner);
-               LDNS_FREE(ttl);
-               LDNS_FREE(clas);
-               LDNS_FREE(type);
-               LDNS_FREE(rdata);
-               LDNS_FREE(rd);
-               LDNS_FREE(rd_buf);
-               ldns_buffer_free(rr_buf);
-               ldns_rr_free(new);
-               return NULL;
+                * so do not set status and go to ldnserror here
                */
        }
 
                */
        }
 
@@ -271,6 +255,11 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
                if (prev) {
                        ldns_rdf_deep_free(*prev);
                        *prev = ldns_rdf_clone(ldns_rr_owner(new));
                if (prev) {
                        ldns_rdf_deep_free(*prev);
                        *prev = ldns_rdf_clone(ldns_rr_owner(new));
+                       if (!*prev) {
+                               status = LDNS_STATUS_MEM_ERR;
+                               ldns_buffer_free(rr_buf);
+                               goto ldnserror;
+                       }
                }
        } else {
                if (strlen(owner) == 0) {
                }
        } else {
                if (strlen(owner) == 0) {
@@ -283,57 +272,55 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
                        } else {
                                ldns_rr_set_owner(new, ldns_dname_new_frm_str("."));
                        }
                        } else {
                                ldns_rr_set_owner(new, ldns_dname_new_frm_str("."));
                        }
+                       if(!ldns_rr_owner(new)) {
+                               status = LDNS_STATUS_MEM_ERR;
+                               ldns_buffer_free(rr_buf);
+                               goto ldnserror;
+                       }
                } else {
                        owner_dname = ldns_dname_new_frm_str(owner);
                        if (!owner_dname) {
                } else {
                        owner_dname = ldns_dname_new_frm_str(owner);
                        if (!owner_dname) {
-                                       LDNS_FREE(owner);
-                                       LDNS_FREE(ttl);
-                                       LDNS_FREE(clas);
-                                       LDNS_FREE(type);
-                                       LDNS_FREE(rdata);
-                                       LDNS_FREE(rd);
-                                       LDNS_FREE(rd_buf);
-                                       LDNS_FREE(b64);
-                                       ldns_buffer_free(rr_buf);
-                                       ldns_rr_free(new);
-                                       return LDNS_STATUS_SYNTAX_ERR;
+                               status = LDNS_STATUS_SYNTAX_ERR;
+                               ldns_buffer_free(rr_buf);
+                               goto ldnserror;
                        }
 
                        ldns_rr_set_owner(new, owner_dname);
                        if (!ldns_dname_str_absolute(owner) && origin) {
                                if(ldns_dname_cat(ldns_rr_owner(new),
                                                        origin) != LDNS_STATUS_OK) {
                        }
 
                        ldns_rr_set_owner(new, owner_dname);
                        if (!ldns_dname_str_absolute(owner) && origin) {
                                if(ldns_dname_cat(ldns_rr_owner(new),
                                                        origin) != LDNS_STATUS_OK) {
-                                       LDNS_FREE(owner);
-                                       LDNS_FREE(ttl);
-                                       LDNS_FREE(clas);
-                                       LDNS_FREE(type);
-                                       LDNS_FREE(rdata);
-                                       LDNS_FREE(rd);
-                                       LDNS_FREE(rd_buf);
-                                       LDNS_FREE(b64);
+                                       status = LDNS_STATUS_SYNTAX_ERR;
                                        ldns_buffer_free(rr_buf);
                                        ldns_buffer_free(rr_buf);
-                                       ldns_rr_free(new);
-                                       return LDNS_STATUS_SYNTAX_ERR;
+                                       goto ldnserror;
                                }
                        }
                        if (prev) {
                                ldns_rdf_deep_free(*prev);
                                *prev = ldns_rdf_clone(ldns_rr_owner(new));
                                }
                        }
                        if (prev) {
                                ldns_rdf_deep_free(*prev);
                                *prev = ldns_rdf_clone(ldns_rr_owner(new));
+                               if(!*prev) {
+                                       status = LDNS_STATUS_MEM_ERR;
+                                       ldns_buffer_free(rr_buf);
+                                       goto ldnserror;
+                               }
                        }
                }
        }
        LDNS_FREE(owner);
                        }
                }
        }
        LDNS_FREE(owner);
+       owner = NULL;
 
        ldns_rr_set_question(new, question);
 
        ldns_rr_set_ttl(new, ttl_val);
        LDNS_FREE(ttl);
 
        ldns_rr_set_question(new, question);
 
        ldns_rr_set_ttl(new, ttl_val);
        LDNS_FREE(ttl);
+       ttl = NULL;
 
        ldns_rr_set_class(new, clas_val);
        LDNS_FREE(clas);
 
        ldns_rr_set_class(new, clas_val);
        LDNS_FREE(clas);
+       clas = NULL;
 
        rr_type = ldns_get_rr_type_by_name(type);
        LDNS_FREE(type);
 
        rr_type = ldns_get_rr_type_by_name(type);
        LDNS_FREE(type);
+       type = NULL;
 
        desc = ldns_rr_descript((uint16_t)rr_type);
        ldns_rr_set_type(new, rr_type);
 
