Commit Diff
Diff:
b40096ca9fb19b32104ae30aefbbea0eac600b1e
88e1f5170fea07586416f9ba2de5f36b99985cc7
Commit:
88e1f5170fea07586416f9ba2de5f36b99985cc7
Tree:
07457e62d542db579d3da6ceeea1ba3859efe6f6
Author:
pjp <pjp@delphinusdns.org>
Committer:
pjp <pjp@delphinusdns.org>
Date:
Wed Feb 27 19:11:41 2019 UTC
Message:
follow up commit of tsig code. TSIG'ed notify and AXFR work now. Important snippet from RFC 2845 is: "The first envelope is processed as a standard answer, and subsequent messages have the following digest components:", when realising what a "standard" answer is I began to see the light. This was a long painful debug.
blob - 2e7ca6073a4164d30b96b25cf9b09255c2ede7e8
blob + 749201c595d532238952a0a38c6654ad7e863f51
--- additional.c
+++ additional.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: additional.c,v 1.23 2019/02/26 07:45:56 pjp Exp $
+ * $Id: additional.c,v 1.24 2019/02/27 19:11:41 pjp Exp $
*/
#include "ddd-include.h"
@@ -45,7 +45,7 @@ int additional_ptr(char *, int, struct rbtree *, char
int additional_rrsig(char *, int, int, struct rbtree *, char *, int, int, int);
int additional_nsec(char *, int, int, struct rbtree *, char *, int, int);
int additional_nsec3(char *, int, int, struct rbtree *, char *, int, int);
-int additional_tsig(struct question *, char *, int, int, int);
+int additional_tsig(struct question *, char *, int, int, int, int);
extern int compress_label(u_char *, int, int);
extern struct rbtree * find_rrset(ddDB *db, char *name, int len);
@@ -357,15 +357,17 @@ out:
*/
int
-additional_tsig(struct question *question, char *reply, int replylen, int offset, int request)
+additional_tsig(struct question *question, char *reply, int replylen, int offset, int request, int axfrmode)
{
- struct dns_tsigrr *answer, *ppanswer;
+ struct dns_tsigrr *answer, *ppanswer, *timers;
u_int16_t *sval;
u_int16_t macsize = 32;
u_int32_t *lval;
int tsignamelen;
int ppoffset = 0;
+ int ttlen = 0;
char *pseudo_packet = NULL;
+ char *tsig_timers = NULL;
struct dns_header *odh;
char tsigkey[512];
time_t now;
@@ -375,28 +377,51 @@ additional_tsig(struct question *question, char *reply
goto out;
}
- if (request == 0) {
- if (question->tsig.tsigerrorcode && question->tsig.tsigerrorcode != DNS_BADTIME) {
- ppoffset = 0;
- sval = (u_int16_t *)&pseudo_packet[ppoffset];
- *sval = htons(0);
- ppoffset += 2;
- } else {
- /* RFC 2845 section 3.4.3 */
- ppoffset = 0;
- sval = (u_int16_t *)&pseudo_packet[ppoffset];
- *sval = htons(question->tsig.tsigmaclen);
- ppoffset += 2;
+ now = time(NULL);
- memcpy(&pseudo_packet[ppoffset], question->tsig.tsigmac, question->tsig.tsigmaclen);
- ppoffset += question->tsig.tsigmaclen;
+ if (axfrmode) {
+ tsig_timers = malloc(replylen);
+ if (tsig_timers == NULL)
+ goto out;
+
+ ttlen = 0;
+ sval = (u_int16_t *)&tsig_timers[ttlen];
+ *sval = htons(question->tsig.tsigmaclen);
+ ttlen += 2;
+
+ memcpy(&tsig_timers[ttlen], question->tsig.tsigmac, question->tsig.tsigmaclen);
+ ttlen += question->tsig.tsigmaclen;
+
+ question->tsig.tsigerrorcode = 0; /* to be sure */
