src/patches/dnsmasq/008-Fix_problem_with_--dnssec-timestamp.patch

   1 From 06093a9a845bb597005d892d5d1bc7859933ada4 Mon Sep 17 00:00:00 2001
   2 From: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
   3 Date: Mon, 11 Jul 2016 21:03:27 +0100
   4 Subject: [PATCH] Fix problem with --dnssec-timestamp whereby receipt of
   5  SIGHUP would erroneously engage timestamp checking.
   6
   7 ---
   8  CHANGELOG     |    4 ++++
   9  src/dnsmasq.c |    7 ++++---
  10  src/dnsmasq.h |    1 +
  11  src/dnssec.c  |    5 +++--
  12  4 files changed, 12 insertions(+), 5 deletions(-)
  13
  14 diff --git a/CHANGELOG b/CHANGELOG
  15 index 59c9c49..9f1e404 100644
  16 --- a/CHANGELOG
  17 +++ b/CHANGELOG
  18 @@ -17,6 +17,10 @@ version 2.77
  19             Thanks to Ivan Kokshaysky for the diagnosis and
  20             patch.
  21
  22 +           Fix problem with --dnssec-timestamp whereby receipt
  23 +            of SIGHUP would erroneously engage timestamp checking.
  24 +           Thanks to Kevin Darbyshire-Bryant for this work.
  25 +
  26
  27  version 2.76
  28              Include 0.0.0.0/8 in DNS rebind checks. This range
  29 diff --git a/src/dnsmasq.c b/src/dnsmasq.c
  30 index 045ec53..a47273f 100644
  31 --- a/src/dnsmasq.c
  32 +++ b/src/dnsmasq.c
  33 @@ -750,7 +750,8 @@ int main (int argc, char **argv)
  34
  35        my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
  36
  37 -      if (option_bool(OPT_DNSSEC_TIME))
  38 +      daemon->dnssec_no_time_check = option_bool(OPT_DNSSEC_TIME);
  39 +      if (option_bool(OPT_DNSSEC_TIME) && !daemon->back_to_the_future)
  40         my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until first cache reload"));
  41
  42        if (rc == 1)
  43 @@ -1226,10 +1227,10 @@ static void async_event(int pipe, time_t now)
  44        {
  45        case EVENT_RELOAD:
  46  #ifdef HAVE_DNSSEC
  47 -       if (option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
  48 +       if (daemon->dnssec_no_time_check && option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
  49           {
  50             my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps"));
  51 -           reset_option_bool(OPT_DNSSEC_TIME);
  52 +           daemon->dnssec_no_time_check = 0;
  53           }
  54  #endif
  55         /* fall through */
  56 diff --git a/src/dnsmasq.h b/src/dnsmasq.h
  57 index 1896a64..be27ae0 100644
  58 --- a/src/dnsmasq.h
  59 +++ b/src/dnsmasq.h
  60 @@ -992,6 +992,7 @@ extern struct daemon {
  61  #endif
  62  #ifdef HAVE_DNSSEC
  63    struct ds_config *ds;
  64 +  int dnssec_no_time_check;
  65    int back_to_the_future;
  66    char *timestamp_file;
  67  #endif
  68 diff --git a/src/dnssec.c b/src/dnssec.c
  69 index 3c77c7d..64358fa 100644
  70 --- a/src/dnssec.c
  71 +++ b/src/dnssec.c
  72 @@ -522,15 +522,16 @@ static int check_date_range(u32 date_start, u32 date_end)
  73           if (utime(daemon->timestamp_file, NULL) != 0)
  74             my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
  75
  76 +         my_syslog(LOG_INFO, _("system time considered valid, now checking DNSSEC signature timestamps."));
  77           daemon->back_to_the_future = 1;
  78 -         set_option_bool(OPT_DNSSEC_TIME);
  79 +         daemon->dnssec_no_time_check = 0;
  80           queue_event(EVENT_RELOAD); /* purge cache */
  81         }
  82
  83        if (daemon->back_to_the_future == 0)
  84         return 1;
  85      }
  86 -  else if (option_bool(OPT_DNSSEC_TIME))
  87 +  else if (daemon->dnssec_no_time_check)
  88      return 1;
  89
  90    /* We must explicitly check against wanted values, because of SERIAL_UNDEF */
  91 --
  92 1.7.10.4
  93