From a0ae177dc1a9ad83bbda1539d44da0a542966045 Mon Sep 17 00:00:00 2001
From: Enji Cooper <yaneurabeya@gmail.com>
Date: Wed, 5 Jun 2024 22:13:03 -0700
Subject: [PATCH 1/4] Ignore build generated files

This change ignores several files which are generated by autotools, et
al.

Signed-off-by: Enji Cooper <yaneurabeya@gmail.com>
---
 .gitignore | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.gitignore b/.gitignore
index dde1dc46..7ab36ac3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,6 +17,7 @@
 /compat/strlcpy.lo
 /compat/timegm.o
 /compat/timegm.lo
+/compile
 /config.guess
 /config.h
 /config.log
@@ -158,10 +159,12 @@
 /ldns/config.h
 /ldns/config.h.in
 /ldns/net.h
+/ldns/stamp-h1
 /ldns/util.h
 /ldns_wrapper.lo
 /ldns_wrapper.o
 /lib
+/libdns.doxygen
 /libldns.la
 /libtool
 /linktest
@@ -170,6 +173,7 @@
 /ltmain.sh
 /m4/lt*.m4
 /m4/libtool.m4
+/missing
 /net.lo
 /net.o
 /packaging/ldns-config

From d97c5392e720c3c5905e88c1291e0f135185c73f Mon Sep 17 00:00:00 2001
From: Enji Cooper <yaneurabeya@gmail.com>
Date: Wed, 5 Jun 2024 22:19:43 -0700
Subject: [PATCH 2/4] Fix typos (`the the` -> `the`)

Signed-off-by: Enji Cooper <yaneurabeya@gmail.com>
---
 README.snapshots | 2 +-
 dnssec.c         | 2 +-
 ldns/parse.h     | 6 +++---
 ldns/radix.h     | 2 +-
 ldns/rdata.h     | 2 +-
 lua/rns-specs    | 2 +-
 pcat/pcat-diff.1 | 2 +-
 7 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/README.snapshots b/README.snapshots
index 891fcca1..df7ee003 100644
--- a/README.snapshots
+++ b/README.snapshots
@@ -3,6 +3,6 @@ ldns - snapshot releases
 Snapshot releases are not official released. They can be released to
 interested parties for development.
 
-Snapshots can be recognized from the date in the the tar file name.
+Snapshots can be recognized from the date in the tar file name.
 
 They should not be used for packaging in distributions.
diff --git a/dnssec.c b/dnssec.c
index fbaa518a..9055284c 100644
--- a/dnssec.c
+++ b/dnssec.c
@@ -959,7 +959,7 @@ ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs)
 {
 	/* we do not do any check here - garbage in, garbage out */
 
-	/* the the start and end names - get the type from the
+	/* the start and end names - get the type from the
 	 * before rrlist */
 
 	/* inefficient, just give it a name, a next name, and a list of rrs */
diff --git a/ldns/parse.h b/ldns/parse.h
index 3c3df18b..97d0d8ec 100644
--- a/ldns/parse.h
+++ b/ldns/parse.h
@@ -131,7 +131,7 @@ ssize_t ldns_bget_token(ldns_buffer *b, char *token, const char *delim, size_t l
  * \param[in] k_del keyword delimiter 
  * \param[out] data the data found 
  * \param[in] d_del the data delimiter
- * \param[in] data_limit maximum size the the data buffer
+ * \param[in] data_limit maximum size the data buffer
  * \return the number of character read
  */
 ssize_t ldns_fget_keyword_data(FILE *f, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit);
@@ -144,7 +144,7 @@ ssize_t ldns_fget_keyword_data(FILE *f, const char *keyword, const char *k_del,
  * \param[in] k_del keyword delimiter 
  * \param[out] data the data found 
  * \param[in] d_del the data delimiter
- * \param[in] data_limit maximum size the the data buffer
+ * \param[in] data_limit maximum size the data buffer
  * \param[in] line_nr pointer to an integer containing the current line number (for
 debugging purposes)
  * \return the number of character read
@@ -159,7 +159,7 @@ ssize_t ldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_del
  * \param[in] k_del keyword delimiter 
  * \param[out] data the data found 
  * \param[in] d_del the data delimiter
- * \param[in] data_limit maximum size the the data buffer
+ * \param[in] data_limit maximum size the data buffer
  * \return the number of character read
  */
 ssize_t ldns_bget_keyword_data(ldns_buffer *b, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit);
diff --git a/ldns/radix.h b/ldns/radix.h
index 4cb42b48..f7a253dd 100644
--- a/ldns/radix.h
+++ b/ldns/radix.h
@@ -74,7 +74,7 @@ struct ldns_radix_node_t {
 	void* data;
 	/** Parent node. */
 	ldns_radix_node_t* parent;
-	/** Index in the the parent node select edge array. */
+	/** Index in the parent node select edge array. */
 	uint8_t parent_index;
 	/** Length of the array. */
 	uint16_t len;
diff --git a/ldns/rdata.h b/ldns/rdata.h
index c8a0396c..1e2fd397 100644
--- a/ldns/rdata.h
+++ b/ldns/rdata.h
@@ -243,7 +243,7 @@ size_t ldns_rdf_size(const ldns_rdf *rd);
 
