]> git.ipfire.org Git - people/ms/dnsmasq.git/commitdiff
projects / people / ms / dnsmasq.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 24e9207)
Handle corner cases in NSEC coverage checks.
authorSimon Kelley <simon@thekelleys.org.uk>
Sat, 6 Jun 2015 22:13:57 +0000 (23:13 +0100)
committerSimon Kelley <simon@thekelleys.org.uk>
Sat, 6 Jun 2015 22:13:57 +0000 (23:13 +0100)
src/dnssec.c patch | blob | blame | history

diff --git a/src/dnssec.c b/src/dnssec.c
index e91d7c2cf040a01a4c2f0e931868f7e6899c7468..93217b05a846745767695cdf4b0bba76c1ebd12f 100644 (file)
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -1493,13 +1493,13 @@ static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsi
        {
          /* Normal case, name falls between NSEC name and next domain name,
             wrap around case, name falls between NSEC name (rc == -1) and end */
-         if (hostname_cmp(workspace2, name) == 1 || hostname_cmp(workspace1, workspace2) == 1)
+         if (hostname_cmp(workspace2, name) >= 0 || hostname_cmp(workspace1, workspace2) >= 0)
            return STAT_SECURE;
        }
       else 
        {
          /* wrap around case, name falls between start and next domain name */
-         if (hostname_cmp(workspace1, workspace2) == 1 && hostname_cmp(workspace2, name) == 1)
+         if (hostname_cmp(workspace1, workspace2) >= 0 && hostname_cmp(workspace2, name) >=0 )
            return STAT_SECURE;
        }
     }
@@ -1632,17 +1632,17 @@ static int check_nsec3_coverage(struct dns_header *header, size_t plen, int dige
 
                return 1;
              }
-           else if (rc <= 0)
+           else if (rc < 0)
              {
                /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
                   wrap around case, name-hash falls between NSEC3 name-hash and end */
-               if (memcmp(p, digest, digest_len) > 0 || memcmp(workspace2, p, digest_len) > 0)
+               if (memcmp(p, digest, digest_len) >= 0 || memcmp(workspace2, p, digest_len) >= 0)
                  return 1;
              }
            else 
              {
                /* wrap around case, name falls between start and next domain name */
-               if (memcmp(workspace2, p, digest_len) > 0 && memcmp(p, digest, digest_len) > 0)
+               if (memcmp(workspace2, p, digest_len) >= 0 && memcmp(p, digest, digest_len) >= 0)
                  return 1;
              }
          }
Michael's tree of dnsmasq.