+ } else {
+ if (request == 0) {
+ if (question->tsig.tsigerrorcode && question->tsig.tsigerrorcode != DNS_BADTIME) {
+ ppoffset = 0;
+ sval = (u_int16_t *)&pseudo_packet[ppoffset];
+ *sval = htons(0);
+ ppoffset += 2;
+ } else {
+ /* RFC 2845 section 3.4.3 */
+ ppoffset = 0;
+ sval = (u_int16_t *)&pseudo_packet[ppoffset];
+ *sval = htons(question->tsig.tsigmaclen);
+ ppoffset += 2;
+
+ memcpy(&pseudo_packet[ppoffset], question->tsig.tsigmac, question->tsig.tsigmaclen);
+ ppoffset += question->tsig.tsigmaclen;
+ }
}
}
-
+
odh = (struct dns_header *)reply;
memcpy(&pseudo_packet[ppoffset], &reply[0], offset);
ppoffset += offset;
+ if (axfrmode) {
+ memcpy(&tsig_timers[ttlen], reply, offset);
+ ttlen += offset;
+ }
+
if ((tsignamelen = find_tsig_key(question->tsig.tsigkey,
question->tsig.tsigkeylen, (char *)&tsigkey, sizeof(tsigkey))) < 0) {
/* do nothing here? */
@@ -457,12 +482,16 @@ additional_tsig(struct question *question, char *reply
answer = (struct dns_tsigrr *)&reply[offset];
- if (request == 0) {
- answer->timefudge = question->tsig.tsig_timefudge;
+ if (axfrmode) {
+ answer->timefudge = htobe64(((u_int64_t)now << 16) | (300 & 0xffff));
} else {
- now = time(NULL);
- answer->timefudge = htobe64((now << 16) | (300 & 0xffff));
+ if (request == 0) {
+ answer->timefudge = question->tsig.tsig_timefudge;
+ } else {
+ answer->timefudge = htobe64((now << 16) | (300 & 0xffff));
+ }
}
+
answer->macsize = htons(question->tsig.tsigmaclen);
offset += (8 + 2);
@@ -478,8 +507,6 @@ additional_tsig(struct question *question, char *reply
offset += 2;
if (question->tsig.tsigerrorcode == DNS_BADTIME) {
- now = time(NULL);
-
sval = (u_int16_t *)&reply[offset];
*sval = htons(6);
offset += 2;
@@ -502,7 +529,7 @@ additional_tsig(struct question *question, char *reply
if (request == 0)
ppanswer->timefudge = question->tsig.tsig_timefudge;
else
- ppanswer->timefudge = htobe64((now << 16) | (300 & 0xffff));
+ ppanswer->timefudge = htobe64(((u_int64_t)now << 16) | (300 & 0xffff));
ppoffset += 8;
@@ -530,18 +557,34 @@ additional_tsig(struct question *question, char *reply
ppoffset += 2;
}
- if (question->tsig.tsigerrorcode == DNS_BADTIME) {
+
+ if (axfrmode) {
+ timers = (struct dns_tsigrr *)&tsig_timers[ttlen];
+ timers->timefudge = htobe64(((u_int64_t)now << 16) | (300 & 0xffff));
+ ttlen += 8;
+
HMAC(EVP_sha256(), tsigkey, tsignamelen,
- (unsigned char *)pseudo_packet, ppoffset,
+ (unsigned char *)tsig_timers, ttlen,
(unsigned char *)&answer->mac[0], (u_int *)&macsize);
- } else if (question->tsig.tsigerrorcode) {
- memset(&answer->mac[0], 0, question->tsig.tsigmaclen);
- } else {
- HMAC(EVP_sha256(), tsigkey, tsignamelen,
- (unsigned char *)pseudo_packet, ppoffset,
- (unsigned char *)&answer->mac[0], (u_int *)&macsize);
memcpy(question->tsig.tsigmac, &answer->mac[0], macsize);
+
+ free(tsig_timers);
+ } else {
+
+ if (question->tsig.tsigerrorcode == DNS_BADTIME) {
+ HMAC(EVP_sha256(), tsigkey, tsignamelen,
+ (unsigned char *)pseudo_packet, ppoffset,
+ (unsigned char *)&answer->mac[0], (u_int *)&macsize);
