From: Mark Andrews Date: Thu, 25 Aug 2011 06:20:07 +0000 (+0000) Subject: save the result of is_response(msg) so it can be treated as a invariant by clang X-Git-Tag: v9.9.0a2~1^2~127 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f67bcc9dc631ddc5ae263e969658331044f2b150;p=thirdparty%2Fbind9.git save the result of is_response(msg) so it can be treated as a invariant by clang --- diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c index e72e147357a..fe881f59da3 100644 --- a/lib/dns/tsig.c +++ b/lib/dns/tsig.c @@ -16,7 +16,7 @@ */ /* - * $Id: tsig.c,v 1.148 2011/03/21 19:54:03 each Exp $ + * $Id: tsig.c,v 1.149 2011/08/25 06:20:07 marka Exp $ */ /*! \file */ #include @@ -889,6 +889,7 @@ dns_tsig_sign(dns_message_t *msg) { isc_result_t ret; unsigned char badtimedata[BADTIMELEN]; unsigned int sigsize = 0; + isc_boolean_t response = is_response(msg); REQUIRE(msg != NULL); REQUIRE(VALID_TSIG_KEY(dns_message_gettsigkey(msg))); @@ -896,7 +897,7 @@ dns_tsig_sign(dns_message_t *msg) { /* * If this is a response, there should be a query tsig. */ - if (is_response(msg) && msg->querytsig == NULL) + if (response && msg->querytsig == NULL) return (DNS_R_EXPECTEDTSIG); dynbuf = NULL; @@ -919,7 +920,7 @@ dns_tsig_sign(dns_message_t *msg) { isc_buffer_init(&databuf, data, sizeof(data)); - if (is_response(msg)) + if (response) tsig.error = msg->querytsigstatus; else tsig.error = dns_rcode_noerror; @@ -948,7 +949,7 @@ dns_tsig_sign(dns_message_t *msg) { /* * If this is a response, digest the query signature. */ - if (is_response(msg)) { + if (response) { dns_rdata_t querytsigrdata = DNS_RDATA_INIT; ret = dns_rdataset_first(msg->querytsig); @@ -1068,7 +1069,7 @@ dns_tsig_sign(dns_message_t *msg) { digestbits = dst_key_getbits(key->key); if (digestbits != 0) { unsigned int bytes = (digestbits + 1) / 8; - if (is_response(msg) && bytes < querytsig.siglen) + if (response && bytes < querytsig.siglen) bytes = querytsig.siglen; if (bytes > isc_buffer_usedlength(&sigbuf)) bytes = isc_buffer_usedlength(&sigbuf); @@ -1170,10 +1171,12 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, isc_uint16_t addcount, id; unsigned int siglen; unsigned int alg; + isc_boolean_t response; REQUIRE(source != NULL); REQUIRE(DNS_MESSAGE_VALID(msg)); tsigkey = dns_message_gettsigkey(msg); + response = is_response(msg); REQUIRE(tsigkey == NULL || VALID_TSIG_KEY(tsigkey)); @@ -1195,8 +1198,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, * If this is a response and there's no key or query TSIG, there * shouldn't be one on the response. */ - if (is_response(msg) && - (tsigkey == NULL || msg->querytsig == NULL)) + if (response && (tsigkey == NULL || msg->querytsig == NULL)) return (DNS_R_UNEXPECTEDTSIG); mctx = msg->mctx; @@ -1215,7 +1217,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, if (ret != ISC_R_SUCCESS) return (ret); dns_rdata_reset(&rdata); - if (is_response(msg)) { + if (response) { ret = dns_rdataset_first(msg->querytsig); if (ret != ISC_R_SUCCESS) return (ret); @@ -1228,7 +1230,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, /* * Do the key name and algorithm match that of the query? */ - if (is_response(msg) && + if (response && (!dns_name_equal(keyname, &tsigkey->name) || !dns_name_equal(&tsig.algorithm, &querytsig.algorithm))) { msg->tsigstatus = dns_tsigerror_badkey; @@ -1326,7 +1328,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, if (ret != ISC_R_SUCCESS) return (ret); - if (is_response(msg)) { + if (response) { isc_buffer_init(&databuf, data, sizeof(data)); isc_buffer_putuint16(&databuf, querytsig.siglen); isc_buffer_usedregion(&databuf, &r);