From 0648475a6690c0ba7e3b9f09071dc40708e483b0 Mon Sep 17 00:00:00 2001 From: Ralph Dolmans Date: Mon, 12 Feb 2018 12:14:01 +0000 Subject: [PATCH] - Processed aggressive NSEC code review remarks Wouter git-svn-id: file:///svn/unbound/trunk@4529 be551aaa-1e26-0410-a405-d3ace91eadb9 --- doc/Changelog | 1 + validator/val_neg.c | 11 +++++------ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index 971909a86..1e79a8be6 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,5 +1,6 @@ 12 February 2018: Ralph - Added tests with wildcard expanded NSEC records (CVE-2017-15105 test) + - Processed aggressive NSEC code review remarks Wouter 8 February 2018: Ralph - Aggressive use of NSEC implementation. Use cached NSEC records to diff --git a/validator/val_neg.c b/validator/val_neg.c index 8f14a5698..5c42edfe0 100644 --- a/validator/val_neg.c +++ b/validator/val_neg.c @@ -1508,7 +1508,7 @@ val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo, return msg; } else if(nsec && val_nsec_proves_name_error(nsec, qinfo->qname)) { if(!(msg = dns_msg_create(qinfo->qname, qinfo->qname_len, - qinfo->qtype, qinfo->qclass, region, 2))) + qinfo->qtype, qinfo->qclass, region, 3))) return NULL; if(!(ce = nsec_closest_encloser(qinfo->qname, nsec))) return NULL; @@ -1526,9 +1526,8 @@ val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo, wc_ce[0] = 1; wc_ce[1] = (uint8_t)'*'; memmove(wc_ce+2, ce, ce_len); - ce_len += 2; wc_qinfo.qname = wc_ce; - wc_qinfo.qname_len = ce_len; + wc_qinfo.qname_len = ce_len += 2; wc_qinfo.qtype = qinfo->qtype; @@ -1559,9 +1558,9 @@ val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo, } else { /* Get wildcard NSEC for possible non existence * proof */ - if(!(wcrr = neg_find_nsec(neg, wc_ce, ce_len, - qinfo->qclass, rrset_cache, now, - region))) + if(!(wcrr = neg_find_nsec(neg, wc_qinfo.qname, + wc_qinfo.qname_len, qinfo->qclass, + rrset_cache, now, region))) return NULL; nodata_wc = NULL; -- 2.47.3