Add strict checks on typepair values in the developer's mode

When in developer's mode, make the DNS_TYPEPAIR_* macros be more
strict on the contents of the 'base' and 'covers', so we can catch
invalid use of the API.

diff --git a/lib/dns/include/dns/rdatatype.h b/lib/dns/include/dns/rdatatype.h
index b4005367c9cc3226740a76e6addaeac2f7915cfb..13847136d5b1d5158c565971eff0e858a003f9d0 100644 (file)
--- a/lib/dns/include/dns/rdatatype.h
+++ b/lib/dns/include/dns/rdatatype.h
@@ -17,13 +17,38 @@
 
 #include <dns/types.h>
 
-#define DNS_TYPEPAIR_TYPE(type)          ((dns_rdatatype_t)((type) & 0xFFFF))
-#define DNS_TYPEPAIR_COVERS(type) ((dns_rdatatype_t)((type) >> 16))
-#define DNS_TYPEPAIR_VALUE(base, ext) \
-       ((dns_typepair_t)(((uint32_t)ext) << 16) | (((uint32_t)base) & 0xffff))
-#define DNS_SIGTYPE(type)                           \
-       ((dns_typepair_t)(((uint32_t)type) << 16) | \
-        (((uint32_t)dns_rdatatype_rrsig) & 0xffff))
+#if DNS_TYPEPAIR_CHECK
+#define DNS__TYPEPAIR_CHECK(base, covers)                    \
+       INSIST((dns_rdatatype_issig(base) && covers != 0) || \
+              (base == 0 && covers != 0) || (base != 0 && covers == 0))
+#else
+#define DNS__TYPEPAIR_CHECK(base, covers)
+#endif
+
+#define DNS_TYPEPAIR_TYPE(type)                                              \
+       ({                                                                   \
+               dns_rdatatype_t __base = (dns_rdatatype_t)((type) & 0xFFFF); \
+               dns_rdatatype_t __covers = (dns_rdatatype_t)((type) >> 16);  \
+               DNS__TYPEPAIR_CHECK(__base, __covers);                       \
+               __base;                                                      \
+       })
+#define DNS_TYPEPAIR_COVERS(type)                                            \
+       ({                                                                   \
+               dns_rdatatype_t __base = (dns_rdatatype_t)((type) & 0xFFFF); \
+               dns_rdatatype_t __covers = (dns_rdatatype_t)((type) >> 16);  \
+               DNS__TYPEPAIR_CHECK(__base, __covers);                       \
+               __covers;                                                    \
+       })
+#define DNS__TYPEPAIR_VALUE(base, covers)             \
+       ((dns_typepair_t)(((uint32_t)covers) << 16) | \
+        (((uint32_t)base) & 0xffff))
+#define DNS_TYPEPAIR_VALUE(base, covers)           \
+       ({                                         \
+               DNS__TYPEPAIR_CHECK(base, covers); \
+               DNS__TYPEPAIR_VALUE(base, covers); \
+       })
+
+#define DNS_SIGTYPE(type) DNS__TYPEPAIR_VALUE(dns_rdatatype_rrsig, type)
 
 isc_result_t
 dns_rdatatype_fromtext(dns_rdatatype_t *typep, isc_textregion_t *source);

diff --git a/meson.build b/meson.build
index 1f41ee0166ba70edd4829c2dda65aa5b8e700e6a..6f45d81f6335a996adf0bb1dd0d353cdba54fcc5 100644 (file)
--- a/meson.build
+++ b/meson.build
@@ -307,6 +307,7 @@ if developer_mode
     config.set('ISC_MUTEX_ERROR_CHECK', 1)
     config.set('ISC_SOCKET_DETAILS', 1)
     config.set('ISC_STATS_CHECKUNDERFLOW', 1)
+    config.set('DNS_TYPEPAIR_CHECK', 1)
 endif
 
 foreach fn : [