interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Determine validation buffer size

This commit is contained in:
Willem Toorop 2015-09-21 17:13:44 +02:00
parent bf7f44dcb7
commit e47bd33ec0
1 changed files with 53 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
src/dnssec.c
View File

@ -1397,6 +1397,44 @@ static ldns_rr_list *rrset2ldns_rr_list(getdns_rrset *rrset)
} }
static size_t _rr_uncompressed_rdata_size(rrtype_iter *rr)
{
_getdns_rdf_iter *rdf, rdf_spc;
uint8_t decompressed[256];
size_t sz = 0, decompressed_sz;
for ( rdf = _getdns_rdf_iter_init(&rdf_spc, &rr->rr_i)
; rdf
; rdf = _getdns_rdf_iter_next(rdf)) {
if ((rdf->rdd_pos->type & GETDNS_RDF_N_C) == GETDNS_RDF_N_C) {
decompressed_sz = sizeof(decompressed);
(void) _getdns_rdf_if_or_as_decompressed(
rdf, decompressed, &decompressed_sz);
sz += decompressed_sz;
} else
sz += rdf->nxt - rdf->pos;
}
return sz;
}
static size_t _rr_rdata_size(rrtype_iter *rr)
{
const _getdns_rr_def *rr_def;
size_t i;
rr_def = _getdns_rr_def_lookup(gldns_read_uint16(rr->rr_i.rr_type));
for (i = 0; i < rr_def->n_rdata_fields; i++)
if ((rr_def->rdata[i].type & GETDNS_RDF_N_C) == GETDNS_RDF_N_C)
return _rr_uncompressed_rdata_size(rr);
/* assert(gldns_read_uint16(rr->rr_type+8) == rr->nxt-rr->rr_type-10);
*/
return rr->rr_i.nxt - rr->rr_i.rr_type - 10;
}
/* Verifies the signature rrsig for rrset rrset with key key. /* Verifies the signature rrsig for rrset rrset with key key.
* When the rrset was a wildcard expansion (rrsig labels < labels owner name), * When the rrset was a wildcard expansion (rrsig labels < labels owner name),
* nc_name will be set to the next closer (within rrset->name). * nc_name will be set to the next closer (within rrset->name).
@ -1413,19 +1451,30 @@ static int _getdns_verify_rrsig(struct mem_funcs *mf,
_getdns_rr_iter val_rrset_spc[VAL_RRSET_SPC_SZ]; _getdns_rr_iter val_rrset_spc[VAL_RRSET_SPC_SZ];
_getdns_rr_iter *val_rrset = val_rrset_spc; _getdns_rr_iter *val_rrset = val_rrset_spc;
rrtype_iter rr_spc, *rr; rrtype_iter rr_spc, *rr;
size_t i, valbuf_sz; size_t i, valbuf_sz, owner_len;
_getdns_rdf_iter *rdf, rdf_spc;
/* nc_name should already have been initialized by the parent! */ /* nc_name should already have been initialized by the parent! */
assert(nc_name); assert(nc_name);
assert(!*nc_name); assert(!*nc_name);
if (!(rdf = _getdns_rdf_iter_init_at(&rdf_spc, &rrsig->rr_i, 7)))
return 0;
valbuf_sz = rdf->nxt - rrsig->rr_i.rr_type - 10;
owner_len = _dname_len(rrset->name);
do { do {
for ( rr = rrtype_iter_init(&rr_spc, rrset), i = 0 for ( rr = rrtype_iter_init(&rr_spc, rrset), i = 0
; rr ; rr
; rr = rrtype_iter_next(rr), i++) { ; rr = rrtype_iter_next(rr), i++) {
if (val_rrset == val_rrset_spc) { if (val_rrset == val_rrset_spc) {
valbuf_sz += 0; valbuf_sz += owner_len
+ 2 /* type */
+ 2 /* class */
+ 4 /* Orig TTL */
+ 2 /* Rdata len */
+ _rr_rdata_size(rr);
if (i < VAL_RRSET_SPC_SZ) if (i < VAL_RRSET_SPC_SZ)
val_rrset[i] = rr->rr_i; val_rrset[i] = rr->rr_i;
} else } else
@ -1437,6 +1486,8 @@ static int _getdns_verify_rrsig(struct mem_funcs *mf,
continue; continue;
} }
} while (0); } while (0);
DEBUG_SEC( "sizes: %zu rrs, %zu bytes for validation buffer\n"
, i, valbuf_sz);
r = rrset_l && rrsig_l && key_l && r = rrset_l && rrsig_l && key_l &&
ldns_verify_rrsig(rrset_l, rrsig_l, key_l) == LDNS_STATUS_OK; ldns_verify_rrsig(rrset_l, rrsig_l, key_l) == LDNS_STATUS_OK;