        desc = ldns_rr_descript((uint16_t)rr_type);
        ldns_rr_set_type(new, rr_type);
@@ -391,7 +378,7 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
                                   rely on _maximum() only */
                                /* skip spaces */
                                while (ldns_buffer_position(rd_buf) < ldns_buffer_limit(rd_buf) &&
                                   rely on _maximum() only */
                                /* skip spaces */
                                while (ldns_buffer_position(rd_buf) < ldns_buffer_limit(rd_buf) &&
-                                       *(ldns_buffer_current(rd_buf)) == ' '
+                                       *(ldns_buffer_current(rd_buf)) == ' ' && !quoted
                                      ) {
                                        ldns_buffer_skip(rd_buf, 1);
                                }
                                      ) {
                                        ldns_buffer_skip(rd_buf, 1);
                                }
@@ -420,8 +407,12 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
                                                c = ldns_bget_token(rd_buf, rd, delimiters, LDNS_MAX_RDFLEN);
                                                if (c == -1) {
                                                        /* something goes very wrong here */
                                                c = ldns_bget_token(rd_buf, rd, delimiters, LDNS_MAX_RDFLEN);
                                                if (c == -1) {
                                                        /* something goes very wrong here */
-                                                       ldns_buffer_free(rd_buf);
-                                                       LDNS_FREE(rd);
+                                                        LDNS_FREE(rd);
+                                                        LDNS_FREE(b64);
+                                                        ldns_buffer_free(rd_buf);
+                                                        ldns_buffer_free(rr_buf);
+                                                        LDNS_FREE(rdata);
+                                                        ldns_rr_free(new);
                                                        return LDNS_STATUS_SYNTAX_RDATA_ERR;
                                                }
                                                hex_data_size = (uint16_t) atoi(rd);
                                                        return LDNS_STATUS_SYNTAX_RDATA_ERR;
                                                }
                                                hex_data_size = (uint16_t) atoi(rd);
@@ -429,8 +420,12 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
                                                hex_data_str = LDNS_XMALLOC(char, 2 * hex_data_size + 1);
                                                if (!hex_data_str) {
                                                        /* malloc error */
                                                hex_data_str = LDNS_XMALLOC(char, 2 * hex_data_size + 1);
                                                if (!hex_data_str) {
                                                        /* malloc error */
-                                                       ldns_buffer_free(rd_buf);
-                                                       LDNS_FREE(rd);
+                                                        LDNS_FREE(rd);
+                                                        LDNS_FREE(b64);
+                                                        ldns_buffer_free(rd_buf);
+                                                        ldns_buffer_free(rr_buf);
+                                                        LDNS_FREE(rdata);
+                                                        ldns_rr_free(new);
                                                        return LDNS_STATUS_SYNTAX_RDATA_ERR;
                                                }
                                                cur_hex_data_size = 0;
                                                        return LDNS_STATUS_SYNTAX_RDATA_ERR;
                                                }
                                                cur_hex_data_size = 0;
@@ -447,15 +442,55 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
                                                if (desc) {
                                                        size_t hex_pos = 0;
                                                        uint8_t *hex_data = LDNS_XMALLOC(uint8_t, hex_data_size + 2);
                                                if (desc) {
                                                        size_t hex_pos = 0;
                                                        uint8_t *hex_data = LDNS_XMALLOC(uint8_t, hex_data_size + 2);
+                                                        ldns_status s;
+                                                        if(!hex_data) {
+                                                                LDNS_FREE(hex_data_str);
+                                                                LDNS_FREE(rd);
+                                                                LDNS_FREE(b64);
+                                                                ldns_buffer_free(rd_buf);
+                                                                ldns_buffer_free(rr_buf);
+                                                                LDNS_FREE(rdata);
+                                                                ldns_rr_free(new);
+                                                                return LDNS_STATUS_MEM_ERR;
+                                                        }
                                                        ldns_write_uint16(hex_data, hex_data_size);
                                                        ldns_hexstring_to_data(hex_data + 2, hex_data_str);
                                                        ldns_write_uint16(hex_data, hex_data_size);
                                                        ldns_hexstring_to_data(hex_data + 2, hex_data_str);
-                                                       (void) ldns_wire2rdf(new, hex_data,
+                                                       s = ldns_wire2rdf(new, hex_data,
                                                                         hex_data_size+2, &hex_pos);
                                                                         hex_data_size+2, &hex_pos);
+                                                        if(s != LDNS_STATUS_OK) {
+                                                                LDNS_FREE(hex_data_str);
+                                                                LDNS_FREE(rd);
+                                                                LDNS_FREE(b64);
+                                                                ldns_buffer_free(rd_buf);
+                                                                ldns_buffer_free(rr_buf);
+                                                                LDNS_FREE(rdata);
+                                                                ldns_rr_free(new);
+                                                                return s;
+                                                        }
                                                        LDNS_FREE(hex_data);
                                                } else {
                                                        r = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_HEX, hex_data_str);
                                                        LDNS_FREE(hex_data);
                                                } else {
                                                        r = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_HEX, hex_data_str);
+                                                        if(!r) {
+                                                                LDNS_FREE(hex_data_str);
+                                                                LDNS_FREE(rd);
+                                                                LDNS_FREE(b64);
+                                                                ldns_buffer_free(rd_buf);
+                                                                ldns_buffer_free(rr_buf);
+                                                                LDNS_FREE(rdata);
+                                                                ldns_rr_free(new);
+                                                                return LDNS_STATUS_MEM_ERR;
+                                                        }
                                                        ldns_rdf_set_type(r, LDNS_RDF_TYPE_UNKNOWN);
                                                        ldns_rdf_set_type(r, LDNS_RDF_TYPE_UNKNOWN);
-                                                       ldns_rr_push_rdf(new, r);
+                                                       if(!ldns_rr_push_rdf(new, r)) {
+                                                                LDNS_FREE(hex_data_str);
+                                                                LDNS_FREE(rd);
+                                                                LDNS_FREE(b64);
+                                                                ldns_buffer_free(rd_buf);
+                                                                ldns_buffer_free(rr_buf);
+                                                                LDNS_FREE(rdata);
+                                                                ldns_rr_free(new);
+                                                                return LDNS_STATUS_MEM_ERR;
+                                                        }
                                                }
                                                LDNS_FREE(hex_data_str);
                                        } else {
                                                }
                                                LDNS_FREE(hex_data_str);
                                        } else {
@@ -500,6 +535,12 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
                                                                }
                                                        } else if (r && rd_strlen >= 1 && !ldns_dname_str_absolute(rd) && origin) {
                                                                if (ldns_dname_cat(r, origin) != LDNS_STATUS_OK) {
                                                                }
                                                        } else if (r && rd_strlen >= 1 && !ldns_dname_str_absolute(rd) && origin) {
                                                                if (ldns_dname_cat(r, origin) != LDNS_STATUS_OK) {
+                                                                       LDNS_FREE(rd);
+                                                                       LDNS_FREE(b64);
+                                                                       ldns_buffer_free(rd_buf);
+                                                                       ldns_buffer_free(rr_buf);
+                                                                       LDNS_FREE(rdata);
+                                                                       ldns_rr_free(new);
                                                                        return LDNS_STATUS_ERR;
                                                                }
                                                        }
                                                                        return LDNS_STATUS_ERR;
                                                                }
                                                        }
@@ -549,6 +590,18 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
                *newrr = new;
        }
        return LDNS_STATUS_OK;
                *newrr = new;
        }
        return LDNS_STATUS_OK;
+
+ldnserror:
+       LDNS_FREE(type);
+       LDNS_FREE(owner);
+       LDNS_FREE(ttl);
+       LDNS_FREE(clas);
+       LDNS_FREE(rdata);
+       LDNS_FREE(rd);
+       LDNS_FREE(rd_buf);
+       LDNS_FREE(b64);
+       ldns_rr_free(new);
+    return status;
 }
 
 ldns_status
 }
 
 ldns_status
@@ -865,6 +918,7 @@ ldns_rr_list *
 ldns_rr_list_new()
 {
        ldns_rr_list *rr_list = LDNS_MALLOC(ldns_rr_list);
 ldns_rr_list_new()
 {
        ldns_rr_list *rr_list = LDNS_MALLOC(ldns_rr_list);
+        if(!rr_list) return NULL;
        rr_list->_rr_count = 0;
        rr_list->_rr_capacity = 0;
        rr_list->_rrs = NULL;
        rr_list->_rr_count = 0;
        rr_list->_rr_capacity = 0;
        rr_list->_rrs = NULL;
@@ -1055,9 +1109,13 @@ ldns_rr_list_pop_rr(ldns_rr_list *rr_list)
 
        /* shrink the array */
        if(cap > LDNS_RRLIST_INIT && rr_count-1 <= cap/2) {
 
