From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Tue, 10 Jun 2025 10:44:34 +0000 (+0200)
Subject: Implement and use rfc1982LessThanOrEqual, use C++ style casts
X-Git-Tag: dnsdist-2.0.0-beta1~7^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=637f51ef4b5ab8716b92863989d7d3de2b98e182;p=thirdparty%2Fpdns.git

Implement and use rfc1982LessThanOrEqual, use C++ style casts
---

diff --git a/pdns/misc.hh b/pdns/misc.hh
index ee03a5112c..0b2d088383 100644
--- a/pdns/misc.hh
+++ b/pdns/misc.hh
@@ -146,10 +146,16 @@ stringtok (Container &container, string const &in,
   }
 }
 
-template<typename T> bool rfc1982LessThan(T a, T b)
+template<typename T> bool rfc1982LessThan(T lhs, T rhs)
 {
   static_assert(std::is_unsigned_v<T>, "rfc1982LessThan only works for unsigned types");
-  return std::make_signed_t<T>(a - b) < 0;
+  return static_cast<std::make_signed_t<T>>(lhs - rhs) < 0;
+}
+
+template<typename T> bool rfc1982LessThanOrEqual(T lhs, T rhs)
+{
+  static_assert(std::is_unsigned_v<T>, "rfc1982LessThanOrEqual only works for unsigned types");
+  return static_cast<std::make_signed_t<T>>(lhs - rhs) <= 0;
 }
 
 // fills container with ranges, so {posbegin,posend}
diff --git a/pdns/validate.cc b/pdns/validate.cc
index e1e38b50d1..c7cec0549d 100644
--- a/pdns/validate.cc
+++ b/pdns/validate.cc
@@ -973,12 +973,12 @@ dState getDenial(const cspmap_t &validrrsets, const DNSName& qname, const uint16
 
 bool isRRSIGNotExpired(const time_t now, const RRSIGRecordContent& sig)
 {
-  return rfc1982LessThan<uint32_t>(now, sig.d_sigexpire);
+  return rfc1982LessThanOrEqual<uint32_t>(now, sig.d_sigexpire);
 }
 
 bool isRRSIGIncepted(const time_t now, const RRSIGRecordContent& sig)
 {
-  return rfc1982LessThan<uint32_t>(sig.d_siginception - g_signatureInceptionSkew, now);
+  return rfc1982LessThanOrEqual<uint32_t>(sig.d_siginception - g_signatureInceptionSkew, now);
 }
 
 namespace {