3268. [bug] Convert RRSIG expiry times to 64 timestamps to work

                        out the earliest expiry time. [RT #23311]

diff --git a/CHANGES b/CHANGES
index 95959d8ceb20798431c676cafa1ad366145d12b7..9adfa0d0ccb426a4bdcadad62b0dfa2b2a088c4b 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+3268.  [bug]           Convert RRSIG expiry times to 64 timestamps to work
+                       out the earliest expiry time. [RT #23311]
+
 3267.  [bug]           Memory allocation failures could be mis-reported as
                        unexpected error.  New ISC_R_UNSET result code.
                        [RT #27336]

diff --git a/lib/dns/include/dns/time.h b/lib/dns/include/dns/time.h
index 5b47d11c13464a513a4bcaaee72624ed14399df1..ff817a92e6ce214b6ecdd3a5f448ced1a46f9464 100644 (file)
--- a/lib/dns/include/dns/time.h
+++ b/lib/dns/include/dns/time.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: time.h,v 1.17 2007/06/19 23:47:17 tbox Exp $ */
+/* $Id: time.h,v 1.18 2012/01/27 01:43:52 marka Exp $ */
 
 #ifndef DNS_TIME_H
 #define DNS_TIME_H 1
@@ -67,6 +67,12 @@ dns_time32_totext(isc_uint32_t value, isc_buffer_t *target);
  * current date is chosen.
  */
 
+isc_int64_t
+dns_time64_from32(isc_uint32_t value);
+/*%<
+ * Covert a 32-bit cyclic time value into a 64 bit time stamp. 
+ */
+
 ISC_LANG_ENDDECLS
 
 #endif /* DNS_TIME_H */

diff --git a/lib/dns/time.c b/lib/dns/time.c
index 993199850bc1cc554e78cadd36c9fb7796e6fd39..5c6cead24406a8b9d9acc0238f2d39543317c4ec 100644 (file)
--- a/lib/dns/time.c
+++ b/lib/dns/time.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: time.c,v 1.37 2011/03/09 23:47:17 tbox Exp $ */
+/* $Id: time.c,v 1.38 2012/01/27 01:43:51 marka Exp $ */
 
 /*! \file */
 
@@ -103,8 +103,8 @@ dns_time64_totext(isc_int64_t t, isc_buffer_t *target) {
        return (ISC_R_SUCCESS);
 }
 
-isc_result_t
-dns_time32_totext(isc_uint32_t value, isc_buffer_t *target) {
+isc_int64_t
+dns_time64_from32(isc_uint32_t value) {
        isc_stdtime_t now;
        isc_int64_t start;
        isc_int64_t t;
@@ -121,7 +121,13 @@ dns_time32_totext(isc_uint32_t value, isc_buffer_t *target) {
                t = start + (value - now);
        else
                t = start - (now - value);
-       return (dns_time64_totext(t, target));
+
+       return (t);
+}
+
+isc_result_t
+dns_time32_totext(isc_uint32_t value, isc_buffer_t *target) {
+       return (dns_time64_totext(dns_time64_from32(value), target));
 }
 
 isc_result_t

diff --git a/lib/dns/win32/libdns.def b/lib/dns/win32/libdns.def
index 615d068f9c3935b0663dead1f6864ae43d561f70..bf16469f4e056881369b3e9b0b13101459d56be9 100644 (file)
--- a/lib/dns/win32/libdns.def
+++ b/lib/dns/win32/libdns.def
@@ -686,6 +686,7 @@ dns_tcpmsg_readmessage
 dns_tcpmsg_setmaxsize
 dns_time32_fromtext
 dns_time32_totext
+dns_time64_from32
 dns_time64_fromtext
 dns_time64_totext
 dns_timer_setidle

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 3fbdca1059e4a7eb432f5f7e1e1cea083bd6934f..3da0a313181c4addaa0ac866103f98c1cf0f9ef2 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.c,v 1.664 2012/01/25 23:46:49 tbox Exp $ */
+/* $Id: zone.c,v 1.665 2012/01/27 01:43:51 marka Exp $ */
 
 /*! \file */
 
@@ -76,6 +76,7 @@
 #include <dns/soa.h>
 #include <dns/ssu.h>
 #include <dns/stats.h>
+#include <dns/time.h>
 #include <dns/tsig.h>
 #include <dns/update.h>
 #include <dns/xfrin.h>
@@ -5001,7 +5002,7 @@ offline(dns_db_t *db, dns_dbversion_t *ver, dns_diff_t *diff, dns_name_t *name,
 }
 
 static void
-set_key_expiry_warning(dns_zone_t *zone, isc_stdtime_t when, isc_stdtime_t now)
+set_key_expiry_warning(dns_zone_t *zone, isc_uint64_t when, isc_stdtime_t now)
 {
        unsigned int delta;
        char timebuf[80];
@@ -5080,7 +5081,7 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
        unsigned int i;
        dns_rdata_rrsig_t rrsig;
        isc_boolean_t found, changed;
-       isc_stdtime_t warn = 0, maybe = 0;
+       isc_int64_t warn = 0, maybe = 0;
 
        dns_rdataset_init(&rdataset);
 
@@ -5182,21 +5183,20 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
                                 * iff there is a new offline signature.
                                 */
                                if (!dst_key_isprivate(keys[i])) {
-                                       if (warn != 0 &&
-                                           warn > rrsig.timeexpire)
-                                               warn = rrsig.timeexpire;
+                                       isc_int64_t timeexpire =
+                                          dns_time64_from32(rrsig.timeexpire);
+                                       if (warn != 0 && warn > timeexpire)
+                                               warn = timeexpire;
                                        if (rdata.flags & DNS_RDATA_OFFLINE) {
                                                if (maybe == 0 ||
-                                                   maybe > rrsig.timeexpire)
-                                                       maybe =
-                                                            rrsig.timeexpire;
+                                                   maybe > timeexpire)
+                                                       maybe = timeexpire;
                                                break;
                                        }
                                        if (warn == 0)
                                                warn = maybe;
-                                       if (warn == 0 ||
-                                           warn > rrsig.timeexpire)
-                                               warn = rrsig.timeexpire;
+                                       if (warn == 0 || warn > timeexpire)
+                                               warn = timeexpire;
                                        result = offline(db, ver, diff, name,
                                                         rdataset.ttl, &rdata);
                                        break;
@@ -5227,8 +5227,18 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
        dns_rdataset_disassociate(&rdataset);
        if (result == ISC_R_NOMORE)
                result = ISC_R_SUCCESS;
-       if (warn != 0)
-               set_key_expiry_warning(zone, warn, now);
+       if (warn > 0) {
+#if defined(STDTIME_ON_32BITS)
+               isc_stdtime_t stdwarn = (isc_stdtime_t)warn;
+               if (warn == stdwarn)
+#endif
+                       set_key_expiry_warning(zone, (isc_stdtime_t)warn, now);
+#if defined(STDTIME_ON_32BITS)
+               else
+                       dns_zone_log(zone, ISC_LOG_ERROR,
+                                    "key expiry warning time out of range");
+#endif
+       }
  failure:
        if (node != NULL)
                dns_db_detachnode(db, &node);