        /* shrink the array */
        if(cap > LDNS_RRLIST_INIT && rr_count-1 <= cap/2) {
+                ldns_rr** a;
                cap /= 2;
                cap /= 2;
-               rr_list->_rrs = LDNS_XREALLOC(rr_list->_rrs, ldns_rr *, cap);
-               rr_list->_rr_capacity = cap;
+                a = LDNS_XREALLOC(rr_list->_rrs, ldns_rr *, cap);
+                if(a) {
+                       rr_list->_rrs = a;
+                       rr_list->_rr_capacity = cap;
+                }
        }
 
        ldns_rr_list_set_rr_count(rr_list, rr_count - 1);
        }
 
        ldns_rr_list_set_rr_count(rr_list, rr_count - 1);
@@ -1358,6 +1416,8 @@ qsort_schwartz_rr_compare(const void *a, const void *b)
                        ldns_rr2canonical(canonical_a);
                        sa->transformed_object = ldns_buffer_new(ldns_rr_uncompressed_size(canonical_a));
                        if (ldns_rr2buffer_wire(sa->transformed_object, canonical_a, LDNS_SECTION_ANY) != LDNS_STATUS_OK) {
                        ldns_rr2canonical(canonical_a);
                        sa->transformed_object = ldns_buffer_new(ldns_rr_uncompressed_size(canonical_a));
                        if (ldns_rr2buffer_wire(sa->transformed_object, canonical_a, LDNS_SECTION_ANY) != LDNS_STATUS_OK) {
+                               ldns_buffer_free((ldns_buffer *)sa->transformed_object);
+                                sa->transformed_object = NULL;
                                ldns_rr_free(canonical_a);
                                return 0;
                        }
                                ldns_rr_free(canonical_a);
                                return 0;
                        }
@@ -1368,6 +1428,10 @@ qsort_schwartz_rr_compare(const void *a, const void *b)
                        ldns_rr2canonical(canonical_b);
                        sb->transformed_object = ldns_buffer_new(ldns_rr_uncompressed_size(canonical_b));
                        if (ldns_rr2buffer_wire(sb->transformed_object, canonical_b, LDNS_SECTION_ANY) != LDNS_STATUS_OK) {
                        ldns_rr2canonical(canonical_b);
                        sb->transformed_object = ldns_buffer_new(ldns_rr_uncompressed_size(canonical_b));
                        if (ldns_rr2buffer_wire(sb->transformed_object, canonical_b, LDNS_SECTION_ANY) != LDNS_STATUS_OK) {
+                               ldns_buffer_free((ldns_buffer *)sa->transformed_object);
+                               ldns_buffer_free((ldns_buffer *)sb->transformed_object);
+                                sa->transformed_object = NULL;
+                                sb->transformed_object = NULL;
                                ldns_rr_free(canonical_b);
                                return 0;
                        }
                                ldns_rr_free(canonical_b);
                                return 0;
                        }
@@ -1394,8 +1458,18 @@ ldns_rr_list_sort(ldns_rr_list *unsorted)
 
                sortables = LDNS_XMALLOC(struct ldns_schwartzian_compare_struct *,
                                         item_count);
 
                sortables = LDNS_XMALLOC(struct ldns_schwartzian_compare_struct *,
                                         item_count);
+                if(!sortables) return; /* no way to return error */
                for (i = 0; i < item_count; i++) {
                        sortables[i] = LDNS_XMALLOC(struct ldns_schwartzian_compare_struct, 1);
                for (i = 0; i < item_count; i++) {
                        sortables[i] = LDNS_XMALLOC(struct ldns_schwartzian_compare_struct, 1);
+                        if(!sortables[i]) {
+                                /* free the allocated parts */
+                                while(i>0) {
+                                        i--;
+                                        LDNS_FREE(sortables[i]);
+                                }
+                                /* no way to return error */
+                                return;
+                        }
                        sortables[i]->original_object = ldns_rr_list_rr(unsorted, i);
                        sortables[i]->transformed_object = NULL;
                }
                        sortables[i]->original_object = ldns_rr_list_rr(unsorted, i);
                        sortables[i]->transformed_object = NULL;
                }
index f4c5e4f..700372b 100644 (file)
@@ -276,7 +276,7 @@ ldns_rr_dnskey_key_size_raw(const unsigned char* keydata,
        uint16_t exp;
        uint16_t int16;
        
        uint16_t exp;
        uint16_t int16;
        
-       switch (alg) {
+       switch ((ldns_signing_algorithm)alg) {
        case LDNS_SIGN_DSA:
        case LDNS_SIGN_DSA_NSEC3:
                if (len > 0) {
        case LDNS_SIGN_DSA:
        case LDNS_SIGN_DSA_NSEC3:
                if (len > 0) {
@@ -334,7 +334,7 @@ ldns_rr_dnskey_key_size(const ldns_rr *key)
        if (!key) {
                return 0;
        }
        if (!key) {
                return 0;
        }
-       return ldns_rr_dnskey_key_size_raw(ldns_rdf_data(ldns_rr_dnskey_key(key)),
+       return ldns_rr_dnskey_key_size_raw((unsigned char*)ldns_rdf_data(ldns_rr_dnskey_key(key)),
                                           ldns_rdf_size(ldns_rr_dnskey_key(key)),
                                           ldns_rdf2native_int8(ldns_rr_dnskey_algorithm(key))
                                          );
                                           ldns_rdf_size(ldns_rr_dnskey_key(key)),
                                           ldns_rdf2native_int8(ldns_rr_dnskey_algorithm(key))
                                          );
index 7610d01..5dec680 100644 (file)
@@ -123,7 +123,7 @@ ldns_sha1_update(ldns_sha1_ctx *context, const unsigned char *data, unsigned int
     unsigned int i;
     unsigned int j;
 
     unsigned int i;
     unsigned int j;
 
-    j = (uint32_t)((context->count >> 3) & 63);
+    j = (unsigned)(uint32_t)((context->count >> 3) & 63);
     context->count += (len << 3);
     if ((j + len) > 63) {
         memmove(&context->buffer[j], data, (i = 64 - j));
     context->count += (len << 3);
     if ((j + len) > 63) {
         memmove(&context->buffer[j], data, (i = 64 - j));
@@ -156,7 +156,7 @@ ldns_sha1_final(unsigned char digest[LDNS_SHA1_DIGEST_LENGTH], ldns_sha1_ctx *co
     }
     ldns_sha1_update(context, finalcount, 8);  /* Should cause a SHA1Transform() */
 
     }
     ldns_sha1_update(context, finalcount, 8);  /* Should cause a SHA1Transform() */
 
-    if (digest)
+    if (digest != NULL)
         for (i = 0; i < LDNS_SHA1_DIGEST_LENGTH; i++) {
             digest[i] = (unsigned char)((context->state[i >> 2] >>
                 ((3 - (i & 3)) * 8)) & 255);
         for (i = 0; i < LDNS_SHA1_DIGEST_LENGTH; i++) {
             digest[i] = (unsigned char)((context->state[i >> 2] >>
                 ((3 - (i & 3)) * 8)) & 255);
index 62f5f6b..26b7716 100644 (file)
 
 typedef uint8_t  sha2_byte;    /* Exactly 1 byte */
 typedef uint32_t sha2_word32;  /* Exactly 4 bytes */
 
 typedef uint8_t  sha2_byte;    /* Exactly 1 byte */
 typedef uint32_t sha2_word32;  /* Exactly 4 bytes */
+#ifdef S_SPLINT_S
+typedef unsigned long long sha2_word64; /* lint 8 bytes */
+#else
 typedef uint64_t sha2_word64;  /* Exactly 8 bytes */
 typedef uint64_t sha2_word64;  /* Exactly 8 bytes */
+#endif
 
 /*** SHA-256/384/512 Various Length Definitions ***********************/
 /* NOTE: Most of these are in sha2.h */
 