 /**
  * returns the type of the rdf. We need to insert _get_
- * here to prevent conflict the the rdf_type TYPE.
+ * here to prevent conflict the rdf_type TYPE.
  * \param[in] *rd the rdf to read from
  * \return ldns_rdf_type with the type
  */
diff --git a/lua/rns-specs b/lua/rns-specs
index cc25c790..6aa43990 100644
--- a/lua/rns-specs
+++ b/lua/rns-specs
@@ -85,7 +85,7 @@ freedom in the packet mangling. (ghe ghe :-) )
 
 To keep matters interesting some sort of randomness is required in some
 step, otherwise each packet is mangled in the same way. Also this
-randomness together with the Lua script needs to be logged so the the 
+randomness together with the Lua script needs to be logged so the 
 actual mangling can be replayed.
 
 :Packet Mangling: address the different elements:
diff --git a/pcat/pcat-diff.1 b/pcat/pcat-diff.1
index 3f5a5a8d..5f7cd635 100644
--- a/pcat/pcat-diff.1
+++ b/pcat/pcat-diff.1
@@ -9,7 +9,7 @@ pcat-diff \- show the difference between two pcat files.
 
 .SH DESCRIPTION
 \fBpcat-diff\fR reads in two pcat files and show the differences
-between the them.
+between them.
 Its output is another pcat stream which can then be interpreted by
 pcat-print.
 

From 5afb814854322854425320b781e286b79a1be7ea Mon Sep 17 00:00:00 2001
From: Enji Cooper <yaneurabeya@gmail.com>
Date: Wed, 5 Jun 2024 22:25:36 -0700
Subject: [PATCH 3/4] ldns_convert_dsa_rrsig_rdf2asn1: fix memory leak

Prior to this change `dsasig` was not freed when calling `DSA_SIG_set0`
failed. Free `dsasig` on error in that code path now.

Reported by:	Coverity
Signed-off-by: Enji Cooper <yaneurabeya@gmail.com>
---
 dnssec.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/dnssec.c b/dnssec.c
index 9055284c..0a7beb4e 100644
--- a/dnssec.c
+++ b/dnssec.c
@@ -1836,8 +1836,10 @@ ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
 		return LDNS_STATUS_MEM_ERR;
 	}
 # ifdef HAVE_DSA_SIG_SET0
-       if (! DSA_SIG_set0(dsasig, R, S))
-	       return LDNS_STATUS_SSL_ERR;
+	if (! DSA_SIG_set0(dsasig, R, S)) {
+		DSA_SIG_free(dsasig);
+		return LDNS_STATUS_SSL_ERR;
+	}
 # else
 	dsasig->r = R;
 	dsasig->s = S;

From 388e124841c208b3e8dc39c804e7f3679d30e706 Mon Sep 17 00:00:00 2001
From: Enji Cooper <yaneurabeya@gmail.com>
Date: Wed, 5 Jun 2024 22:27:34 -0700
Subject: [PATCH 4/4] ldns_dane_match_any_cert_with_data: fix types

Both `i` and `n` should match the return type for `sk_X509_num` (which
is `int`, not `size_t`). This addresses a potential issue where
`sk_X509_num(..)` could return -1, resulting in an unnecessary number of
loop iterations and undesirable behavior.

Reported by:	Coverity
Signed-off-by: Enji Cooper <yaneurabeya@gmail.com>
---
 dane.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dane.c b/dane.c
index b8487b53..1bf4862f 100644
--- a/dane.c
+++ b/dane.c
@@ -625,10 +625,10 @@ ldns_dane_match_any_cert_with_data(STACK_OF(X509)* chain,
 		ldns_rdf* data, bool ca)
 {
 	ldns_status s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
-	size_t n, i;
+	int n, i;
 	X509* cert;
 
-	n = (size_t)sk_X509_num(chain);
+	n = sk_X509_num(chain);
 	for (i = 0; i < n; i++) {
 		cert = sk_X509_pop(chain);
 		if (! cert) {