[ipfire-2.x.git] / src / patches / dnsmasq / 0103-Handle-corner-cases-in-NSEC-coverage-checks.patch

From 4d25cf89d51c635af0a23c0ca3425c7aadbc0b55 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Sat, 6 Jun 2015 23:13:57 +0100
Subject: [PATCH 103/113] Handle corner cases in NSEC coverage checks.

---
 src/dnssec.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/dnssec.c b/src/dnssec.c
index e91d7c2cf040..93217b05a846 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -1493,13 +1493,13 @@ static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsi
 	{
 	  /* Normal case, name falls between NSEC name and next domain name,
 	     wrap around case, name falls between NSEC name (rc == -1) and end */
-	  if (hostname_cmp(workspace2, name) == 1 || hostname_cmp(workspace1, workspace2) == 1)
+	  if (hostname_cmp(workspace2, name) >= 0 || hostname_cmp(workspace1, workspace2) >= 0)
 	    return STAT_SECURE;
 	}
       else 
 	{
 	  /* wrap around case, name falls between start and next domain name */
-	  if (hostname_cmp(workspace1, workspace2) == 1 && hostname_cmp(workspace2, name) == 1)
+	  if (hostname_cmp(workspace1, workspace2) >= 0 && hostname_cmp(workspace2, name) >=0 )
 	    return STAT_SECURE;
 	}
     }
@@ -1632,17 +1632,17 @@ static int check_nsec3_coverage(struct dns_header *header, size_t plen, int dige
 
 		return 1;
 	      }
-	    else if (rc <= 0)
+	    else if (rc < 0)
 	      {
 		/* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
 		   wrap around case, name-hash falls between NSEC3 name-hash and end */
-		if (memcmp(p, digest, digest_len) > 0 || memcmp(workspace2, p, digest_len) > 0)
+		if (memcmp(p, digest, digest_len) >= 0 || memcmp(workspace2, p, digest_len) >= 0)
 		  return 1;
 	      }
 	    else 
 	      {
 		/* wrap around case, name falls between start and next domain name */
-		if (memcmp(workspace2, p, digest_len) > 0 && memcmp(p, digest, digest_len) > 0)
+		if (memcmp(workspace2, p, digest_len) >= 0 && memcmp(p, digest, digest_len) >= 0)
 		  return 1;
 	      }
 	  }
-- 
2.1.0
Commit	Line	Data
697b4f04 MT	1	From 4d25cf89d51c635af0a23c0ca3425c7aadbc0b55 Mon Sep 17 00:00:00 2001
	2	From: Simon Kelley <simon@thekelleys.org.uk>
	3	Date: Sat, 6 Jun 2015 23:13:57 +0100
	4	Subject: [PATCH 103/113] Handle corner cases in NSEC coverage checks.
	5
	6	---
	7	src/dnssec.c \| 10 +++++-----
	8	1 file changed, 5 insertions(+), 5 deletions(-)
	9
	10	diff --git a/src/dnssec.c b/src/dnssec.c
	11	index e91d7c2cf040..93217b05a846 100644
	12	--- a/src/dnssec.c
	13	+++ b/src/dnssec.c
	14	@@ -1493,13 +1493,13 @@ static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsi
	15	{
	16	/* Normal case, name falls between NSEC name and next domain name,
	17	wrap around case, name falls between NSEC name (rc == -1) and end */
	18	- if (hostname_cmp(workspace2, name) == 1 \|\| hostname_cmp(workspace1, workspace2) == 1)
	19	+ if (hostname_cmp(workspace2, name) >= 0 \|\| hostname_cmp(workspace1, workspace2) >= 0)
	20	return STAT_SECURE;
	21	}
	22	else
	23	{
	24	/* wrap around case, name falls between start and next domain name */
	25	- if (hostname_cmp(workspace1, workspace2) == 1 && hostname_cmp(workspace2, name) == 1)
	26	+ if (hostname_cmp(workspace1, workspace2) >= 0 && hostname_cmp(workspace2, name) >=0 )
	27	return STAT_SECURE;
	28	}
	29	}
	30	@@ -1632,17 +1632,17 @@ static int check_nsec3_coverage(struct dns_header *header, size_t plen, int dige
	31
	32	return 1;
	33	}
	34	- else if (rc <= 0)
	35	+ else if (rc < 0)
	36	{
	37	/* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
	38	wrap around case, name-hash falls between NSEC3 name-hash and end */
	39	- if (memcmp(p, digest, digest_len) > 0 \|\| memcmp(workspace2, p, digest_len) > 0)
	40	+ if (memcmp(p, digest, digest_len) >= 0 \|\| memcmp(workspace2, p, digest_len) >= 0)
	41	return 1;
	42	}
	43	else
	44	{
	45	/* wrap around case, name falls between start and next domain name */
	46	- if (memcmp(workspace2, p, digest_len) > 0 && memcmp(p, digest, digest_len) > 0)
	47	+ if (memcmp(workspace2, p, digest_len) >= 0 && memcmp(p, digest, digest_len) >= 0)
	48	return 1;
	49	}
	50	}
	51	--
	52	2.1.0
	53