 /*** SHA-256/384/512 Various Length Definitions ***********************/
 /* NOTE: Most of these are in sha2.h */
@@ -116,6 +120,7 @@ typedef uint64_t sha2_word64;       /* Exactly 8 bytes */
        tmp = (tmp >> 16) | (tmp << 16); \
        (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \
 }
        tmp = (tmp >> 16) | (tmp << 16); \
        (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \
 }
+#ifndef S_SPLINT_S
 #define REVERSE64(w,x) { \
        sha2_word64 tmp = (w); \
        tmp = (tmp >> 32) | (tmp << 32); \
 #define REVERSE64(w,x) { \
        sha2_word64 tmp = (w); \
        tmp = (tmp >> 32) | (tmp << 32); \
@@ -124,6 +129,9 @@ typedef uint64_t sha2_word64;       /* Exactly 8 bytes */
        (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \
              ((tmp & 0x0000ffff0000ffffULL) << 16); \
 }
        (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \
              ((tmp & 0x0000ffff0000ffffULL) << 16); \
 }
+#else /* splint */
+#define REVERSE64(w,x) /* splint */
+#endif /* splint */
 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
 
 /*
 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
 
 /*
@@ -137,6 +145,10 @@ typedef uint64_t sha2_word64;      /* Exactly 8 bytes */
                (w)[1]++; \
        } \
 }
                (w)[1]++; \
        } \
 }
+#ifdef S_SPLINT_S
+#undef ADDINC128
+#define ADDINC128(w,n) /* splint */
+#endif
 
 /*
  * Macros for copying blocks of memory and for zeroing out ranges
 
 /*
  * Macros for copying blocks of memory and for zeroing out ranges
@@ -487,7 +499,7 @@ static void ldns_sha256_Transform(ldns_sha256_CTX* context,
 #endif /* SHA2_UNROLL_TRANSFORM */
 
 void ldns_sha256_update(ldns_sha256_CTX* context, const sha2_byte *data, size_t len) {
 #endif /* SHA2_UNROLL_TRANSFORM */
 
 void ldns_sha256_update(ldns_sha256_CTX* context, const sha2_byte *data, size_t len) {
-       unsigned int    freespace, usedspace;
+       size_t freespace, usedspace;
 
        if (len == 0) {
                /* Calling with no data is valid - we do nothing */
 
        if (len == 0) {
                /* Calling with no data is valid - we do nothing */
@@ -536,7 +548,7 @@ void ldns_sha256_update(ldns_sha256_CTX* context, const sha2_byte *data, size_t
 
 void ldns_sha256_final(sha2_byte digest[], ldns_sha256_CTX* context) {
        sha2_word32     *d = (sha2_word32*)digest;
 
 void ldns_sha256_final(sha2_byte digest[], ldns_sha256_CTX* context) {
        sha2_word32     *d = (sha2_word32*)digest;
-       unsigned int    usedspace;
+       size_t usedspace;
 
        /* Sanity check: */
        assert(context != (ldns_sha256_CTX*)0);
 
        /* Sanity check: */
        assert(context != (ldns_sha256_CTX*)0);
@@ -789,7 +801,7 @@ static void ldns_sha512_Transform(ldns_sha512_CTX* context,
 #endif /* SHA2_UNROLL_TRANSFORM */
 
 void ldns_sha512_update(ldns_sha512_CTX* context, const sha2_byte *data, size_t len) {
 #endif /* SHA2_UNROLL_TRANSFORM */
 
 void ldns_sha512_update(ldns_sha512_CTX* context, const sha2_byte *data, size_t len) {
-       unsigned int    freespace, usedspace;
+       size_t freespace, usedspace;
 
        if (len == 0) {
                /* Calling with no data is valid - we do nothing */
 
        if (len == 0) {
                /* Calling with no data is valid - we do nothing */
@@ -837,7 +849,7 @@ void ldns_sha512_update(ldns_sha512_CTX* context, const sha2_byte *data, size_t
 }
 
 static void ldns_sha512_Last(ldns_sha512_CTX* context) {
 }
 
 static void ldns_sha512_Last(ldns_sha512_CTX* context) {
-       unsigned int    usedspace;
+       size_t usedspace;
 
        usedspace = (context->bitcount[0] >> 3) % LDNS_SHA512_BLOCK_LENGTH;
 #if BYTE_ORDER == LITTLE_ENDIAN
 
        usedspace = (context->bitcount[0] >> 3) % LDNS_SHA512_BLOCK_LENGTH;
 #if BYTE_ORDER == LITTLE_ENDIAN
index f73b23d..2eda2f8 100644 (file)
@@ -38,6 +38,7 @@ ldns_str2rdf_int16(ldns_rdf **rd, const char *shortstr)
        char *end = NULL;
        uint16_t *r;
        r = LDNS_MALLOC(uint16_t);
        char *end = NULL;
        uint16_t *r;
        r = LDNS_MALLOC(uint16_t);
+        if(!r) return LDNS_STATUS_MEM_ERR;
 
        *r = htons((uint16_t)strtol((char *)shortstr, &end, 10));
 
 
        *r = htons((uint16_t)strtol((char *)shortstr, &end, 10));
 
@@ -48,7 +49,7 @@ ldns_str2rdf_int16(ldns_rdf **rd, const char *shortstr)
                *rd = ldns_rdf_new_frm_data(
                        LDNS_RDF_TYPE_INT16, sizeof(uint16_t), r);
                LDNS_FREE(r);
                *rd = ldns_rdf_new_frm_data(
                        LDNS_RDF_TYPE_INT16, sizeof(uint16_t), r);
                LDNS_FREE(r);
-               return LDNS_STATUS_OK;
+               return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
        }
 }
 
        }
 }
 
@@ -63,6 +64,7 @@ ldns_str2rdf_time(ldns_rdf **rd, const char *time)
 
        /* Try to scan the time... */
        r = (uint16_t*)LDNS_MALLOC(uint32_t);
 
        /* Try to scan the time... */
        r = (uint16_t*)LDNS_MALLOC(uint32_t);
+        if(!r) return LDNS_STATUS_MEM_ERR;
 
        memset(&tm, 0, sizeof(tm));
 
 
        memset(&tm, 0, sizeof(tm));
 
@@ -99,7 +101,7 @@ ldns_str2rdf_time(ldns_rdf **rd, const char *time)
                *rd = ldns_rdf_new_frm_data(
                        LDNS_RDF_TYPE_TIME, sizeof(uint32_t), r);
                LDNS_FREE(r);
                *rd = ldns_rdf_new_frm_data(
                        LDNS_RDF_TYPE_TIME, sizeof(uint32_t), r);
                LDNS_FREE(r);
-               return LDNS_STATUS_OK;
+               return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
        } else {
                /* handle it as 32 bits timestamp */
                l = htonl((uint32_t)strtol((char*)time, &end, 10));
        } else {
                /* handle it as 32 bits timestamp */
                l = htonl((uint32_t)strtol((char*)time, &end, 10));
@@ -111,7 +113,7 @@ ldns_str2rdf_time(ldns_rdf **rd, const char *time)
                        *rd = ldns_rdf_new_frm_data(
                                LDNS_RDF_TYPE_INT32, sizeof(uint32_t), r);
                        LDNS_FREE(r);
                        *rd = ldns_rdf_new_frm_data(
                                LDNS_RDF_TYPE_INT32, sizeof(uint32_t), r);
                        LDNS_FREE(r);
-                       return LDNS_STATUS_OK;
+                       return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
                }
        }
 
