interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Minor stub validation fixes and improvements

This commit is contained in:
Willem Toorop 2015-03-19 10:55:34 +01:00
parent d2345285a6
commit a53f50b530
1 changed files with 49 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
src/dnssec.c
View File

@ -64,10 +64,8 @@ struct validation_chain {
struct chain_response { struct chain_response {
int err; int err;
getdns_list *result; getdns_list *result;
int sec;
char *bogus;
struct validation_chain *chain; struct validation_chain *chain;
getdns_transaction_t transaction_id; getdns_dns_req *dns_req;
}; };
struct chain_link { struct chain_link {
@ -87,9 +85,10 @@ native_stub_validate_dnssec(getdns_dns_req *dns_req, getdns_list *support)
getdns_network_req *netreq, **netreq_p; getdns_network_req *netreq, **netreq_p;
getdns_list *trust_anchors; getdns_list *trust_anchors;
getdns_dict *reply = NULL; getdns_dict *reply = NULL;
getdns_dict *header;
getdns_list *to_validate; getdns_list *to_validate;
uint32_t rcode; getdns_list *list;
getdns_dict *rr_dict;
size_t i;
if (!(trust_anchors = getdns_root_trust_anchor(NULL))) if (!(trust_anchors = getdns_root_trust_anchor(NULL)))
return; return;
@ -98,16 +97,23 @@ native_stub_validate_dnssec(getdns_dns_req *dns_req, getdns_list *support)
if (!(reply = priv_getdns_create_reply_dict(dns_req->context, if (!(reply = priv_getdns_create_reply_dict(dns_req->context,
netreq, NULL, NULL))) netreq, NULL, NULL)))
continue; continue;
if (getdns_dict_get_dict(reply, "header", &header)) if (!(to_validate =
getdns_list_create_with_context(dns_req->context)))
break; break;
if (getdns_dict_get_int(header, "rcode", &rcode)) if (getdns_dict_get_list(reply, "answer", &list)) {
getdns_list_destroy(to_validate);
break; break;
if (rcode == GETDNS_RCODE_NXDOMAIN) { }
if (getdns_dict_get_list( for (i = 0; !getdns_list_get_dict(list, i, &rr_dict); i++)
reply, "authority", &to_validate)) (void) getdns_list_append_dict(to_validate, rr_dict);
break;
} else if (getdns_dict_get_list(reply, "answer", &to_validate)) if (getdns_dict_get_list(reply, "authority", &list)) {
getdns_list_destroy(to_validate);
break; break;
}
for (i = 0; !getdns_list_get_dict(list, i, &rr_dict); i++)
(void) getdns_list_append_dict(to_validate, rr_dict);
switch ((int)getdns_validate_dnssec( switch ((int)getdns_validate_dnssec(
to_validate, support, trust_anchors)) { to_validate, support, trust_anchors)) {
case GETDNS_DNSSEC_SECURE: case GETDNS_DNSSEC_SECURE:
@ -124,9 +130,11 @@ native_stub_validate_dnssec(getdns_dns_req *dns_req, getdns_list *support)
netreq->bogus = 0; netreq->bogus = 0;
break; break;
} }
getdns_list_destroy(to_validate);
getdns_dict_destroy(reply); getdns_dict_destroy(reply);
reply = NULL; reply = NULL;
} }
getdns_list_destroy(trust_anchors);
getdns_dict_destroy(reply); getdns_dict_destroy(reply);
} }
#endif #endif
@ -195,9 +203,10 @@ chain_response_callback(struct getdns_dns_req *dns_req)
getdns_dict *rr_dict; getdns_dict *rr_dict;
getdns_list *keys; getdns_list *keys;
size_t nkeys; size_t nkeys;
getdns_return_t r;
if (dns_req == NULL || response->dns_req = dns_req;
!(keys = getdns_list_create_with_context(context))) if (!(keys = getdns_list_create_with_context(context)))
goto done; goto done;
for (netreq_p = dns_req->netreqs; (netreq = *netreq_p); netreq_p++) { for (netreq_p = dns_req->netreqs; (netreq = *netreq_p); netreq_p++) {
@ -218,8 +227,9 @@ chain_response_callback(struct getdns_dns_req *dns_req)
if (!(rr_dict = priv_getdns_rr_iter2rr_dict( if (!(rr_dict = priv_getdns_rr_iter2rr_dict(
context, rr_iter))) context, rr_iter)))
continue; continue;
