From: Tomas Krizek Date: Wed, 13 Mar 2019 12:40:25 +0000 (+0100) Subject: modules/ta_update: remove all asserts X-Git-Tag: v4.0.0~15^2~28 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4936624262aadf84a462b810f29db4c5aa444f69;p=thirdparty%2Fknot-resolver.git modules/ta_update: remove all asserts --- diff --git a/modules/ta_update/ta_update.lua b/modules/ta_update/ta_update.lua index 771292fad..fc6a52ede 100644 --- a/modules/ta_update/ta_update.lua +++ b/modules/ta_update/ta_update.lua @@ -14,34 +14,40 @@ local key_state = { -- Find key in current keyset local function ta_find(keyset, rr) local rr_tag = C.kr_dnssec_key_tag(rr.type, rr.rdata, #rr.rdata) - assert(rr_tag >= 0 and rr_tag <= 65535, string.format('invalid RR: %s: %s', - kres.rr2str(rr), ffi.string(C.knot_strerror(rr_tag)))) + if rr_tag < 0 or rr_tag > 65535 then + warn(string.format('[ta_update] ignoring invalid or unsupported RR: %s: %s', + kres.rr2str(rr), ffi.string(C.knot_strerror(rr_tag)))) + return nil + end for i, ta in ipairs(keyset) do -- Match key owner and content local ta_tag = C.kr_dnssec_key_tag(ta.type, ta.rdata, #ta.rdata) - assert(ta_tag >= 0 and ta_tag <= 65535, string.format('invalid RR: %s: %s', - kres.rr2str(ta), ffi.string(C.knot_strerror(ta_tag)))) - if ta.owner == rr.owner then - if ta.type == rr.type then - if rr.type == kres.type.DNSKEY then - if C.kr_dnssec_key_match(ta.rdata, #ta.rdata, rr.rdata, #rr.rdata) == 0 then + if ta_tag < 0 or ta_tag > 65535 then + warn(string.format('[ta_update] ignoring invalid or unsupported RR: %s: %s', + kres.rr2str(ta), ffi.string(C.knot_strerror(ta_tag)))) + else + if ta.owner == rr.owner then + if ta.type == rr.type then + if rr.type == kres.type.DNSKEY then + if C.kr_dnssec_key_match(ta.rdata, #ta.rdata, rr.rdata, #rr.rdata) == 0 then + return ta + end + elseif rr.type == kres.type.DS and ta.rdata == rr.rdata then + return ta + end + -- DNSKEY superseding DS, inexact match + elseif rr.type == kres.type.DNSKEY and ta.type == kres.type.DS then + if ta.key_tag == rr_tag then + keyset[i] = rr -- Replace current DS + rr.state = ta.state + rr.key_tag = ta.key_tag + return rr + end + -- DS key matching DNSKEY, inexact match + elseif rr.type == kres.type.DS and ta.type == kres.type.DNSKEY then + if rr_tag == ta_tag then return ta end - elseif rr.type == kres.type.DS and ta.rdata == rr.rdata then - return ta - end - -- DNSKEY superseding DS, inexact match - elseif rr.type == kres.type.DNSKEY and ta.type == kres.type.DS then - if ta.key_tag == rr_tag then - keyset[i] = rr -- Replace current DS - rr.state = ta.state - rr.key_tag = ta.key_tag - return rr - end - -- DS key matching DNSKEY, inexact match - elseif rr.type == kres.type.DS and ta.type == kres.type.DNSKEY then - if rr_tag == ta_tag then - return ta end end end @@ -57,7 +63,7 @@ end -- Attempt to extract key_tag local key_tag = C.kr_dnssec_key_tag(rr.type, rr.rdata, #rr.rdata) if key_tag < 0 or key_tag > 65535 then - warn(string.format('[ ta_update ] ignoring invalid or unsupported RR: %s: %s', + warn(string.format('[ta_update] ignoring invalid or unsupported RR: %s: %s', kres.rr2str(rr), ffi.string(C.knot_strerror(key_tag)))) return false end @@ -114,8 +120,11 @@ local function ta_missing(ta, hold_down_time) -- Key is removed (KeyRem) local keep_ta = true local key_tag = C.kr_dnssec_key_tag(ta.type, ta.rdata, #ta.rdata) - assert(key_tag >= 0 and key_tag <= 65535, string.format('invalid RR: %s: %s', - kres.rr2str(ta), ffi.string(C.knot_strerror(key_tag)))) + if key_tag < 0 or key_tag > 65535 then + warn(string.format('[ta_update] ignoring invalid or unsupported RR: %s: %s', + kres.rr2str(ta), ffi.string(C.knot_strerror(key_tag)))) + key_tag = '' + end if ta.state == key_state.Valid then ta.state = key_state.Missing ta.timer = os.time() + hold_down_time