                }
        }
 
@@ -129,8 +131,11 @@ ldns_str2rdf_nsec3_salt(ldns_rdf **rd, const char *salt_str)
 
        uint8_t *salt;
        uint8_t *data;
 
        uint8_t *salt;
        uint8_t *data;
+       if(rd == NULL) {
+               return LDNS_STATUS_NULL;
+       }
 
 
-       salt_length_str = strlen(salt_str);
+       salt_length_str = (int)strlen(salt_str);
        if (salt_length_str == 1 && salt_str[0] == '-') {
                salt_length_str = 0;
        } else if (salt_length_str % 2 != 0) {
        if (salt_length_str == 1 && salt_str[0] == '-') {
                salt_length_str = 0;
        } else if (salt_length_str % 2 != 0) {
@@ -141,6 +146,9 @@ ldns_str2rdf_nsec3_salt(ldns_rdf **rd, const char *salt_str)
        }
 
        salt = LDNS_XMALLOC(uint8_t, salt_length_str / 2);
        }
 
        salt = LDNS_XMALLOC(uint8_t, salt_length_str / 2);
+        if(!salt) {
+                return LDNS_STATUS_MEM_ERR;
+        }
        for (c = 0; c < salt_length_str; c += 2) {
                if (isxdigit((int) salt_str[c]) && isxdigit((int) salt_str[c+1])) {
                        salt[c/2] = (uint8_t) ldns_hexdigit_to_int(salt_str[c]) * 16 +
        for (c = 0; c < salt_length_str; c += 2) {
                if (isxdigit((int) salt_str[c]) && isxdigit((int) salt_str[c+1])) {
                        salt[c/2] = (uint8_t) ldns_hexdigit_to_int(salt_str[c]) * 16 +
@@ -153,13 +161,17 @@ ldns_str2rdf_nsec3_salt(ldns_rdf **rd, const char *salt_str)
        salt_length = (uint8_t) (salt_length_str / 2);
 
        data = LDNS_XMALLOC(uint8_t, 1 + salt_length);
        salt_length = (uint8_t) (salt_length_str / 2);
 
        data = LDNS_XMALLOC(uint8_t, 1 + salt_length);
+        if(!data) {
+               LDNS_FREE(salt);
+                return LDNS_STATUS_MEM_ERR;
+        }
        data[0] = salt_length;
        memcpy(&data[1], salt, salt_length);
        *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_NSEC3_SALT, 1 + salt_length, data);
        LDNS_FREE(data);
        LDNS_FREE(salt);
 
        data[0] = salt_length;
        memcpy(&data[1], salt, salt_length);
        *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_NSEC3_SALT, 1 + salt_length, data);
        LDNS_FREE(data);
        LDNS_FREE(salt);
 
-       return LDNS_STATUS_OK;
+       return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
 }
 
 ldns_status
 }
 
 ldns_status
@@ -178,7 +190,7 @@ ldns_str2rdf_period(ldns_rdf **rd,const char *period)
                *rd = ldns_rdf_new_frm_data(
                        LDNS_RDF_TYPE_PERIOD, sizeof(uint32_t), &p);
         }
                *rd = ldns_rdf_new_frm_data(
                        LDNS_RDF_TYPE_PERIOD, sizeof(uint32_t), &p);
         }
-       return LDNS_STATUS_OK;
+       return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
 }
 
 ldns_status
 }
 
 ldns_status
@@ -189,6 +201,7 @@ ldns_str2rdf_int32(ldns_rdf **rd, const char *longstr)
        uint32_t l;
 
        r = (uint16_t*)LDNS_MALLOC(uint32_t);
        uint32_t l;
 
        r = (uint16_t*)LDNS_MALLOC(uint32_t);
+        if(!r) return LDNS_STATUS_MEM_ERR;
        errno = 0; /* must set to zero before call,
                        note race condition on errno */
        if(*longstr == '-')
        errno = 0; /* must set to zero before call,
                        note race condition on errno */
        if(*longstr == '-')
@@ -207,7 +220,7 @@ ldns_str2rdf_int32(ldns_rdf **rd, const char *longstr)
                *rd = ldns_rdf_new_frm_data(
                        LDNS_RDF_TYPE_INT32, sizeof(uint32_t), r);
                LDNS_FREE(r);
                *rd = ldns_rdf_new_frm_data(
                        LDNS_RDF_TYPE_INT32, sizeof(uint32_t), r);
                LDNS_FREE(r);
-               return LDNS_STATUS_OK;
+               return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
        }
 }
 
        }
 }
 
@@ -218,6 +231,7 @@ ldns_str2rdf_int8(ldns_rdf **rd, const char *bytestr)
        uint8_t *r = NULL;
 
        r = LDNS_MALLOC(uint8_t);
        uint8_t *r = NULL;
 
        r = LDNS_MALLOC(uint8_t);
+        if(!r) return LDNS_STATUS_MEM_ERR;
 
        *r = (uint8_t)strtol((char*)bytestr, &end, 10);
 
 
        *r = (uint8_t)strtol((char*)bytestr, &end, 10);
 
@@ -228,7 +242,7 @@ ldns_str2rdf_int8(ldns_rdf **rd, const char *bytestr)
                *rd = ldns_rdf_new_frm_data(
                        LDNS_RDF_TYPE_INT8, sizeof(uint8_t), r);
                LDNS_FREE(r);
                *rd = ldns_rdf_new_frm_data(
                        LDNS_RDF_TYPE_INT8, sizeof(uint8_t), r);
                LDNS_FREE(r);
-               return LDNS_STATUS_OK;
+               return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
         }
 }
 
         }
 }
 
@@ -375,7 +389,7 @@ ldns_str2rdf_a(ldns_rdf **rd, const char *str)
                *rd = ldns_rdf_new_frm_data(
                        LDNS_RDF_TYPE_A, sizeof(address), &address);
         }
                *rd = ldns_rdf_new_frm_data(
                        LDNS_RDF_TYPE_A, sizeof(address), &address);
         }
-       return LDNS_STATUS_OK;
+       return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
 }
 
 ldns_status
 }
 
 ldns_status
@@ -389,7 +403,7 @@ ldns_str2rdf_aaaa(ldns_rdf **rd, const char *str)
                *rd = ldns_rdf_new_frm_data(
                        LDNS_RDF_TYPE_AAAA, sizeof(address) - 1, &address);
        }
                *rd = ldns_rdf_new_frm_data(
                        LDNS_RDF_TYPE_AAAA, sizeof(address) - 1, &address);
        }
-       return LDNS_STATUS_OK;
+       return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
 }
 
 ldns_status
 }
 
 ldns_status
@@ -403,7 +417,9 @@ ldns_str2rdf_str(ldns_rdf **rd, const char *str)
        }
 
        data = LDNS_XMALLOC(uint8_t, strlen(str) + 1);
        }
 
        data = LDNS_XMALLOC(uint8_t, strlen(str) + 1);
+        if(!data) return LDNS_STATUS_MEM_ERR;
        i = 1;
        i = 1;
+
        for (str_i = 0; str_i < strlen(str); str_i++) {
                if (str[str_i] == '\\') {
                        /* octet value or literal char */
        for (str_i = 0; str_i < strlen(str); str_i++) {
                if (str[str_i] == '\\') {
                        /* octet value or literal char */
@@ -420,8 +436,9 @@ ldns_str2rdf_str(ldns_rdf **rd, const char *str)
        }
        data[0] = i - 1;
        *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_STR, i, data);
        }
        data[0] = i - 1;
        *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_STR, i, data);
+
        LDNS_FREE(data);
        LDNS_FREE(data);
-       return LDNS_STATUS_OK;
+       return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
 }
 
