From: Grigorii Demidov <grigorii.demidov@nic.cz>
Date: Fri, 12 Feb 2016 09:51:59 +0000 (+0100)
Subject: dnssec/nsec3: missed kr_error() fixed
X-Git-Tag: v1.0.0~59^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8b8c797185187c11fa9794e8a0c6ff2a92e74586;p=thirdparty%2Fknot-resolver.git

dnssec/nsec3: missed kr_error() fixed
---

diff --git a/lib/dnssec/nsec3.c b/lib/dnssec/nsec3.c
index 87b72f5ba..9327c275e 100644
--- a/lib/dnssec/nsec3.c
+++ b/lib/dnssec/nsec3.c
@@ -681,10 +681,10 @@ int kr_nsec3_no_data_ds(const knot_pkt_t *pkt, knot_section_t section_id,
 
 	assert(encloser_name && covering_next_nsec3);
 	if (!has_optout(covering_next_nsec3)) {
-		ret = DNSSEC_NOT_FOUND;
+		/* Don't satisfies RFC5155 8.6, second paragraph. */
+		ret = kr_error(DNSSEC_NOT_FOUND);
 	}
 
-	/* Satisfies RFC5155 8.6, second paragraph. */
 	return ret;
 }
 
@@ -727,7 +727,7 @@ int kr_nsec3_no_data_no_ds(const knot_pkt_t *pkt, knot_section_t section_id,
 		 * denial of existance can not be proven.
 		 * Set error code to proceed unsecure.
 		 */
-		ret = DNSSEC_NOT_FOUND;
+		ret = kr_error(DNSSEC_NOT_FOUND);
 	}
 	
 	return ret;
diff --git a/lib/layer/validate.c b/lib/layer/validate.c
index 2e8387c31..fb8e0ff3f 100644
--- a/lib/layer/validate.c
+++ b/lib/layer/validate.c
@@ -425,7 +425,7 @@ static int validate(knot_layer_t *ctx, knot_pkt_t *pkt)
 				ret = kr_nsec3_no_data_no_ds(pkt, KNOT_AUTHORITY, knot_pkt_qname(pkt), knot_pkt_qtype(pkt));
 			}
 			if (ret != 0) {
-				if (has_nsec3 && (ret == DNSSEC_NOT_FOUND)) {
+				if (has_nsec3 && (ret == kr_error(DNSSEC_NOT_FOUND))) {
 					DEBUG_MSG(qry, "<= can't prove NODATA due to optout, going insecure\n");
 					qry->flags &= ~QUERY_DNSSEC_WANT;
 					qry->flags |= QUERY_DNSSEC_INSECURE;