From: Wouter Wijngaards Date: Fri, 25 Sep 2009 15:20:29 +0000 (+0000) Subject: review fixes X-Git-Tag: release-1.4.0rc1~50 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5007a44e5234828098954ee2e5d1a578908c15df;p=thirdparty%2Funbound.git review fixes git-svn-id: file:///svn/unbound/trunk@1853 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index a850e66a8..39f3131bd 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,7 +1,8 @@ -24 September 2009: Wouter +25 September 2009: Wouter - so-rcvbuf: 4m option added. Set this on large busy servers to not drop the occasional packet in spikes due to full socket buffers. netstat -su keeps a counter of UDP dropped due to full buffers. + - review of validator/autotrust.c, small fixes and comments. 23 September 2009: Wouter - 5011 query failed counts verification failures, not lookup failures. diff --git a/validator/autotrust.c b/validator/autotrust.c index da77db986..fc9ea4f7c 100644 --- a/validator/autotrust.c +++ b/validator/autotrust.c @@ -473,6 +473,7 @@ load_trustanchor(struct val_anchors* anchors, char* str, const char* fname) tp->autr->file = strdup(fname); if(!tp->autr->file) { lock_basic_unlock(&tp->lock); + log_err("malloc failure"); return NULL; } } @@ -544,6 +545,9 @@ autr_assemble(struct trust_anchor* tp) return 0; } } + /* we have prepared the new keys so nothing can go wrong any more. + * And we are sure we cannot be left without trustanchor after + * an errors. Put in the new keys and remove old ones. */ /* free the old data */ autr_rrset_delete(tp->ds_rrset); @@ -605,7 +609,8 @@ parse_id(struct val_anchors* anchors, char* line) return tp; } -/** parse variable from trustanchor header +/** + * Parse variable from trustanchor header * @param line: to parse * @param anchors: the anchor is added to this, if "id:" is seen. * @param anchor: the anchor as result value or previously returned anchor @@ -690,6 +695,7 @@ int autr_read_file(struct val_anchors* anchors, const char* nm) if((r = parse_var_line(line, anchors, &tp)) == -1) { log_err("could not parse auto-trust-anchor-file " "%s line %d", nm, line_nr); + fclose(fd); return 0; } else if(r == 1) { continue; @@ -819,10 +825,11 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp) continue; str = ldns_rr2str(ta->rr); if(!str || !str[0]) { + free(str); log_err("malloc failure writing %s", tp->autr->file); continue; } - str[strlen(str)-1] = 0; + str[strlen(str)-1] = 0; /* remove newline */ fprintf(out, "%s ;;state=%d [%s] ;;count=%d " ";;lastchange=%u ;;%s", str, (int)ta->s, trustanchor_state2str(ta->s), (int)ta->pending_count, @@ -833,7 +840,8 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp) fclose(out); } -/** verify if dnskey works for trust point +/** + * Verify if dnskey works for trust point * @param env: environment (with time) for verification * @param ve: validator environment (with options) for verification. * @param tp: trust point to verify with @@ -858,7 +866,7 @@ verify_dnskey(struct module_env* env, struct val_env* ve, /* verify with keys */ enum sec_status sec = val_verify_rrset(env, ve, rrset, tp->dnskey_rrset); - verbose(VERB_ALGO, "autotrust: DNSKEY is %s", + verbose(VERB_ALGO, "autotrust: validate DNSKEY with keys: %s", sec_status_to_string(sec)); if(sec == sec_status_secure) { return 1; @@ -879,7 +887,7 @@ min_expiry(struct module_env* env, ldns_rr_list* rrset) continue; t = ldns_rdf2native_int32(ldns_rr_rrsig_expiration(rr)); if(t > *env->now) { - t = t - *env->now; + t -= *env->now; if(t < r) r = t; }