 ldns_status
 }
 
 ldns_status
@@ -461,13 +478,20 @@ ldns_str2rdf_apl(ldns_rdf **rd, const char *str)
        /* need ip addr and only ip addr for inet_pton */
        ip_str_len = (size_t) (strchr(my_str, '/') - my_str);
        my_ip_str = LDNS_XMALLOC(char, ip_str_len + 1);
        /* need ip addr and only ip addr for inet_pton */
        ip_str_len = (size_t) (strchr(my_str, '/') - my_str);
        my_ip_str = LDNS_XMALLOC(char, ip_str_len + 1);
+        if(!my_ip_str) return LDNS_STATUS_MEM_ERR;
        strncpy(my_ip_str, my_str, ip_str_len + 1);
        my_ip_str[ip_str_len] = '\0';
 
        if (family == 1) {
                /* ipv4 */
                afdpart = LDNS_XMALLOC(uint8_t, 4);
        strncpy(my_ip_str, my_str, ip_str_len + 1);
        my_ip_str[ip_str_len] = '\0';
 
        if (family == 1) {
                /* ipv4 */
                afdpart = LDNS_XMALLOC(uint8_t, 4);
+                if(!afdpart) {
+                        LDNS_FREE(my_ip_str);
+                        return LDNS_STATUS_MEM_ERR;
+                }
                if (inet_pton(AF_INET, my_ip_str, afdpart) == 0) {
                if (inet_pton(AF_INET, my_ip_str, afdpart) == 0) {
+                        LDNS_FREE(my_ip_str);
+                        LDNS_FREE(afdpart);
                        return LDNS_STATUS_INVALID_STR;
                }
                for (i = 0; i < 4; i++) {
                        return LDNS_STATUS_INVALID_STR;
                }
                for (i = 0; i < 4; i++) {
@@ -478,7 +502,13 @@ ldns_str2rdf_apl(ldns_rdf **rd, const char *str)
        } else if (family == 2) {
                /* ipv6 */
                afdpart = LDNS_XMALLOC(uint8_t, 16);
        } else if (family == 2) {
                /* ipv6 */
                afdpart = LDNS_XMALLOC(uint8_t, 16);
+                if(!afdpart) {
+                        LDNS_FREE(my_ip_str);
+                        return LDNS_STATUS_MEM_ERR;
+                }
                if (inet_pton(AF_INET6, my_ip_str, afdpart) == 0) {
                if (inet_pton(AF_INET6, my_ip_str, afdpart) == 0) {
+                        LDNS_FREE(my_ip_str);
+                        LDNS_FREE(afdpart);
                        return LDNS_STATUS_INVALID_STR;
                }
                for (i = 0; i < 16; i++) {
                        return LDNS_STATUS_INVALID_STR;
                }
                for (i = 0; i < 16; i++) {
@@ -496,6 +526,10 @@ ldns_str2rdf_apl(ldns_rdf **rd, const char *str)
        prefix = (uint8_t) atoi(my_str);
 
        data = LDNS_XMALLOC(uint8_t, 4 + afdlength);
        prefix = (uint8_t) atoi(my_str);
 
        data = LDNS_XMALLOC(uint8_t, 4 + afdlength);
+        if(!data) {
+               LDNS_FREE(my_ip_str);
+               return LDNS_STATUS_INVALID_STR;
+        }
        ldns_write_uint16(data, family);
        data[2] = prefix;
        data[3] = afdlength;
        ldns_write_uint16(data, family);
        data[2] = prefix;
        data[3] = afdlength;
@@ -511,7 +545,7 @@ ldns_str2rdf_apl(ldns_rdf **rd, const char *str)
        LDNS_FREE(data);
        LDNS_FREE(my_ip_str);
 
        LDNS_FREE(data);
        LDNS_FREE(my_ip_str);
 
-       return LDNS_STATUS_OK;
+       return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
 }
 
 ldns_status
 }
 
 ldns_status
@@ -521,6 +555,9 @@ ldns_str2rdf_b64(ldns_rdf **rd, const char *str)
        int16_t i;
 
        buffer = LDNS_XMALLOC(uint8_t, ldns_b64_ntop_calculate_size(strlen(str)));
        int16_t i;
 
        buffer = LDNS_XMALLOC(uint8_t, ldns_b64_ntop_calculate_size(strlen(str)));
+        if(!buffer) {
+                return LDNS_STATUS_MEM_ERR;
+        }
 
        i = (uint16_t)ldns_b64_pton((const char*)str, buffer,
                                                   ldns_b64_ntop_calculate_size(strlen(str)));
 
        i = (uint16_t)ldns_b64_pton((const char*)str, buffer,
                                                   ldns_b64_ntop_calculate_size(strlen(str)));
@@ -533,7 +570,7 @@ ldns_str2rdf_b64(ldns_rdf **rd, const char *str)
        }
        LDNS_FREE(buffer);
 
        }
        LDNS_FREE(buffer);
 
-       return LDNS_STATUS_OK;
+       return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
 }
 
 ldns_status
 }
 
 ldns_status
@@ -544,11 +581,15 @@ ldns_str2rdf_b32_ext(ldns_rdf **rd, const char *str)
        /* first byte contains length of actual b32 data */
        uint8_t len = ldns_b32_pton_calculate_size(strlen(str));
        buffer = LDNS_XMALLOC(uint8_t, len + 1);
        /* first byte contains length of actual b32 data */
        uint8_t len = ldns_b32_pton_calculate_size(strlen(str));
        buffer = LDNS_XMALLOC(uint8_t, len + 1);
+        if(!buffer) {
+                return LDNS_STATUS_MEM_ERR;
+        }
        buffer[0] = len;
 
        i = ldns_b32_pton_extended_hex((const char*)str, strlen(str), buffer + 1,
                                                         ldns_b32_ntop_calculate_size(strlen(str)));
        if (i < 0) {
        buffer[0] = len;
 
        i = ldns_b32_pton_extended_hex((const char*)str, strlen(str), buffer + 1,
                                                         ldns_b32_ntop_calculate_size(strlen(str)));
        if (i < 0) {
+                LDNS_FREE(buffer);
                return LDNS_STATUS_INVALID_B32_EXT;
        } else {
                *rd = ldns_rdf_new_frm_data(
                return LDNS_STATUS_INVALID_B32_EXT;
        } else {
                *rd = ldns_rdf_new_frm_data(
@@ -556,7 +597,7 @@ ldns_str2rdf_b32_ext(ldns_rdf **rd, const char *str)
        }
        LDNS_FREE(buffer);
 
        }
        LDNS_FREE(buffer);
 
