X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=src%2Fpatches%2Fdnsmasq%2F023-Fix_brace_botch_in_dnssec_validate_ds.patch;fp=src%2Fpatches%2Fdnsmasq%2F023-Fix_brace_botch_in_dnssec_validate_ds.patch;h=eda6fbd24a6a5fbb78c17f7162c2863fe58e154e;hb=1e1b03d5819269184a85dc5bcc042c978666bc08;hp=0000000000000000000000000000000000000000;hpb=fbcc3cb7841f10c1390550074d676ddf2afa2c1a;p=people%2Fmeitelwein%2Fipfire-2.x.git diff --git a/src/patches/dnsmasq/023-Fix_brace_botch_in_dnssec_validate_ds.patch b/src/patches/dnsmasq/023-Fix_brace_botch_in_dnssec_validate_ds.patch new file mode 100644 index 000000000..eda6fbd24 --- /dev/null +++ b/src/patches/dnsmasq/023-Fix_brace_botch_in_dnssec_validate_ds.patch @@ -0,0 +1,98 @@ +From 3b799c826db05fc2da1c6d15cbe372e394209d27 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Thu, 17 Dec 2015 16:58:04 +0000 +Subject: [PATCH] Fix brace botch in dnssec_validate_ds() +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +Thanks to Michał Kępień for spotting this. +--- + src/dnssec.c | 34 +++++++++++++++++----------------- + 1 file changed, 17 insertions(+), 17 deletions(-) + +diff --git a/src/dnssec.c b/src/dnssec.c +index ddae497..1f8c954 100644 +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -923,11 +923,11 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in + /* The DNS packet is expected to contain the answer to a DNSKEY query. + Put all DNSKEYs in the answer which are valid into the cache. + return codes: +- STAT_OK Done, key(s) in cache. +- STAT_BOGUS No DNSKEYs found, which can be validated with DS, +- or self-sign for DNSKEY RRset is not valid, bad packet. +- STAT_NEED_DS DS records to validate a key not found, name in keyname +- STAT_NEED_DNSKEY DNSKEY records to validate a key not found, name in keyname ++ STAT_OK Done, key(s) in cache. ++ STAT_BOGUS No DNSKEYs found, which can be validated with DS, ++ or self-sign for DNSKEY RRset is not valid, bad packet. ++ STAT_NEED_DS DS records to validate a key not found, name in keyname ++ STAT_NEED_KEY DNSKEY records to validate a key not found, name in keyname + */ + int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class) + { +@@ -1224,13 +1224,13 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char + } + + p = psave; +- +- if (!ADD_RDLEN(header, p, plen, rdlen)) +- return STAT_BOGUS; /* bad packet */ + } +- +- cache_end_insert(); ++ if (!ADD_RDLEN(header, p, plen, rdlen)) ++ return STAT_BOGUS; /* bad packet */ + } ++ ++ cache_end_insert(); ++ + } + else + { +@@ -1828,10 +1828,10 @@ static int prove_non_existence(struct dns_header *header, size_t plen, char *key + + /* Check signing status of name. + returns: +- STAT_SECURE zone is signed. +- STAT_INSECURE zone proved unsigned. +- STAT_NEED_DS require DS record of name returned in keyname. +- STAT_NEED_DNSKEY require DNSKEY record of name returned in keyname. ++ STAT_SECURE zone is signed. ++ STAT_INSECURE zone proved unsigned. ++ STAT_NEED_DS require DS record of name returned in keyname. ++ STAT_NEED_KEY require DNSKEY record of name returned in keyname. + name returned unaltered. + */ + static int zone_status(char *name, int class, char *keyname, time_t now) +@@ -2028,7 +2028,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch + if (rc == STAT_SECURE) + rc = STAT_BOGUS; + if (class) +- *class = class1; /* Class for NEED_DS or NEED_DNSKEY */ ++ *class = class1; /* Class for NEED_DS or NEED_KEY */ + } + else + rc = STAT_INSECURE; +@@ -2045,7 +2045,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch + { + /* Zone is insecure, don't need to validate RRset */ + if (class) +- *class = class1; /* Class for NEED_DS or NEED_DNSKEY */ ++ *class = class1; /* Class for NEED_DS or NEED_KEY */ + return rc; + } + +@@ -2115,7 +2115,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch + if ((rc = zone_status(name, qclass, keyname, now)) != STAT_SECURE) + { + if (class) +- *class = qclass; /* Class for NEED_DS or NEED_DNSKEY */ ++ *class = qclass; /* Class for NEED_DS or NEED_KEY */ + return rc; + } + +-- +1.7.10.4 +