+/* SPDX-License-Identifier: LGPL-2.1+ */
/***
This file is part of systemd.
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
-#ifdef HAVE_GCRYPT
+#if HAVE_GCRYPT
#include <gcrypt.h>
#endif
return (int) c;
}
-#ifdef HAVE_GCRYPT
+#if HAVE_GCRYPT
static int rr_compare(const void *a, const void *b) {
DnsResourceRecord **x = (DnsResourceRecord**) a, **y = (DnsResourceRecord**) b;
/* Ignore NSEC3 RRs generated from wildcards. If these NSEC3 RRs weren't correctly signed we can't make this
* check (since rr->n_skip_labels_source is -1), but that's OK, as we won't trust them anyway in that case. */
- if (rr->n_skip_labels_source != 0 && rr->n_skip_labels_source != (unsigned) -1)
+ if (!IN_SET(rr->n_skip_labels_source, 0, (unsigned) -1))
return 0;
/* Ignore NSEC3 RRs that are located anywhere else than one label below the zone */
- if (rr->n_skip_labels_signer != 1 && rr->n_skip_labels_signer != (unsigned) -1)
+ if (!IN_SET(rr->n_skip_labels_signer, 1, (unsigned) -1))
return 0;
if (!nsec3)
}
static int dnssec_nsec_covers_wildcard(DnsResourceRecord *rr, const char *name) {
- const char *common_suffix, *wc;
+ _cleanup_free_ char *wc = NULL;
+ const char *common_suffix;
int r;
assert(rr);
if (r <= 0)
return r;
- wc = strjoina("*.", common_suffix);
+ r = dns_name_concat("*", common_suffix, &wc);
+ if (r < 0)
+ return r;
+
return dns_name_between(dns_resource_key_name(rr->key), wc, rr->nsec.next_domain_name);
}