static knot_db_val_t key_NSEC3_common(struct key *k, const knot_dname_t *zname,
const nsec_p_hash_t nsec_p_hash)
{
- int ret;
- const bool ok = k && zname
- && !(ret = kr_dname_lf(k->buf, zname, false));
- if (!ok) {
- assert(false);
+ if (!kr_assume(k && zname && !kr_dname_lf(k->buf, zname, false)))
return VAL_EMPTY;
- }
/* CACHE_KEY_DEF: key == zone's dname_lf + '\0' + '3' + nsec_p hash (4B)
* + NSEC3 hash (20B == NSEC3_HASH_LEN binary!)
.data = (uint8_t *)/*const-cast*/name,
};
- if (nsec_p->libknot.iterations > KR_NSEC3_MAX_ITERATIONS) {
+ if (!kr_assume(nsec_p->libknot.iterations <= KR_NSEC3_MAX_ITERATIONS)) {
/* This is mainly defensive; it shouldn't happen thanks to downgrades. */
- assert(false);
return VAL_EMPTY;
}
#if 0 // LATER(optim.): this requires a patched libdnssec - tries to realloc()
};
int ret = dnssec_nsec3_hash(&dname, &nsec_p->libknot, &hash);
if (ret != DNSSEC_EOK) return VAL_EMPTY;
- assert(hash.size == NSEC3_HASH_LEN);
+ if (!kr_assume(hash.size == NSEC3_HASH_LEN))
+ return VAL_EMPTY;
#else
dnssec_binary_t hash = { .size = 0, .data = NULL };
int ret = dnssec_nsec3_hash(&dname, &nsec_p->libknot, &hash);
if (ret != DNSSEC_EOK) return VAL_EMPTY;
- if (hash.size != NSEC3_HASH_LEN || !hash.data) {
- assert(false);
+ if (!kr_assume(hash.size == NSEC3_HASH_LEN && hash.data))
return VAL_EMPTY;
- }
memcpy(knot_db_val_bound(val), hash.data, NSEC3_HASH_LEN);
free(hash.data);
#endif
{
/* Do the cache operation. */
const size_t hash_off = key_nsec3_hash_off(k);
- if (!key.data || key.len < hash_off) {
- assert(false);
+ if (!kr_assume(key.data && key.len >= hash_off))
return "range search ERROR";
- }
knot_db_val_t key_found = key;
knot_db_val_t val = { NULL, 0 };
int ret = cache_op(cache, read_leq, &key_found, &val);
* would probably be slightly more efficient with LMDB,
* but the code complexity would grow considerably. */
if (ret < 0) {
- if (ret == kr_error(ENOENT)) {
+ if (kr_assume(ret == kr_error(ENOENT))) {
return "range search miss";
} else {
- assert(false);
return "range search ERROR";
}
}
}
/* We know it starts before sname, so let's check the other end.
* A. find the next hash and check its length. */
- if (KR_CACHE_RR_COUNT_SIZE != 2 || get_uint16(eh->data) == 0) {
- assert(false);
- return "ERROR";
- /* TODO: more checks? Also, `next` computation is kinda messy. */
- }
+ if (!kr_assume(KR_CACHE_RR_COUNT_SIZE == 2 && get_uint16(eh->data) != 0))
+ return "ERROR"; /* TODO: more checks? Also, `next` computation is kinda messy. */
const uint8_t *hash_next = nsec_p_raw + nsec_p_len
+ sizeof(uint8_t) /* hash length from rfc5155 */;
if (hash_next[-1] != NSEC3_HASH_LEN) {
* \param text must have length at least NSEC3_HASH_TXT_LEN+1 (will get 0-terminated). */
static void key_NSEC3_hash2text(const knot_db_val_t key, char *text)
{
- assert(key.data && key.len > NSEC3_HASH_LEN);
+ kr_require(key.data && key.len > NSEC3_HASH_LEN);
const uint8_t *hash_raw = knot_db_val_bound(key) - NSEC3_HASH_LEN;
/* CACHE_KEY_DEF ^^ */
int len = base32hex_encode(hash_raw, NSEC3_HASH_LEN, (uint8_t *)text,
NSEC3_HASH_TXT_LEN);
- assert(len == NSEC3_HASH_TXT_LEN); (void)len;
+ (void)!kr_assume(len == NSEC3_HASH_TXT_LEN);
text[NSEC3_HASH_TXT_LEN] = '\0';
}
const uint8_t *hash_raw)
{
int len = base32hex_encode(hash_raw, NSEC3_HASH_LEN, buf + 1, NSEC3_HASH_TXT_LEN);
- if (len != NSEC3_HASH_TXT_LEN) {
- assert(false);
+ if (!kr_assume(len == NSEC3_HASH_TXT_LEN))
return kr_error(EINVAL);
- }
buf[0] = len;
int ret = knot_dname_to_wire(buf + 1 + len, zname, KNOT_DNAME_MAXLEN - 1 - len);
return ret < 0 ? kr_error(ret) : kr_ok();
static void nsec3_hash2text(const knot_dname_t *owner, char *text)
{
- assert(owner[0] == NSEC3_HASH_TXT_LEN);
+ kr_require(owner[0] == NSEC3_HASH_TXT_LEN);
memcpy(text, owner + 1, MIN(owner[0], NSEC3_HASH_TXT_LEN));
text[NSEC3_HASH_TXT_LEN] = '\0';
}
/* Basic sanity check. */
const bool ok = k && k->zname && ans && clencl_labels
&& qry && cache;
- if (!ok) {
- assert(!EINVAL);
+ if (!kr_assume(ok))
return kr_error(EINVAL);
- }
/*** Find the closest encloser - cycle: name starting at sname,
* proceeding while longer than zname, shortening by one label on step.
const knot_rrset_t *nsec_rr = ans->rrsets[ans_id].set.rr;
const uint8_t *bm = knot_nsec3_bitmap(nsec_rr->rrs.rdata);
uint16_t bm_size = knot_nsec3_bitmap_len(nsec_rr->rrs.rdata);
- assert(bm);
+ if (!kr_assume(bm))
+ return kr_error(EFAULT);
if (name_labels == sname_labels) {
if (kr_nsec_bitmap_nodata_check(bm, bm_size, qry->stype,
nsec_rr->owner) != 0) {
} /* else */
- assert(name_labels + 1 == last_nxproven_labels);
+ if (!kr_assume(name_labels + 1 == last_nxproven_labels))
+ return kr_error(EINVAL);
if (kr_nsec_children_in_zone_check(bm, bm_size) != 0) {
VERBOSE_MSG(qry,
"=> NSEC3 encloser: found but delegated (or error)\n");
/* The wildcard exists. Find if it's NODATA - check type bitmap. */
const uint8_t *bm = knot_nsec3_bitmap(nsec_rr->rrs.rdata);
uint16_t bm_size = knot_nsec3_bitmap_len(nsec_rr->rrs.rdata);
- assert(bm);
+ if (!kr_assume(bm))
+ return kr_error(EFAULT);
if (kr_nsec_bitmap_nodata_check(bm, bm_size, qry->stype, nsec_rr->owner) == 0) {
/* NODATA proven; just need to add SOA+RRSIG later */
VERBOSE_MSG(qry, "=> NSEC3 wildcard: match proved NODATA, new TTL %d\n",
projects / thirdparty / knot-resolver.git / commitdiff
