]> git.ipfire.org Git - people/meitelwein/ipfire-2.x.git/blobdiff - src/patches/dnsmasq/023-Fix_brace_botch_in_dnssec_validate_ds.patch
projects / people / meitelwein / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
dnsmasq 2.75: latest upstream patches ;-)
[people/meitelwein/ipfire-2.x.git] / src / patches / dnsmasq / 023-Fix_brace_botch_in_dnssec_validate_ds.patch
diff --git a/src/patches/dnsmasq/023-Fix_brace_botch_in_dnssec_validate_ds.patch b/src/patches/dnsmasq/023-Fix_brace_botch_in_dnssec_validate_ds.patch
new file mode 100644 (file)
index 0000000..eda6fbd
--- /dev/null
+++ b/src/patches/dnsmasq/023-Fix_brace_botch_in_dnssec_validate_ds.patch
@@ -0,0 +1,98 @@
+From 3b799c826db05fc2da1c6d15cbe372e394209d27 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Thu, 17 Dec 2015 16:58:04 +0000
+Subject: [PATCH] Fix brace botch in dnssec_validate_ds()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+Thanks to MichaÅ\82 KÄ\99pieÅ\84 for spotting this.
+---
+ src/dnssec.c |   34 +++++++++++++++++-----------------
+ 1 file changed, 17 insertions(+), 17 deletions(-)
+
+diff --git a/src/dnssec.c b/src/dnssec.c
+index ddae497..1f8c954 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -923,11 +923,11 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
+ /* The DNS packet is expected to contain the answer to a DNSKEY query.
+    Put all DNSKEYs in the answer which are valid into the cache.
+    return codes:
+-         STAT_OK           Done, key(s) in cache.
+-       STAT_BOGUS        No DNSKEYs found, which  can be validated with DS,
+-                         or self-sign for DNSKEY RRset is not valid, bad packet.
+-       STAT_NEED_DS      DS records to validate a key not found, name in keyname 
+-       STAT_NEED_DNSKEY  DNSKEY records to validate a key not found, name in keyname 
++         STAT_OK        Done, key(s) in cache.
++       STAT_BOGUS     No DNSKEYs found, which  can be validated with DS,
++                      or self-sign for DNSKEY RRset is not valid, bad packet.
++       STAT_NEED_DS   DS records to validate a key not found, name in keyname 
++       STAT_NEED_KEY  DNSKEY records to validate a key not found, name in keyname 
+ */
+ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
+ {
+@@ -1224,13 +1224,13 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
+               }
+             
+             p = psave;
+-            
+-            if (!ADD_RDLEN(header, p, plen, rdlen))
+-              return STAT_BOGUS; /* bad packet */
+           }
+-        
+-        cache_end_insert();
++        if (!ADD_RDLEN(header, p, plen, rdlen))
++          return STAT_BOGUS; /* bad packet */
+       }
++
++      cache_end_insert();
++
+     }
+   else
+     {
+@@ -1828,10 +1828,10 @@ static int prove_non_existence(struct dns_header *header, size_t plen, char *key
+ /* Check signing status of name.
+    returns:
+-   STAT_SECURE      zone is signed.
+-   STAT_INSECURE    zone proved unsigned.
+-   STAT_NEED_DS     require DS record of name returned in keyname.
+-   STAT_NEED_DNSKEY require DNSKEY record of name returned in keyname.
++   STAT_SECURE   zone is signed.
++   STAT_INSECURE zone proved unsigned.
++   STAT_NEED_DS  require DS record of name returned in keyname.
++   STAT_NEED_KEY require DNSKEY record of name returned in keyname.
+    name returned unaltered.
+ */
+ static int zone_status(char *name, int class, char *keyname, time_t now)
+@@ -2028,7 +2028,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
+                     if (rc == STAT_SECURE)
+                       rc = STAT_BOGUS;
+                      if (class)
+-                       *class = class1; /* Class for NEED_DS or NEED_DNSKEY */
++                       *class = class1; /* Class for NEED_DS or NEED_KEY */
+                   }
+                 else 
+                   rc = STAT_INSECURE; 
+@@ -2045,7 +2045,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
+               {
+                 /* Zone is insecure, don't need to validate RRset */
+                 if (class)
+-                  *class = class1; /* Class for NEED_DS or NEED_DNSKEY */
++                  *class = class1; /* Class for NEED_DS or NEED_KEY */
+                 return rc;
+               } 
+             
+@@ -2115,7 +2115,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
+           if ((rc = zone_status(name, qclass, keyname, now)) != STAT_SECURE)
+             {
+               if (class)
+-                *class = qclass; /* Class for NEED_DS or NEED_DNSKEY */
++                *class = qclass; /* Class for NEED_DS or NEED_KEY */
+               return rc;
+             } 
+           
+-- 
+1.7.10.4
+
Michael's tree of IPFire 2.x