[ipfire-2.x.git] / src / patches / dnsmasq / 023-Fix_brace_botch_in_dnssec_validate_ds.patch

From 3b799c826db05fc2da1c6d15cbe372e394209d27 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Thu, 17 Dec 2015 16:58:04 +0000
Subject: [PATCH] Fix brace botch in dnssec_validate_ds()
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Thanks to MichaÅ\82 KÄ\99pieÅ\84 for spotting this.
---
 src/dnssec.c |   34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/src/dnssec.c b/src/dnssec.c
index ddae497..1f8c954 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -923,11 +923,11 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
 /* The DNS packet is expected to contain the answer to a DNSKEY query.
    Put all DNSKEYs in the answer which are valid into the cache.
    return codes:
-         STAT_OK           Done, key(s) in cache.
-	 STAT_BOGUS        No DNSKEYs found, which  can be validated with DS,
-	                   or self-sign for DNSKEY RRset is not valid, bad packet.
-	 STAT_NEED_DS      DS records to validate a key not found, name in keyname 
-	 STAT_NEED_DNSKEY  DNSKEY records to validate a key not found, name in keyname 
+         STAT_OK        Done, key(s) in cache.
+	 STAT_BOGUS     No DNSKEYs found, which  can be validated with DS,
+	                or self-sign for DNSKEY RRset is not valid, bad packet.
+	 STAT_NEED_DS   DS records to validate a key not found, name in keyname 
+	 STAT_NEED_KEY  DNSKEY records to validate a key not found, name in keyname 
 */
 int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
 {
@@ -1224,13 +1224,13 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
 		}
 	      
 	      p = psave;
-	      
-	      if (!ADD_RDLEN(header, p, plen, rdlen))
-		return STAT_BOGUS; /* bad packet */
 	    }
-	  
-	  cache_end_insert();
+	  if (!ADD_RDLEN(header, p, plen, rdlen))
+	    return STAT_BOGUS; /* bad packet */
 	}
+
+      cache_end_insert();
+
     }
   else
     {
@@ -1828,10 +1828,10 @@ static int prove_non_existence(struct dns_header *header, size_t plen, char *key
 
 /* Check signing status of name.
    returns:
-   STAT_SECURE      zone is signed.
-   STAT_INSECURE    zone proved unsigned.
-   STAT_NEED_DS     require DS record of name returned in keyname.
-   STAT_NEED_DNSKEY require DNSKEY record of name returned in keyname.
+   STAT_SECURE   zone is signed.
+   STAT_INSECURE zone proved unsigned.
+   STAT_NEED_DS  require DS record of name returned in keyname.
+   STAT_NEED_KEY require DNSKEY record of name returned in keyname.
    name returned unaltered.
 */
 static int zone_status(char *name, int class, char *keyname, time_t now)
@@ -2028,7 +2028,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
 		      if (rc == STAT_SECURE)
 			rc = STAT_BOGUS;
 		       if (class)
-			 *class = class1; /* Class for NEED_DS or NEED_DNSKEY */
+			 *class = class1; /* Class for NEED_DS or NEED_KEY */
 		    }
 		  else 
 		    rc = STAT_INSECURE; 
@@ -2045,7 +2045,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
 		{
 		  /* Zone is insecure, don't need to validate RRset */
 		  if (class)
-		    *class = class1; /* Class for NEED_DS or NEED_DNSKEY */
+		    *class = class1; /* Class for NEED_DS or NEED_KEY */
 		  return rc;
 		} 
 	      
@@ -2115,7 +2115,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
 	    if ((rc = zone_status(name, qclass, keyname, now)) != STAT_SECURE)
 	      {
 		if (class)
-		  *class = qclass; /* Class for NEED_DS or NEED_DNSKEY */
+		  *class = qclass; /* Class for NEED_DS or NEED_KEY */
 		return rc;
 	      } 
 	    
