Implement and use rfc1982LessThanOrEqual, use C++ style casts

diff --git a/pdns/misc.hh b/pdns/misc.hh
index ee03a5112cbe63b830fb56ec2e6cb8a5690ab3bf..0b2d0883833edec5fd1c77c17bdec0951b6505f2 100644 (file)
--- a/pdns/misc.hh
+++ b/pdns/misc.hh
@@ -146,10 +146,16 @@ stringtok (Container &container, string const &in,
   }
 }
 
-template<typename T> bool rfc1982LessThan(T a, T b)
+template<typename T> bool rfc1982LessThan(T lhs, T rhs)
 {
   static_assert(std::is_unsigned_v<T>, "rfc1982LessThan only works for unsigned types");
-  return std::make_signed_t<T>(a - b) < 0;
+  return static_cast<std::make_signed_t<T>>(lhs - rhs) < 0;
+}
+
+template<typename T> bool rfc1982LessThanOrEqual(T lhs, T rhs)
+{
+  static_assert(std::is_unsigned_v<T>, "rfc1982LessThanOrEqual only works for unsigned types");
+  return static_cast<std::make_signed_t<T>>(lhs - rhs) <= 0;
 }
 
 // fills container with ranges, so {posbegin,posend}

diff --git a/pdns/validate.cc b/pdns/validate.cc
index e1e38b50d16bcc44382eedf248deef0be2168c83..c7cec0549db2de1b98f311d8151692c5f869ae67 100644 (file)
--- a/pdns/validate.cc
+++ b/pdns/validate.cc
@@ -973,12 +973,12 @@ dState getDenial(const cspmap_t &validrrsets, const DNSName& qname, const uint16
 
 bool isRRSIGNotExpired(const time_t now, const RRSIGRecordContent& sig)
 {
-  return rfc1982LessThan<uint32_t>(now, sig.d_sigexpire);
+  return rfc1982LessThanOrEqual<uint32_t>(now, sig.d_sigexpire);
 }
 
 bool isRRSIGIncepted(const time_t now, const RRSIGRecordContent& sig)
 {
-  return rfc1982LessThan<uint32_t>(sig.d_siginception - g_signatureInceptionSkew, now);
+  return rfc1982LessThanOrEqual<uint32_t>(sig.d_siginception - g_signatureInceptionSkew, now);
 }
 
 namespace {