+ } else if (question->tsig.tsigerrorcode) {
+ memset(&answer->mac[0], 0, question->tsig.tsigmaclen);
+ } else {
+ HMAC(EVP_sha256(), tsigkey, tsignamelen,
+ (unsigned char *)pseudo_packet, ppoffset,
+ (unsigned char *)&answer->mac[0], (u_int *)&macsize);
+
+ memcpy(question->tsig.tsigmac, &answer->mac[0], macsize);
+ }
}
free(pseudo_packet);
blob - 64bad536e064659bbe6f626bcaf69c28df87b0c9
blob + 436d029c57f3e22a5a9be2bb6e974e3ef517fe2d
--- axfr.c
+++ axfr.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2011-2018 Peter J. Philipp
+ * Copyright (c) 2011-2019 Peter J. Philipp
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -27,13 +27,15 @@
*/
/*
- * $Id: axfr.c,v 1.22 2019/02/26 07:45:56 pjp Exp $
+ * $Id: axfr.c,v 1.23 2019/02/27 19:11:41 pjp Exp $
*/
#include "ddd-include.h"
#include "ddd-dns.h"
#include "ddd-db.h"
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
void axfrloop(int *, int, char **, ddDB *, struct imsgbuf *ibuf);
void axfr_connection(int, char *, int, ddDB *, char *, int);
@@ -71,7 +73,8 @@ extern int rotate_rr(struct rrset *rrset);
extern int domaincmp(struct node *e1, struct node *e2);
extern char * dns_label(char *, int *);
-extern int additional_tsig(struct question *, char *, int, int, int);
+extern int additional_tsig(struct question *, char *, int, int, int, int);
+extern int find_tsig_key(char *keyname, int keynamelen, char *key, int keylen);
int notify = 0; /* do not notify when set to 0 */
@@ -780,6 +783,7 @@ axfr_connection(int so, char *address, int is_ipv6, dd
{
char buf[4000];
+ char tsigkey[512];
char *p = &buf[0];
char *q;
char *reply;
@@ -789,7 +793,9 @@ axfr_connection(int so, char *address, int is_ipv6, dd
int qlen;
int outlen;
int rrcount;
+ int envelopcount;
int rs;
+ int tsigkeylen;
u_int16_t *tmp;
@@ -858,7 +864,7 @@ axfr_connection(int so, char *address, int is_ipv6, dd
goto drop;
}
- if ((question = build_question((p + 2), dnslen, 0, NULL)) == NULL) {
+ if ((question = build_question((p + 2), dnslen, ntohs(dh->additional), NULL)) == NULL) {
dolog(LOG_INFO, "AXFR malformed question, drop\n");
goto drop;
}
@@ -879,6 +885,11 @@ axfr_connection(int so, char *address, int is_ipv6, dd
}
+ if (question->tsig.have_tsig && question->tsig.tsigerrorcode != 0) {
+ dolog(LOG_INFO, "AXFR question had TSIG errors, code %02x, drop\n", question->tsig.tsigerrorcode);
+ goto drop;
+ }
+
/* now we can be reasonably sure that it's an AXFR for us */
reply = calloc(1, 65538);
@@ -947,13 +958,34 @@ axfr_connection(int so, char *address, int is_ipv6, dd
continue;
}
+ /* initialize tsig */
+
+#if 0
+ if (question->tsig.tsigverified) {
+ if ((tsigkeylen = find_tsig_key(question->tsig.tsigkey,
+ question->tsig.tsigkeylen, (char *)&tsigkey, sizeof(tsigkey))) < 0) {
+ dolog(LOG_ERR, "AXFR could not get tsigkey..odd, drop\n");
+ goto drop;
+
+ }
+
+ tsigctx = HMAC_CTX_new();
+ if (HMAC_Init(tsigctx, (const void *)&tsigkey, tsigkeylen, EVP_sha256()) == 0) {
+ dolog(LOG_ERR, "AXFR tsig initialization error, drop\n");
+ goto drop;
+ }
+ }
+#endif
+
dolog(LOG_INFO, "%s request for zone \"%s\", replying...\n",