-       return LDNS_STATUS_OK;
+       return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
 }
 
 ldns_status
 }
 
 ldns_status
@@ -572,6 +613,9 @@ ldns_str2rdf_hex(ldns_rdf **rd, const char *str)
                return LDNS_STATUS_LABEL_OVERFLOW;
        } else {
                t = LDNS_XMALLOC(uint8_t, (len / 2) + 1);
                return LDNS_STATUS_LABEL_OVERFLOW;
        } else {
                t = LDNS_XMALLOC(uint8_t, (len / 2) + 1);
+                if(!t) {
+                        return LDNS_STATUS_MEM_ERR;
+                }
                t_orig = t;
                /* Now process octet by octet... */
                while (*str) {
                t_orig = t;
                /* Now process octet by octet... */
                while (*str) {
@@ -585,6 +629,7 @@ ldns_str2rdf_hex(ldns_rdf **rd, const char *str)
                                                if (isxdigit((int) *str)) {
                                                        *t += ldns_hexdigit_to_int(*str) * i;
                                                } else {
                                                if (isxdigit((int) *str)) {
                                                        *t += ldns_hexdigit_to_int(*str) * i;
                                                } else {
+                                                        LDNS_FREE(t_orig);
                                                        return LDNS_STATUS_ERR;
                                                }
                                                ++str;
                                                        return LDNS_STATUS_ERR;
                                                }
                                                ++str;
@@ -598,7 +643,7 @@ ldns_str2rdf_hex(ldns_rdf **rd, const char *str)
                                            t_orig);
                LDNS_FREE(t_orig);
        }
                                            t_orig);
                LDNS_FREE(t_orig);
        }
-       return LDNS_STATUS_OK;
+       return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
 }
 
 ldns_status
 }
 
 ldns_status
@@ -610,7 +655,7 @@ ldns_str2rdf_nsec(ldns_rdf **rd, const char *str)
        ssize_t c;
        uint16_t cur_type;
        size_t type_count = 0;
        ssize_t c;
        uint16_t cur_type;
        size_t type_count = 0;
-       ldns_rr_type type_list[1024];
+       ldns_rr_type type_list[65536];
        if(!token) return LDNS_STATUS_MEM_ERR;
        if(rd == NULL) {
                LDNS_FREE(token);
        if(!token) return LDNS_STATUS_MEM_ERR;
        if(rd == NULL) {
                LDNS_FREE(token);
@@ -630,6 +675,11 @@ ldns_str2rdf_nsec(ldns_rdf **rd, const char *str)
        }
 
        while ((c = ldns_bget_token(str_buf, token, delimiters, LDNS_MAX_RDFLEN)) != -1 && c != 0) {
        }
 
        while ((c = ldns_bget_token(str_buf, token, delimiters, LDNS_MAX_RDFLEN)) != -1 && c != 0) {
+                if(type_count >= sizeof(type_list)) {
+                       LDNS_FREE(str_buf);
+                       LDNS_FREE(token);
+                        return LDNS_STATUS_ERR;
+                }
                cur_type = ldns_get_rr_type_by_name(token);
                type_list[type_count] = cur_type;
                type_count++;
                cur_type = ldns_get_rr_type_by_name(token);
                type_list[type_count] = cur_type;
                type_count++;
@@ -641,7 +691,7 @@ ldns_str2rdf_nsec(ldns_rdf **rd, const char *str)
 
        LDNS_FREE(token);
        ldns_buffer_free(str_buf);
 
        LDNS_FREE(token);
        ldns_buffer_free(str_buf);
-       return LDNS_STATUS_OK;
+       return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
 }
 
 ldns_status
 }
 
 ldns_status
@@ -652,7 +702,7 @@ ldns_str2rdf_type(ldns_rdf **rd, const char *str)
        /* ldns_rr_type is a 16 bit value */
        *rd = ldns_rdf_new_frm_data(
                LDNS_RDF_TYPE_TYPE, sizeof(uint16_t), &type);
        /* ldns_rr_type is a 16 bit value */
        *rd = ldns_rdf_new_frm_data(
                LDNS_RDF_TYPE_TYPE, sizeof(uint16_t), &type);
-       return LDNS_STATUS_OK;
+       return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
 }
 
 ldns_status
 }
 
 ldns_status
@@ -663,7 +713,7 @@ ldns_str2rdf_class(ldns_rdf **rd, const char *str)
        /* class is 16 bit */
        *rd = ldns_rdf_new_frm_data(
                LDNS_RDF_TYPE_CLASS, sizeof(uint16_t), &klass);
        /* class is 16 bit */
        *rd = ldns_rdf_new_frm_data(
                LDNS_RDF_TYPE_CLASS, sizeof(uint16_t), &klass);
-       return LDNS_STATUS_OK;
+       return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
 }
 
 /* An certificate alg field can either be specified as a 8 bits number
 }
 
 /* An certificate alg field can either be specified as a 8 bits number
@@ -942,6 +992,9 @@ east:
        }
 
        data = LDNS_XMALLOC(uint8_t, 16);
        }
 
        data = LDNS_XMALLOC(uint8_t, 16);
+        if(!data) {
+                return LDNS_STATUS_MEM_ERR;
+        }
        data[0] = 0;
        data[1] = 0;
        data[1] = ((size_b << 4) & 0xf0) | (size_e & 0x0f);
        data[0] = 0;
        data[1] = 0;
        data[1] = ((size_b << 4) & 0xf0) | (size_e & 0x0f);
@@ -955,7 +1008,7 @@ east:
                LDNS_RDF_TYPE_LOC, 16, data);
 
        LDNS_FREE(data);
                LDNS_RDF_TYPE_LOC, 16, data);
 
        LDNS_FREE(data);
-       return LDNS_STATUS_OK;
+       return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
 }
 
 ldns_status
 }
 
 ldns_status
@@ -1140,13 +1193,13 @@ ldns_str2rdf_ipseckey(ldns_rdf **rd, const char *str)
        while(ldns_bget_token(str_buf, token, "\t\n ", strlen(str)) > 0) {
                switch (token_count) {
                                case 0:
        while(ldns_bget_token(str_buf, token, "\t\n ", strlen(str)) > 0) {
                switch (token_count) {
                                case 0:
-                                       precedence = atoi(token);
+                                       precedence = (uint8_t)atoi(token);
                                        break;
                                case 1:
                                        break;
                                case 1:
-                                       gateway_type = atoi(token);
+                                       gateway_type = (uint8_t)atoi(token);
                                        break;
                                case 2:
                                        break;
                                case 2:
-                                       algorithm = atoi(token);
+                                       algorithm = (uint8_t)atoi(token);
                                        break;
                                case 3:
                                        gateway = strdup(token);
                                        break;
                                case 3:
                                        gateway = strdup(token);
@@ -1213,9 +1266,9 @@ ldns_str2rdf_ipseckey(ldns_rdf **rd, const char *str)
 
        /* now copy all into one ipseckey rdf */
        if (gateway_type)
 
        /* now copy all into one ipseckey rdf */
        if (gateway_type)
-               ipseckey_len = 3 + ldns_rdf_size(gateway_rdf) + ldns_rdf_size(publickey_rdf);
+               ipseckey_len = 3 + (int)ldns_rdf_size(gateway_rdf) + (int)ldns_rdf_size(publickey_rdf);
        else
        else
-               ipseckey_len = 3 + ldns_rdf_size(publickey_rdf);
+               ipseckey_len = 3 + (int)ldns_rdf_size(publickey_rdf);
 
        data = LDNS_XMALLOC(uint8_t, ipseckey_len);
        if(!data) {
 
        data = LDNS_XMALLOC(uint8_t, ipseckey_len);
        if(!data) {
index 4083960..7fcf21d 100644 (file)
@@ -66,6 +66,9 @@ ldns_tsig_prepare_pkt_wire(uint8_t *wire, size_t wire_len, size_t *result_len)
 
        ldns_status status;
 
 
        ldns_status status;
 
