From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Fri, 9 Jul 2021 09:31:02 +0000 (+0200)
Subject: Apply suggestions from code review
X-Git-Tag: dnsdist-1.7.0-alpha1~3^2~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7e02f20e2a6d6e727198e05eec4fc2be3b04dfb2;p=thirdparty%2Fpdns.git

Apply suggestions from code review

Co-authored-by: Remi Gacogne <github@coredump.fr>
---

diff --git a/docs/settings.rst b/docs/settings.rst
index eb6e8cdba5..1e3cdea499 100644
--- a/docs/settings.rst
+++ b/docs/settings.rst
@@ -633,7 +633,7 @@ disables caching.
 -  Default: (empty)
 
 When set, PowerDNS will respond with :rfc:`9018` EDNS Cookies to queries that have the EDNS0 Cookie option.
-PowerDNS will also respond with BADCOOKIE to clients that have no or a bad server cookie (section 5.2.3 and 5.2.4 of :rfc:`7873`).
+PowerDNS will also respond with BADCOOKIE to clients that have sent only a client cookie, or a bad server cookie (section 5.2.3 and 5.2.4 of :rfc:`7873`).
 
 This setting MUST be 32 hexadecimal characters, as the siphash algorithm's key used to create the cookie requires a 128-bit key.
 
diff --git a/pdns/Makefile.am b/pdns/Makefile.am
index 4bedb0a1f4..867d3c04cb 100644
--- a/pdns/Makefile.am
+++ b/pdns/Makefile.am
@@ -351,7 +351,7 @@ pdnsutil_SOURCES = \
 	dnssecsigner.cc \
 	dnswriter.cc dnswriter.hh \
 	dynlistener.cc \
-	ednscookies.cc \
+	ednscookies.cc ednscookies.hh \
 	ednsoptions.cc ednsoptions.hh \
 	ednssubnet.cc \
 	ipcipher.cc ipcipher.hh \
diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index b094b1d720..70e41685ce 100644
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -165,7 +165,7 @@ void declareArguments()
   ::arg().setSwitch("any-to-tcp","Answer ANY queries with tc=1, shunting to TCP")="yes";
   ::arg().setSwitch("edns-subnet-processing","If we should act on EDNS Subnet options")="no";
 
-  ::arg().set("edns-cookie-secret", "When set, set a server cookie in a response to a query with a Client cookie (in hex)")="";
+  ::arg().set("edns-cookie-secret", "When set, set a server cookie when responding to a query with a Client cookie (in hex)")="";
 
   ::arg().setSwitch("webserver","Start a webserver for monitoring (api=yes also enables the HTTP listener)")="no";
   ::arg().setSwitch("webserver-print-arguments","If the webserver should print arguments")="no";
@@ -594,7 +594,7 @@ void mainthread()
        exit(1);
      }
 #else
-     g_log<<Logger::Error<<"Support for EDNS Cookies is not available because of missing cryptographic functions"<<endl;
+     g_log<<Logger::Error<<"Support for EDNS Cookies is not available because of missing cryptographic functions (libsodium support should be enabled, with the crypto_shorthash() function available)"<<endl;
      exit(1);
 #endif
    }
diff --git a/pdns/ednscookies.cc b/pdns/ednscookies.cc
index 29f60fcdb2..bdc65367e1 100644
--- a/pdns/ednscookies.cc
+++ b/pdns/ednscookies.cc
@@ -151,10 +151,11 @@ bool EDNSCookiesOpt::makeServerCookie(const string& secret, const ComboAddress&
   }
 
   server.clear();
+  server.reserve(16);
   server = "\x01"; // Version
   server.resize(4, '\0'); // 3 reserved bytes
   uint32_t now = htonl(static_cast<uint32_t>(time(nullptr)));
-  server += string(reinterpret_cast<const char*>(&now), 4);
+  server += string(reinterpret_cast<const char*>(&now), sizeof(now));
   server.resize(8);
 
   string toHash = client;