Fix double time subtraction in negative cache.

author Wouter Wijngaards <wouter@nlnetlabs.nl>

Thu, 8 Oct 2009 09:18:40 +0000 (09:18 +0000)

committer Wouter Wijngaards <wouter@nlnetlabs.nl>

Thu, 8 Oct 2009 09:18:40 +0000 (09:18 +0000)
author Wouter Wijngaards <wouter@nlnetlabs.nl>
Thu, 8 Oct 2009 09:18:40 +0000 (09:18 +0000)
committer Wouter Wijngaards <wouter@nlnetlabs.nl>
Thu, 8 Oct 2009 09:18:40 +0000 (09:18 +0000)
diff --git a/doc/Changelog b/doc/Changelog

index e0a03701e7c452385005edd67ec02527ec8eacf1..c891c4c892038d968f5bc4a5d1c56546e3162f2d 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -2,6 +2,8 @@
         - please doxygen
         - add val-log-level print to corner case (nameserver.epost.bg).
         - more detail to errors from insecure delegation checks.
+       - Fix double time subtraction in negative cache reported by 
+         Amanda Constant and Hugh Mahon.
  
  7 October 2009: Wouter
         - retry for validation failure in DS and prime results. Less mem use.
diff --git a/validator/val_neg.c b/validator/val_neg.c

index b6a9ca4391dec44f7dd11cdc9a1eaf898084b4e1..03b48a3eab09fc400bfa16f7ce22ea2773f29e24 100644 (file)
--- a/validator/val_neg.c
+++ b/validator/val_neg.c
@@ -1276,7 +1276,8 @@ neg_nsec3_proof_ds(struct val_neg_zone* zone, uint8_t* qname, size_t qname_len,
                 if(!(msg = dns_msg_create(qname, qname_len, 
                         LDNS_RR_TYPE_DS, zone->dclass, region, 1))) 
                         return NULL;
-               if(!dns_msg_authadd(msg, region, ce_rrset, now)) 
+               /* TTL reduced in grab_nsec */
+               if(!dns_msg_authadd(msg, region, ce_rrset, 0)) 
                         return NULL;
                 return msg;
         }
@@ -1302,9 +1303,10 @@ neg_nsec3_proof_ds(struct val_neg_zone* zone, uint8_t* qname, size_t qname_len,
                 if(!(msg = dns_msg_create(qname, qname_len, 
                         LDNS_RR_TYPE_DS, zone->dclass, region, 2))) 
                         return NULL;
-               if(!dns_msg_authadd(msg, region, ce_rrset, now)) 
+               /* now=0 because TTL was reduced in grab_nsec */
+               if(!dns_msg_authadd(msg, region, ce_rrset, 0)) 
                         return NULL;
-               if(!dns_msg_authadd(msg, region, nc_rrset, now)) 
+               if(!dns_msg_authadd(msg, region, nc_rrset, 0)) 
                         return NULL;
                 return msg;
         }
@@ -1340,7 +1342,8 @@ val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo,
                 if(!(msg = dns_msg_create(qinfo->qname, qinfo->qname_len, 
                         qinfo->qtype, qinfo->qclass, region, 1))) 
                         return NULL;
-               if(!dns_msg_authadd(msg, region, rrset, now)) 
+               /* TTL already subtracted in grab_nsec */
+               if(!dns_msg_authadd(msg, region, rrset, 0)) 
                         return NULL;
                 return msg;
         }
author	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Thu, 8 Oct 2009 09:18:40 +0000 (09:18 +0000)
committer	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Thu, 8 Oct 2009 09:18:40 +0000 (09:18 +0000)
doc/Changelog		patch \| blob \| blame \| history
validator/val_neg.c		patch \| blob \| blame \| history