interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'develop' into features/conversion_functions

This commit is contained in:
Willem Toorop 2015-12-16 12:42:32 +01:00
parent b0aae6b51d 1ef4db8e9d
commit e747efe415
2 changed files with 50 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
src/dnssec.c
View File

@ -1653,6 +1653,10 @@ static int _getdns_verify_rrsig(struct mem_funcs *mf,
if (!_dnssec_rdata_to_canonicalize(rrset->rr_type)) if (!_dnssec_rdata_to_canonicalize(rrset->rr_type))
for (i = 0; i < n_rrs; i++) { for (i = 0; i < n_rrs; i++) {
if (i && !_rr_iter_rdata_cmp(
&val_rrset[i], &val_rrset[i-1]))
continue;
gldns_buffer_write(&valbuf, owner, owner_len); gldns_buffer_write(&valbuf, owner, owner_len);
gldns_buffer_write_u16(&valbuf, rrset->rr_type); gldns_buffer_write_u16(&valbuf, rrset->rr_type);
gldns_buffer_write_u16(&valbuf, rrset->rr_class); gldns_buffer_write_u16(&valbuf, rrset->rr_class);
@ -1661,6 +1665,8 @@ static int _getdns_verify_rrsig(struct mem_funcs *mf,
val_rrset[i].nxt - val_rrset[i].rr_type - 8); val_rrset[i].nxt - val_rrset[i].rr_type - 8);
} }
else for (i = 0; i < n_rrs; i++) { else for (i = 0; i < n_rrs; i++) {
if (i && !_rr_iter_rdata_cmp(&val_rrset[i], &val_rrset[i-1]))
continue;
gldns_buffer_write(&valbuf, owner, owner_len); gldns_buffer_write(&valbuf, owner, owner_len);
gldns_buffer_write_u16(&valbuf, rrset->rr_type); gldns_buffer_write_u16(&valbuf, rrset->rr_type);
gldns_buffer_write_u16(&valbuf, rrset->rr_class); gldns_buffer_write_u16(&valbuf, rrset->rr_class);
@ -1688,8 +1694,9 @@ static int _getdns_verify_rrsig(struct mem_funcs *mf,
} }
DEBUG_SEC( "written to valbuf: %zu bytes\n" DEBUG_SEC( "written to valbuf: %zu bytes\n"
, gldns_buffer_position(&valbuf)); , gldns_buffer_position(&valbuf));
assert(gldns_buffer_position(&valbuf) == valbuf_sz); assert(gldns_buffer_position(&valbuf) <= valbuf_sz);
gldns_buffer_flip(&valbuf);
r = _getdns_verify_canonrrset(&valbuf, key->rr_i.rr_type[13], r = _getdns_verify_canonrrset(&valbuf, key->rr_i.rr_type[13],
(UNCONST_UINT8_p)signer->nxt, rrsig->rr_i.nxt - signer->nxt, (UNCONST_UINT8_p)signer->nxt, rrsig->rr_i.nxt - signer->nxt,
(UNCONST_UINT8_p)key->rr_i.rr_type+14, (UNCONST_UINT8_p)key->rr_i.rr_type+14,
@ -1697,8 +1704,12 @@ static int _getdns_verify_rrsig(struct mem_funcs *mf,
&reason); &reason);
#if defined(SEC_DEBUG) && SEC_DEBUG #if defined(SEC_DEBUG) && SEC_DEBUG
if (r == 0) if (r == 0) {
DEBUG_SEC("verification failed: %s\n", reason); DEBUG_SEC("verification failed: %s\n", reason);
debug_sec_print_rrset("verification failed: ", rrset);
debug_sec_print_rr("verification failed: ", &rrsig->rr_i);
debug_sec_print_rr("verification failed: ", &key->rr_i);
}
#endif #endif
if (val_rrset != val_rrset_spc) if (val_rrset != val_rrset_spc)
GETDNS_FREE(*mf, val_rrset); GETDNS_FREE(*mf, val_rrset);
@ -2797,7 +2808,7 @@ static int chain_head_validate_with_ta(struct mem_funcs *mf,
if ((s = chain_node_get_trusted_keys( if ((s = chain_node_get_trusted_keys(
mf, now, skew, head->parent, ta, &keys)) != GETDNS_DNSSEC_SECURE) mf, now, skew, head->parent, ta, &keys)) != GETDNS_DNSSEC_SECURE)
return s; return s;
if (rrset_has_rrs(&head->rrset)) { if (rrset_has_rrs(&head->rrset)) {
if ((keytag = a_key_signed_rrset( if ((keytag = a_key_signed_rrset(
@ -3011,6 +3022,26 @@ static size_t count_outstanding_requests(chain_head *head)
return count + count_outstanding_requests(head->next); return count + count_outstanding_requests(head->next);
} }
static int rrset_in_list(getdns_rrset *rrset, getdns_list *list)
{
size_t i;
getdns_dict *rr_dict;
uint32_t rr_type;
uint32_t rr_class;
getdns_bindata *name;
for (i = 0; !getdns_list_get_dict(list, i, &rr_dict); i++) {
if (!getdns_dict_get_int(rr_dict, "type", &rr_type) &&
rrset->rr_type == rr_type &&
!getdns_dict_get_int(rr_dict, "class", &rr_class) &&
rrset->rr_class == rr_class &&
!getdns_dict_get_bindata(rr_dict, "name", &name) &&
dname_compare(rrset->name, name->data) == 0)
return 1;
}
return 0;
}
static void append_rrs2val_chain_list(getdns_context *ctxt, static void append_rrs2val_chain_list(getdns_context *ctxt,
getdns_list *val_chain_list, getdns_network_req *netreq, int signer) getdns_list *val_chain_list, getdns_network_req *netreq, int signer)
{ {
@ -3026,10 +3057,14 @@ static void append_rrs2val_chain_list(getdns_context *ctxt,
rrset = rrset_iter_value(i); rrset = rrset_iter_value(i);
if (rrset->rr_type != GETDNS_RRTYPE_DNSKEY && if (rrset->rr_type == GETDNS_RRTYPE_NSEC ||
rrset->rr_type != GETDNS_RRTYPE_DS && rrset->rr_type == GETDNS_RRTYPE_NSEC3) {
rrset->rr_type != GETDNS_RRTYPE_NSEC &&
rrset->rr_type != GETDNS_RRTYPE_NSEC3) if (rrset_in_list(rrset, val_chain_list))
continue;
} else if (rrset->rr_type != GETDNS_RRTYPE_DNSKEY &&
rrset->rr_type != GETDNS_RRTYPE_DS)
continue; continue;
for ( rr = rrtype_iter_init(&rr_spc, rrset) for ( rr = rrtype_iter_init(&rr_spc, rrset)

