From: Ralph Dolmans Date: Mon, 12 Feb 2018 12:14:01 +0000 (+0000) Subject: - Processed aggressive NSEC code review remarks Wouter X-Git-Tag: release-1.7.0rc1~32 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0648475a6690c0ba7e3b9f09071dc40708e483b0;p=thirdparty%2Funbound.git - Processed aggressive NSEC code review remarks Wouter git-svn-id: file:///svn/unbound/trunk@4529 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index 971909a86..1e79a8be6 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,5 +1,6 @@ 12 February 2018: Ralph - Added tests with wildcard expanded NSEC records (CVE-2017-15105 test) + - Processed aggressive NSEC code review remarks Wouter 8 February 2018: Ralph - Aggressive use of NSEC implementation. Use cached NSEC records to diff --git a/validator/val_neg.c b/validator/val_neg.c index 8f14a5698..5c42edfe0 100644 --- a/validator/val_neg.c +++ b/validator/val_neg.c @@ -1508,7 +1508,7 @@ val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo, return msg; } else if(nsec && val_nsec_proves_name_error(nsec, qinfo->qname)) { if(!(msg = dns_msg_create(qinfo->qname, qinfo->qname_len, - qinfo->qtype, qinfo->qclass, region, 2))) + qinfo->qtype, qinfo->qclass, region, 3))) return NULL; if(!(ce = nsec_closest_encloser(qinfo->qname, nsec))) return NULL; @@ -1526,9 +1526,8 @@ val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo, wc_ce[0] = 1; wc_ce[1] = (uint8_t)'*'; memmove(wc_ce+2, ce, ce_len); - ce_len += 2; wc_qinfo.qname = wc_ce; - wc_qinfo.qname_len = ce_len; + wc_qinfo.qname_len = ce_len += 2; wc_qinfo.qtype = qinfo->qtype; @@ -1559,9 +1558,9 @@ val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo, } else { /* Get wildcard NSEC for possible non existence * proof */ - if(!(wcrr = neg_find_nsec(neg, wc_ce, ce_len, - qinfo->qclass, rrset_cache, now, - region))) + if(!(wcrr = neg_find_nsec(neg, wc_qinfo.qname, + wc_qinfo.qname_len, qinfo->qclass, + rrset_cache, now, region))) return NULL; nodata_wc = NULL;