Add SPDX license identifiers to source files under the LGPL

[thirdparty/systemd.git] / src / resolve / resolved-dns-dnssec.c

diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c
index a54aed3a63c7071d9bca2d475bbb9019dcaebbbc..f04b246a3d6a9a3c0a64f7ee1f0f30424e4075ce 100644 (file)
--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/resolve/resolved-dns-dnssec.c
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
 /***
   This file is part of systemd.
 
@@ -17,7 +18,7 @@
   along with systemd; If not, see <http://www.gnu.org/licenses/>.
 ***/
 
-#ifdef HAVE_GCRYPT
+#if HAVE_GCRYPT
 #include <gcrypt.h>
 #endif
 
@@ -125,7 +126,7 @@ int dnssec_canonicalize(const char *n, char *buffer, size_t buffer_max) {
         return (int) c;
 }
 
-#ifdef HAVE_GCRYPT
+#if HAVE_GCRYPT
 
 static int rr_compare(const void *a, const void *b) {
         DnsResourceRecord **x = (DnsResourceRecord**) a, **y = (DnsResourceRecord**) b;
@@ -1247,10 +1248,10 @@ static int nsec3_is_good(DnsResourceRecord *rr, DnsResourceRecord *nsec3) {
 
         /* Ignore NSEC3 RRs generated from wildcards. If these NSEC3 RRs weren't correctly signed we can't make this
          * check (since rr->n_skip_labels_source is -1), but that's OK, as we won't trust them anyway in that case. */
-        if (rr->n_skip_labels_source != 0 && rr->n_skip_labels_source != (unsigned) -1)
+        if (!IN_SET(rr->n_skip_labels_source, 0, (unsigned) -1))
                 return 0;
         /* Ignore NSEC3 RRs that are located anywhere else than one label below the zone */
-        if (rr->n_skip_labels_signer != 1 && rr->n_skip_labels_signer != (unsigned) -1)
+        if (!IN_SET(rr->n_skip_labels_signer, 1, (unsigned) -1))
                 return 0;
 
         if (!nsec3)
@@ -1303,7 +1304,7 @@ static int nsec3_hashed_domain_format(const uint8_t *hashed, size_t hashed_size,
         if (!l)
                 return -ENOMEM;
 
-        j = strjoin(l, ".", zone, NULL);
+        j = strjoin(l, ".", zone);
         if (!j)
                 return -ENOMEM;
 
@@ -1642,7 +1643,7 @@ static int dnssec_nsec_in_path(DnsResourceRecord *rr, const char *name) {
         if (r <= 0)
                 return r;
 
-        /* If the name we we are interested in is not a prefix of the common suffix of the NSEC RR's owner and next domain names, then we can't say anything either. */
+        /* If the name we are interested in is not a prefix of the common suffix of the NSEC RR's owner and next domain names, then we can't say anything either. */
         r = dns_name_common_suffix(dns_resource_key_name(rr->key), rr->nsec.next_domain_name, &common_suffix);
         if (r < 0)
                 return r;
@@ -1710,7 +1711,8 @@ static int dnssec_nsec_covers(DnsResourceRecord *rr, const char *name) {
 }
 
 static int dnssec_nsec_covers_wildcard(DnsResourceRecord *rr, const char *name) {
-        const char *common_suffix, *wc;
+        _cleanup_free_ char *wc = NULL;
+        const char *common_suffix;
         int r;
 
         assert(rr);
@@ -1734,7 +1736,10 @@ static int dnssec_nsec_covers_wildcard(DnsResourceRecord *rr, const char *name)
         if (r <= 0)
                 return r;
 
-        wc = strjoina("*.", common_suffix);
+        r = dns_name_concat("*", common_suffix, &wc);
+        if (r < 0)
+                return r;
+
         return dns_name_between(dns_resource_key_name(rr->key), wc, rr->nsec.next_domain_name);
 }