- Processed aggressive NSEC code review remarks Wouter

author Ralph Dolmans <ralph@nlnetlabs.nl>

Mon, 12 Feb 2018 12:14:01 +0000 (12:14 +0000)

committer Ralph Dolmans <ralph@nlnetlabs.nl>

Mon, 12 Feb 2018 12:14:01 +0000 (12:14 +0000)
author Ralph Dolmans <ralph@nlnetlabs.nl>
Mon, 12 Feb 2018 12:14:01 +0000 (12:14 +0000)
committer Ralph Dolmans <ralph@nlnetlabs.nl>
Mon, 12 Feb 2018 12:14:01 +0000 (12:14 +0000)
diff --git a/doc/Changelog b/doc/Changelog

index 971909a8646119d5aa594ca4be37f18a373915e6..1e79a8be6ef6a46347b84c31ec37d6aa525cb9aa 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,5 +1,6 @@
  12 February 2018: Ralph
         - Added tests with wildcard expanded NSEC records (CVE-2017-15105 test)
+       - Processed aggressive NSEC code review remarks Wouter
  
  8 February 2018: Ralph
         - Aggressive use of NSEC implementation. Use cached NSEC records to
diff --git a/validator/val_neg.c b/validator/val_neg.c

index 8f14a56988953a4010e898e33d629bff418f7726..5c42edfe05a2ffa82c178646f85b2190e3cd831d 100644 (file)
--- a/validator/val_neg.c
+++ b/validator/val_neg.c
@@ -1508,7 +1508,7 @@ val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo,
                 return msg;
         } else if(nsec && val_nsec_proves_name_error(nsec, qinfo->qname)) {
                 if(!(msg = dns_msg_create(qinfo->qname, qinfo->qname_len, 
-                       qinfo->qtype, qinfo->qclass, region, 2))) 
+                       qinfo->qtype, qinfo->qclass, region, 3))) 
                         return NULL;
                 if(!(ce = nsec_closest_encloser(qinfo->qname, nsec)))
                         return NULL;
@@ -1526,9 +1526,8 @@ val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo,
                         wc_ce[0] = 1;
                         wc_ce[1] = (uint8_t)'*';
                         memmove(wc_ce+2, ce, ce_len);
-                       ce_len += 2;
                         wc_qinfo.qname = wc_ce;
-                       wc_qinfo.qname_len = ce_len;
+                       wc_qinfo.qname_len = ce_len += 2;
                         wc_qinfo.qtype = qinfo->qtype;
  
  
@@ -1559,9 +1558,9 @@ val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo,
                         } else {
                                 /* Get wildcard NSEC for possible non existence
                                  * proof */
-                               if(!(wcrr = neg_find_nsec(neg, wc_ce, ce_len,
-                                       qinfo->qclass, rrset_cache, now,
-                                       region)))
+                               if(!(wcrr = neg_find_nsec(neg, wc_qinfo.qname,
+                                       wc_qinfo.qname_len, qinfo->qclass,
+                                       rrset_cache, now, region)))
                                         return NULL;
  
                                 nodata_wc = NULL;
author	Ralph Dolmans <ralph@nlnetlabs.nl>
	Mon, 12 Feb 2018 12:14:01 +0000 (12:14 +0000)
committer	Ralph Dolmans <ralph@nlnetlabs.nl>
	Mon, 12 Feb 2018 12:14:01 +0000 (12:14 +0000)
doc/Changelog		patch \| blob \| blame \| history
validator/val_neg.c		patch \| blob \| blame \| history