-- 
1.7.10.4
Commit	Line	Data
1e1b03d5 MF	1	From 3b799c826db05fc2da1c6d15cbe372e394209d27 Mon Sep 17 00:00:00 2001
	2	From: Simon Kelley <simon@thekelleys.org.uk>
	3	Date: Thu, 17 Dec 2015 16:58:04 +0000
	4	Subject: [PATCH] Fix brace botch in dnssec_validate_ds()
	5	MIME-Version: 1.0
	6	Content-Type: text/plain; charset=utf8
	7	Content-Transfer-Encoding: 8bit
	8
	9	Thanks to MichaÅ\82 KÄ\99pieÅ\84 for spotting this.
	10	---
	11	src/dnssec.c \| 34 +++++++++++++++++-----------------
	12	1 file changed, 17 insertions(+), 17 deletions(-)
	13
	14	diff --git a/src/dnssec.c b/src/dnssec.c
	15	index ddae497..1f8c954 100644
	16	--- a/src/dnssec.c
	17	+++ b/src/dnssec.c
	18	@@ -923,11 +923,11 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
	19	/* The DNS packet is expected to contain the answer to a DNSKEY query.
	20	Put all DNSKEYs in the answer which are valid into the cache.
	21	return codes:
	22	- STAT_OK Done, key(s) in cache.
	23	- STAT_BOGUS No DNSKEYs found, which can be validated with DS,
	24	- or self-sign for DNSKEY RRset is not valid, bad packet.
	25	- STAT_NEED_DS DS records to validate a key not found, name in keyname
	26	- STAT_NEED_DNSKEY DNSKEY records to validate a key not found, name in keyname
	27	+ STAT_OK Done, key(s) in cache.
	28	+ STAT_BOGUS No DNSKEYs found, which can be validated with DS,
	29	+ or self-sign for DNSKEY RRset is not valid, bad packet.
	30	+ STAT_NEED_DS DS records to validate a key not found, name in keyname
	31	+ STAT_NEED_KEY DNSKEY records to validate a key not found, name in keyname
	32	*/
	33	int dnssec_validate_by_ds(time_t now, struct dns_header header, size_t plen, char name, char *keyname, int class)
	34	{
	35	@@ -1224,13 +1224,13 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
	36	}
	37
	38	p = psave;
	39	-
	40	- if (!ADD_RDLEN(header, p, plen, rdlen))
	41	- return STAT_BOGUS; /* bad packet */
	42	}
	43	-
	44	- cache_end_insert();
	45	+ if (!ADD_RDLEN(header, p, plen, rdlen))
	46	+ return STAT_BOGUS; /* bad packet */
	47	}
	48	+
	49	+ cache_end_insert();
	50	+
	51	}
	52	else
	53	{
	54	@@ -1828,10 +1828,10 @@ static int prove_non_existence(struct dns_header header, size_t plen, char key
	55
	56	/* Check signing status of name.
	57	returns:
	58	- STAT_SECURE zone is signed.
	59	- STAT_INSECURE zone proved unsigned.
	60	- STAT_NEED_DS require DS record of name returned in keyname.
	61	- STAT_NEED_DNSKEY require DNSKEY record of name returned in keyname.
	62	+ STAT_SECURE zone is signed.
	63	+ STAT_INSECURE zone proved unsigned.
	64	+ STAT_NEED_DS require DS record of name returned in keyname.
65	+ STAT_NEED_KEY require DNSKEY record of name returned in keyname.
66	name returned unaltered.
67	*/
68	static int zone_status(char name, int class, char keyname, time_t now)
69	@@ -2028,7 +2028,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
70	if (rc == STAT_SECURE)
71	rc = STAT_BOGUS;
72	if (class)
73	- class = class1; / Class for NEED_DS or NEED_DNSKEY */
74	+ class = class1; / Class for NEED_DS or NEED_KEY */
75	}
76	else
77	rc = STAT_INSECURE;
78	@@ -2045,7 +2045,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
79	{
80	/* Zone is insecure, don't need to validate RRset */
81	if (class)
82	- class = class1; / Class for NEED_DS or NEED_DNSKEY */
83	+ class = class1; / Class for NEED_DS or NEED_KEY */
84	return rc;
85	}
86
87	@@ -2115,7 +2115,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
88	if ((rc = zone_status(name, qclass, keyname, now)) != STAT_SECURE)
89	{
90	if (class)
91	- class = qclass; / Class for NEED_DS or NEED_DNSKEY */
92	+ class = qclass; / Class for NEED_DS or NEED_KEY */
93	return rc;
94	}
95
96	--
97	1.7.10.4
98