if (getdns_list_append_dict(keys, rr_dict)) r = getdns_list_append_dict(keys, rr_dict);
break; getdns_dict_destroy(rr_dict);
if (r) break;
} }
if (rr_type != GETDNS_RRTYPE_RRSIG) if (rr_type != GETDNS_RRTYPE_RRSIG)
continue; continue;
@ -241,8 +251,9 @@ chain_response_callback(struct getdns_dns_req *dns_req)
if (!(rr_dict = priv_getdns_rr_iter2rr_dict( if (!(rr_dict = priv_getdns_rr_iter2rr_dict(
context, rr_iter))) context, rr_iter)))
continue; continue;
if (getdns_list_append_dict(keys, rr_dict)) r = getdns_list_append_dict(keys, rr_dict);
break; getdns_dict_destroy(rr_dict);
if (r) break;
} }
} }
if (getdns_list_get_length(keys, &nkeys)) if (getdns_list_get_length(keys, &nkeys))
@ -256,22 +267,17 @@ chain_response_callback(struct getdns_dns_req *dns_req)
done: if (response->err == 0 && response->result == NULL) done: if (response->err == 0 && response->result == NULL)
response->err = -1; response->err = -1;
if (dns_req) {
getdns_context_clear_outbound_request(dns_req);
dns_req_free(dns_req);
}
callback_on_complete_chain(response->chain); callback_on_complete_chain(response->chain);
} }
static void chain_response_init( static void chain_response_init(
struct validation_chain *chain, struct chain_response *response) struct validation_chain *chain, struct chain_response *response)
{ {
response->err = 0; response->err = 0;
response->result = NULL; response->result = NULL;
response->sec = 0; response->chain = chain;
response->bogus = NULL; response->dns_req = NULL;
response->chain = chain;
response->transaction_id = -1;
} }
static int static int
@ -289,8 +295,7 @@ resolve(char* name, int rrtype, struct chain_response *response)
r = priv_getdns_general_loop(response->chain->dns_req->context, r = priv_getdns_general_loop(response->chain->dns_req->context,
response->chain->dns_req->loop, name, rrtype, extensions, response->chain->dns_req->loop, name, rrtype, extensions,
response, &response->transaction_id, NULL, response, NULL, NULL, chain_response_callback);
chain_response_callback);
getdns_dict_destroy(extensions); getdns_dict_destroy(extensions);
return r; return r;
@ -367,8 +372,17 @@ static void destroy_chain_link(getdns_rbnode_t * node, void *arg)
struct validation_chain *chain = (struct validation_chain*) arg; struct validation_chain *chain = (struct validation_chain*) arg;
free((void *)link->node.key); free((void *)link->node.key);
getdns_list_destroy(link->DNSKEY.result); getdns_list_destroy(link->DNSKEY.result);
if (link->DNSKEY.dns_req) {
getdns_context_clear_outbound_request(link->DNSKEY.dns_req);
dns_req_free(link->DNSKEY.dns_req);
}
getdns_list_destroy(link->DS.result); getdns_list_destroy(link->DS.result);
if (link->DS.dns_req) {
getdns_context_clear_outbound_request(link->DS.dns_req);
dns_req_free(link->DS.dns_req);
}
GETDNS_FREE(chain->mf, link); GETDNS_FREE(chain->mf, link);
} }
@ -851,7 +865,7 @@ priv_getdns_parse_ta_file(time_t *ta_mtime, getdns_list *ta_rrs)
size_t len, dname_len; size_t len, dname_len;
FILE *in; FILE *in;
priv_getdns_rr_iter rr_iter; priv_getdns_rr_iter rr_iter;
getdns_dict *rr_dict; getdns_dict *rr_dict = NULL;
int ta_count = 0; int ta_count = 0;
if (stat(TRUST_ANCHOR_FILE, &st) != 0) if (stat(TRUST_ANCHOR_FILE, &st) != 0)
@ -888,8 +902,12 @@ priv_getdns_parse_ta_file(time_t *ta_mtime, getdns_list *ta_rrs)
break; break;
if (ta_rrs && getdns_list_append_dict(ta_rrs, rr_dict)) if (ta_rrs && getdns_list_append_dict(ta_rrs, rr_dict))
break; break;
getdns_dict_destroy(rr_dict);
rr_dict = NULL;
ta_count++; ta_count++;
} }
if (rr_dict)
getdns_dict_destroy(rr_dict);
fclose(in); fclose(in);
return ta_count; return ta_count;