From: Vladimír Čunát <vladimir.cunat@nic.cz>
Date: Mon, 28 Nov 2016 17:22:06 +0000 (+0100)
Subject: EDNS(0) padding: fixup nitpicks and minor issues
X-Git-Tag: v1.2.0-rc1~71^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2238603a63c250b97237565b7d78f55f5155dc45;p=thirdparty%2Fknot-resolver.git

EDNS(0) padding: fixup nitpicks and minor issues
---

diff --git a/daemon/lua/kres.lua b/daemon/lua/kres.lua
index 7256c3f2f..d69314f5f 100644
--- a/daemon/lua/kres.lua
+++ b/daemon/lua/kres.lua
@@ -112,7 +112,6 @@ struct query_flag {
 	static const int BADCOOKIE_AGAIN = 1 << 22;
 	static const int CNAME       = 1 << 23;
 	static const int REORDER_RR  = 1 << 24;
-	static const int TLS         = 1 << 25;
 };
 
 /*
diff --git a/daemon/worker.c b/daemon/worker.c
index bf468d175..e4cb88998 100644
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -721,7 +721,7 @@ static int qr_task_step(struct qr_task *task, const struct sockaddr *packet_sour
 	task->addrlist = NULL;
 	task->addrlist_count = 0;
 	task->addrlist_turn = 0;
-	task->req.has_tls = (task->session && task->session->has_tls) ? true : false;
+	task->req.has_tls = (task->session && task->session->has_tls);
 	int state = kr_resolve_consume(&task->req, packet_source, packet);
 	while (state == KNOT_STATE_PRODUCE) {
 		state = kr_resolve_produce(&task->req, &task->addrlist, &sock_type, task->pktbuf);
diff --git a/lib/resolve.c b/lib/resolve.c
index 706c5b6a8..ae07927e5 100644
--- a/lib/resolve.c
+++ b/lib/resolve.c
@@ -340,31 +340,36 @@ static void write_extra_records(rr_array_t *arr, knot_pkt_t *answer)
 	}
 }
 
+/** @internal Add an EDNS padding RR into the answer if requested and required. */
 static int answer_padding(struct kr_request *request)
 {
+	if (!request || !request->answer || !request->ctx) {
+		assert(false);
+		return kr_error(EINVAL);
+	}
 	uint16_t padding = request->ctx->tls_padding;
 	knot_pkt_t *answer = request->answer;
 	knot_rrset_t *opt_rr = answer->opt_rr;
-	
+
 	if (padding < 2) {
-		return true;
+		return kr_ok();
 	}
 	int32_t max_pad_bytes = knot_edns_get_payload(opt_rr) - (answer->size + knot_rrset_size(opt_rr));
-	
+
 	int32_t pad_bytes = MIN(knot_edns_alignment_size(answer->size, knot_rrset_size(opt_rr), padding),
 				max_pad_bytes);
 
-	if (pad_bytes > 0) {
-		uint8_t zeros[pad_bytes];
+	if (pad_bytes >= 0) {
+		uint8_t zeros[MAX(1, pad_bytes)];
 		memset(zeros, 0, sizeof(zeros));
 		int r = knot_edns_add_option(opt_rr, KNOT_EDNS_OPTION_PADDING,
 					     pad_bytes, zeros, &answer->mm);
 		if (r != KNOT_EOK) {
 			knot_rrset_clear(opt_rr, &answer->mm);
-			return false;
+			return kr_error(r);
 		}
 	}
-	return true;
+	return kr_ok();
 }
 
 static int answer_fail(struct kr_request *request)
@@ -377,7 +382,7 @@ static int answer_fail(struct kr_request *request)
 	if (ret == 0 && answer->opt_rr) {
 		/* OPT in SERVFAIL response is still useful for cookies/additional info. */
 		knot_pkt_begin(answer, KNOT_ADDITIONAL);
-		answer_padding(request); /* Ignore failed padding in SERVFAIL answer a*/
+		answer_padding(request); /* Ignore failed padding in SERVFAIL answer. */
 		ret = edns_put(answer);
 	}
 	return ret;
@@ -408,7 +413,7 @@ static int answer_finalize(struct kr_request *request, int state)
 	int ret = 0;
 	if (answer->opt_rr) {
 		if (request->has_tls) {
-			if (!answer_padding(request)) {
+			if (answer_padding(request) != kr_ok()) {
 				return answer_fail(request);
 			}
 		}
diff --git a/lib/resolve.h b/lib/resolve.h
index 099701cda..21d6a9424 100644
--- a/lib/resolve.h
+++ b/lib/resolve.h
@@ -99,7 +99,7 @@ struct kr_context
 	 * module because of better access. */
 	struct kr_cookie_ctx cookie_ctx;
 	kr_cookie_lru_t *cache_cookie;
-	uint32_t tls_padding;
+	uint32_t tls_padding; /**< See net.tls_padding in ../daemon/README.rst */
 	knot_mm_t *pool;
 };
 
diff --git a/lib/rplan.h b/lib/rplan.h
index 402a811f8..66bdef099 100644
--- a/lib/rplan.h
+++ b/lib/rplan.h
@@ -49,8 +49,7 @@
 	X(STRICT,          1 << 21) /**< Strict resolver mode. */ \
 	X(BADCOOKIE_AGAIN, 1 << 22) /**< Query again because bad cookie returned. */ \
 	X(CNAME,	   1 << 23) /**< Query response contains CNAME in answer section. */ \
-	X(REORDER_RR,      1 << 24) /**< Reorder cached RRs. */ \
-	X(TLS,             1 << 25) /**< Use TLS for this query. */
+	X(REORDER_RR,      1 << 24) /**< Reorder cached RRs. */
 
 /** Query flags */
 enum kr_query_flag {