From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Fri, 9 Jul 2021 09:51:50 +0000 (+0200)
Subject: cookies: move consts to class instead of defines
X-Git-Tag: dnsdist-1.7.0-alpha1~3^2~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5a93bcbbc616a0fcbb40c0ae3289d6ed24301e32;p=thirdparty%2Fpdns.git

cookies: move consts to class instead of defines
---

diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index 70e41685ce..f591db5697 100644
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -585,8 +585,8 @@ void mainthread()
 #ifdef HAVE_CRYPTO_SHORTHASH // we can do siphash-based cookies
      DNSPacket::s_doEDNSCookieProcessing = true;
      try {
-       if (::arg()["edns-cookie-secret"].size() != EDNSCOOKIESECRETSIZE) {
-         throw std::range_error("wrong size (" + std::to_string(::arg()["edns-cookie-secret"].size()) + "), must be " + std::to_string(EDNSCOOKIESECRETSIZE));
+       if (::arg()["edns-cookie-secret"].size() != EDNSCookiesOpt::EDNSCookieSecretSize) {
+         throw std::range_error("wrong size (" + std::to_string(::arg()["edns-cookie-secret"].size()) + "), must be " + std::to_string(EDNSCookiesOpt::EDNSCookieSecretSize));
        }
        DNSPacket::s_EDNSCookieKey = makeBytesFromHex(::arg()["edns-cookie-secret"]);
      } catch(const std::range_error &e) {
diff --git a/pdns/dnspacket.cc b/pdns/dnspacket.cc
index 27aa562347..5ba0eda092 100644
--- a/pdns/dnspacket.cc
+++ b/pdns/dnspacket.cc
@@ -332,7 +332,7 @@ void DNSPacket::wrapup()
 
   if (d_haveednscookie) {
     if (d_eco.isWellFormed()) {
-        optsize += EDNSCOOKIEOPTSIZE;
+        optsize += EDNSCookiesOpt::EDNSCookieOptSize;
     }
   }
 
diff --git a/pdns/ednscookies.cc b/pdns/ednscookies.cc
index bdc65367e1..d9f079c03c 100644
--- a/pdns/ednscookies.cc
+++ b/pdns/ednscookies.cc
@@ -142,6 +142,8 @@ bool EDNSCookiesOpt::shouldRefresh()
 bool EDNSCookiesOpt::makeServerCookie(const string& secret, const ComboAddress& source)
 {
 #ifdef HAVE_CRYPTO_SHORTHASH
+  static_assert(EDNSCookieSecretSize == crypto_shorthash_KEYBYTES * 2, "The EDNSCookieSecretSize is not twice crypto_shorthash_KEYBYTES");
+
   if (isValid(secret, source) && !shouldRefresh()) {
     return true;
   }
diff --git a/pdns/ednscookies.hh b/pdns/ednscookies.hh
index c55542f99d..7e25d37081 100644
--- a/pdns/ednscookies.hh
+++ b/pdns/ednscookies.hh
@@ -23,11 +23,11 @@
 #include "namespaces.hh"
 #include "iputils.hh"
 
-#define EDNSCOOKIESECRETSIZE 32
-#define EDNSCOOKIEOPTSIZE 24
-
 struct EDNSCookiesOpt
 {
+  static const size_t EDNSCookieSecretSize = 32;
+  static const size_t EDNSCookieOptSize = 24;
+
   EDNSCookiesOpt(){};
   EDNSCookiesOpt(const std::string& option);
   EDNSCookiesOpt(const char* option, unsigned int len);