14
src/rr-dict.c
View File

@ -1165,11 +1165,11 @@ _getdns_rr_dict2wire(const getdns_dict *rr_dict, gldns_buffer *buf)
assert(buf); assert(buf);
if ((r = getdns_dict_get_bindata(rr_dict, "name", &name))) if ((r = getdns_dict_get_bindata(rr_dict, "name", &name)))
goto error; return r;
gldns_buffer_write(buf, name->data, name->size); gldns_buffer_write(buf, name->data, name->size);
if ((r = getdns_dict_get_int(rr_dict, "type", &rr_type))) if ((r = getdns_dict_get_int(rr_dict, "type", &rr_type)))
goto error; return r;
gldns_buffer_write_u16(buf, (uint16_t)rr_type); gldns_buffer_write_u16(buf, (uint16_t)rr_type);
(void) getdns_dict_get_int(rr_dict, "class", &rr_class); (void) getdns_dict_get_int(rr_dict, "class", &rr_class);
@ -1190,10 +1190,13 @@ _getdns_rr_dict2wire(const getdns_dict *rr_dict, gldns_buffer *buf)
break; break;
} }
if ((r = getdns_dict_get_dict(rr_dict, "rdata", &rdata))) if ((r = getdns_dict_get_dict(rr_dict, "rdata", &rdata))) {
goto error; if (r == GETDNS_RETURN_NO_SUCH_DICT_NAME) {
gldns_buffer_write_u16(buf, 0);
r = GETDNS_RETURN_GOOD;
}
if (n_rdata_fields == 0 && GETDNS_RETURN_GOOD == } else if (n_rdata_fields == 0 && GETDNS_RETURN_GOOD ==
(r = getdns_dict_get_bindata(rdata, "rdata_raw", &rdata_raw))) { (r = getdns_dict_get_bindata(rdata, "rdata_raw", &rdata_raw))) {
gldns_buffer_write_u16(buf, (uint16_t)rdata_raw->size); gldns_buffer_write_u16(buf, (uint16_t)rdata_raw->size);
@ -1246,7 +1249,6 @@ _getdns_rr_dict2wire(const getdns_dict *rr_dict, gldns_buffer *buf)
gldns_buffer_write_u16_at(buf, rdata_size_mark, gldns_buffer_write_u16_at(buf, rdata_size_mark,
(uint16_t)(gldns_buffer_position(buf)-rdata_size_mark-2)); (uint16_t)(gldns_buffer_position(buf)-rdata_size_mark-2));
} }
error:
return r; return r;
} }