+        if(wire_len < LDNS_HEADER_SIZE) {
+                return NULL;
+        }
        /* fake parse the wire */
        qd_count = LDNS_QDCOUNT(wire);
        an_count = LDNS_ANCOUNT(wire);
        /* fake parse the wire */
        qd_count = LDNS_QDCOUNT(wire);
        an_count = LDNS_ANCOUNT(wire);
@@ -115,6 +118,9 @@ ldns_tsig_prepare_pkt_wire(uint8_t *wire, size_t wire_len, size_t *result_len)
 
        *result_len = pos;
        wire2 = LDNS_XMALLOC(uint8_t, *result_len);
 
        *result_len = pos;
        wire2 = LDNS_XMALLOC(uint8_t, *result_len);
+        if(!wire2) {
+                return NULL;
+        }
        memcpy(wire2, wire, *result_len);
 
        ldns_write_uint16(wire2 + LDNS_ARCOUNT_OFF, ar_count);
        memcpy(wire2, wire, *result_len);
 
        ldns_write_uint16(wire2 + LDNS_ARCOUNT_OFF, ar_count);
@@ -330,7 +336,6 @@ ldns_pkt_tsig_verify_next(ldns_pkt *pkt, uint8_t *wire, size_t wirelen, const ch
 #endif /* HAVE_SSL */
 
 #ifdef HAVE_SSL
 #endif /* HAVE_SSL */
 
 #ifdef HAVE_SSL
-/* TODO: memory :p */
 ldns_status
 ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data,
        uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac)
 ldns_status
 ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data,
        uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac)
@@ -361,11 +366,19 @@ ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_dat
        ldns_rdf *time_signed_rdf = NULL;
 
        algorithm_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, algorithm_name);
        ldns_rdf *time_signed_rdf = NULL;
 
        algorithm_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, algorithm_name);
+        if(!key_name_rdf || !algorithm_rdf) {
+                status = LDNS_STATUS_MEM_ERR;
+                goto clean;
+        }
 
        /* eww don't have create tsigtime rdf yet :( */
        /* bleh :p */
        if (gettimeofday(&tv_time_signed, NULL) == 0) {
                time_signed = LDNS_XMALLOC(uint8_t, 6);
 
        /* eww don't have create tsigtime rdf yet :( */
        /* bleh :p */
        if (gettimeofday(&tv_time_signed, NULL) == 0) {
                time_signed = LDNS_XMALLOC(uint8_t, 6);
+                if(!time_signed) {
+                        status = LDNS_STATUS_MEM_ERR;
+                        goto clean;
+                }
                ldns_write_uint64_as_uint48(time_signed,
                                (uint64_t)tv_time_signed.tv_sec);
        } else {
                ldns_write_uint64_as_uint48(time_signed,
                                (uint64_t)tv_time_signed.tv_sec);
        } else {
@@ -374,6 +387,11 @@ ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_dat
        }
 
        time_signed_rdf = ldns_rdf_new(LDNS_RDF_TYPE_TSIGTIME, 6, time_signed);
        }
 
        time_signed_rdf = ldns_rdf_new(LDNS_RDF_TYPE_TSIGTIME, 6, time_signed);
+        if(!time_signed_rdf) {
+                LDNS_FREE(time_signed);
+                status = LDNS_STATUS_MEM_ERR;
+                goto clean;
+        }
 
        fudge_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, fudge);
 
 
        fudge_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, fudge);
 
@@ -383,6 +401,11 @@ ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_dat
 
        other_data_rdf = ldns_native2rdf_int16_data(0, NULL);
 
 
        other_data_rdf = ldns_native2rdf_int16_data(0, NULL);
 
+        if(!fudge_rdf || !orig_id_rdf || !error_rdf || !other_data_rdf) {
+                status = LDNS_STATUS_MEM_ERR;
+                goto clean;
+        }
+
        if (ldns_pkt2wire(&pkt_wire, pkt, &pkt_wire_len) != LDNS_STATUS_OK) {
                status = LDNS_STATUS_ERR;
                goto clean;
        if (ldns_pkt2wire(&pkt_wire, pkt, &pkt_wire_len) != LDNS_STATUS_OK) {
                status = LDNS_STATUS_ERR;
                goto clean;
@@ -400,6 +423,10 @@ ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_dat
 
        /* Create the TSIG RR */
        tsig_rr = ldns_rr_new();
 
        /* Create the TSIG RR */
        tsig_rr = ldns_rr_new();
+        if(!tsig_rr) {
+                status = LDNS_STATUS_MEM_ERR;
+                goto clean;
+        }
        ldns_rr_set_owner(tsig_rr, key_name_rdf);
        ldns_rr_set_class(tsig_rr, LDNS_RR_CLASS_ANY);
        ldns_rr_set_type(tsig_rr, LDNS_RR_TYPE_TSIG);
        ldns_rr_set_owner(tsig_rr, key_name_rdf);
        ldns_rr_set_class(tsig_rr, LDNS_RR_CLASS_ANY);
        ldns_rr_set_type(tsig_rr, LDNS_RR_TYPE_TSIG);
@@ -418,6 +445,7 @@ ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_dat
        return status;
 
   clean:
        return status;
 
   clean:
+       LDNS_FREE(pkt_wire);
        ldns_rdf_free(key_name_rdf);
        ldns_rdf_free(algorithm_rdf);
        ldns_rdf_free(time_signed_rdf);
        ldns_rdf_free(key_name_rdf);
        ldns_rdf_free(algorithm_rdf);
        ldns_rdf_free(time_signed_rdf);
index 3b446ba..eb24f81 100644 (file)
@@ -111,7 +111,7 @@ ldns_set_bit(uint8_t *byte, int bit_nr, bool value)
                if (value) {
                        *byte = *byte | (0x01 << bit_nr);
                } else {
                if (value) {
                        *byte = *byte | (0x01 << bit_nr);
                } else {
-                       *byte = *byte & !(0x01 << bit_nr);
+                       *byte = *byte & ~(0x01 << bit_nr);
                }
        }
 }
                }
        }
 }
@@ -270,6 +270,9 @@ ldns_init_random(FILE *fd, unsigned int size)
        }
 
        seed = LDNS_XMALLOC(uint8_t, size);
        }
 
        seed = LDNS_XMALLOC(uint8_t, size);
+        if(!seed) {
+               return 1;
+        }
 
        if (!fd) {
                if ((rand_f = fopen("/dev/urandom", "r")) == NULL) {
 
        if (!fd) {
                if ((rand_f = fopen("/dev/urandom", "r")) == NULL) {
index 8cd02ad..917af8b 100644 (file)
@@ -344,8 +344,6 @@ ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl,
                        /* a normal RR - as sofar the DNS is normal */
                        if (!ldns_zone_push_rr(newzone, rr)) goto error;
 
                        /* a normal RR - as sofar the DNS is normal */
                        if (!ldns_zone_push_rr(newzone, rr)) goto error;
 
-                       /*my_origin = ldns_rr_owner(rr);*/
-                       my_ttl    = ldns_rr_ttl(rr);    /* XXX: this seems like an error */
                case LDNS_STATUS_SYNTAX_EMPTY:
                        /* empty line was seen */
                case LDNS_STATUS_SYNTAX_TTL:
                case LDNS_STATUS_SYNTAX_EMPTY:
                        /* empty line was seen */
                case LDNS_STATUS_SYNTAX_TTL: