Apply suggestions from code review

Co-authored-by: Remi Gacogne <github@coredump.fr>

diff --git a/docs/settings.rst b/docs/settings.rst
index eb6e8cdba5cd9c36dc02819fdf96050d754b9c6d..1e3cdea4995c8363dee0276bba2cc4c8c8873f25 100644 (file)
--- a/docs/settings.rst
+++ b/docs/settings.rst
@@ -633,7 +633,7 @@ disables caching.
 -  Default: (empty)
 
 When set, PowerDNS will respond with :rfc:`9018` EDNS Cookies to queries that have the EDNS0 Cookie option.
-PowerDNS will also respond with BADCOOKIE to clients that have no or a bad server cookie (section 5.2.3 and 5.2.4 of :rfc:`7873`).
+PowerDNS will also respond with BADCOOKIE to clients that have sent only a client cookie, or a bad server cookie (section 5.2.3 and 5.2.4 of :rfc:`7873`).
 
 This setting MUST be 32 hexadecimal characters, as the siphash algorithm's key used to create the cookie requires a 128-bit key.
 

diff --git a/pdns/Makefile.am b/pdns/Makefile.am
index 4bedb0a1f460becbf99ddef80faa4df18bd2ba9e..867d3c04cbc60440f43c81780ee237995e6aebdf 100644 (file)
--- a/pdns/Makefile.am
+++ b/pdns/Makefile.am
@@ -351,7 +351,7 @@ pdnsutil_SOURCES = \
        dnssecsigner.cc \
        dnswriter.cc dnswriter.hh \
        dynlistener.cc \
-       ednscookies.cc \
+       ednscookies.cc ednscookies.hh \
        ednsoptions.cc ednsoptions.hh \
        ednssubnet.cc \
        ipcipher.cc ipcipher.hh \

diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index b094b1d720fb9c55d2144f3bf4669f5dda1960f2..70e41685cee549f3795b9908f0f7c411ab518efa 100644 (file)
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -165,7 +165,7 @@ void declareArguments()
   ::arg().setSwitch("any-to-tcp","Answer ANY queries with tc=1, shunting to TCP")="yes";
   ::arg().setSwitch("edns-subnet-processing","If we should act on EDNS Subnet options")="no";
 
-  ::arg().set("edns-cookie-secret", "When set, set a server cookie in a response to a query with a Client cookie (in hex)")="";
+  ::arg().set("edns-cookie-secret", "When set, set a server cookie when responding to a query with a Client cookie (in hex)")="";
 
   ::arg().setSwitch("webserver","Start a webserver for monitoring (api=yes also enables the HTTP listener)")="no";
   ::arg().setSwitch("webserver-print-arguments","If the webserver should print arguments")="no";
@@ -594,7 +594,7 @@ void mainthread()
        exit(1);
      }
 #else
-     g_log<<Logger::Error<<"Support for EDNS Cookies is not available because of missing cryptographic functions"<<endl;
+     g_log<<Logger::Error<<"Support for EDNS Cookies is not available because of missing cryptographic functions (libsodium support should be enabled, with the crypto_shorthash() function available)"<<endl;
      exit(1);
 #endif
    }

diff --git a/pdns/ednscookies.cc b/pdns/ednscookies.cc
index 29f60fcdb215e2126ba6ff8fc804cfee87266348..bdc65367e1f288fb6d54cb34d44a745590b43ef6 100644 (file)
--- a/pdns/ednscookies.cc
+++ b/pdns/ednscookies.cc
@@ -151,10 +151,11 @@ bool EDNSCookiesOpt::makeServerCookie(const string& secret, const ComboAddress&
   }
 
   server.clear();
+  server.reserve(16);
   server = "\x01"; // Version
   server.resize(4, '\0'); // 3 reserved bytes
   uint32_t now = htonl(static_cast<uint32_t>(time(nullptr)));
-  server += string(reinterpret_cast<const char*>(&now), 4);
+  server += string(reinterpret_cast<const char*>(&now), sizeof(now));
   server.resize(8);
 
   string toHash = client;