(ntohs(question->hdr->qtype) == DNS_TYPE_AXFR ? "AXFR"
: "IXFR"), question->converted_name);
+
outlen = build_header(db, (reply + 2), (p + 2), question, 0);
outlen = build_soa(db, (reply + 2), outlen, soa, question);
rrcount = 1;
+ envelopcount = 1;
RB_FOREACH_SAFE(n, domaintree, &db->head, nx) {
rs = n->datalen;
@@ -1016,6 +1048,15 @@ axfr_connection(int so, char *address, int is_ipv6, dd
odh->answer += rrcount;
HTONS(odh->answer);
+ /* additional_tsig here */
+ if (question->tsig.have_tsig && question->tsig.tsigverified) {
+ outlen = additional_tsig(question, (reply + 2), 65000, outlen, 0, (envelopcount++ != 1));
+ odh->additional = htons(1);
+
+ tmp = (u_int16_t *)reply;
+ *tmp = htons(outlen);
+ }
+
len = send(so, reply, outlen + 2, 0);
if (len <= 0) {
goto drop;
@@ -1049,6 +1090,15 @@ axfr_connection(int so, char *address, int is_ipv6, dd
odh->answer += rrcount;
HTONS(odh->answer);
+ /* additional_tsig here */
+ if (question->tsig.have_tsig && question->tsig.tsigverified) {
+ outlen = additional_tsig(question, (reply + 2), 65000, outlen, 0, (envelopcount != 1));
+ odh->additional = htons(1);
+
+ tmp = (u_int16_t *)reply;
+ *tmp = htons(outlen);
+ }
+
len = send(so, reply, outlen + 2, 0);
if (len <= 0)
goto drop;
@@ -1474,7 +1524,7 @@ notifypacket(int so, void *vnse, void *vnotnp, int pac
return;
}
- outlen = additional_tsig(fq, packet, sizeof(packet), outlen, 1);
+ outlen = additional_tsig(fq, packet, sizeof(packet), outlen, 1, 0);
dnh->additional = htons(1);
blob - 4fcb3f11a3f69db679e21b705ea6dabf9b75996a
blob + 5b510949707f3d7e9f923386949c46f92b0616a3
--- reply.c
+++ reply.c
@@ -27,14 +27,17 @@
*/
/*
- * $Id: reply.c,v 1.73 2019/02/26 08:15:33 pjp Exp $
+ * $Id: reply.c,v 1.74 2019/02/27 19:11:41 pjp Exp $
*/
#include "ddd-include.h"
#include "ddd-dns.h"
#include "ddd-db.h"
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+
/* prototypes */
extern int checklabel(ddDB *, struct rbtree *, struct rbtree *, struct question *);
@@ -44,7 +47,7 @@ extern int additional_aaaa(char *, int, struct rbtre
extern int additional_mx(char *, int, struct rbtree *, char *, int, int, int *);
extern int additional_ptr(char *, int, struct rbtree *, char *, int, int, int *);
extern int additional_opt(struct question *, char *, int, int);
-extern int additional_tsig(struct question *, char *, int, int, int);
+extern int additional_tsig(struct question *, char *, int, int, int, int);
extern int additional_rrsig(char *, int, int, struct rbtree *, char *, int, int, int);
extern int additional_nsec(char *, int, int, struct rbtree *, char *, int, int);
extern struct question *build_fake_question(char *, int, u_int16_t, char *, int);
@@ -148,7 +151,7 @@ reply_a(struct sreply *sreply, ddDB *db)
int retlen = -1;
u_int16_t rollback;
- if ((rrset = find_rr(rbt, DNS_TYPE_A)) == NULL)
+ if ((rrset = find_rr(rbt, DNS_TYPE_A)) == 0)
return -1;
if (istcp) {
@@ -264,7 +267,7 @@ out:
}
if (q->tsig.tsigverified == 1) {
- outlen = additional_tsig(q, reply, replysize, outlen, 0);
+ outlen = additional_tsig(q, reply, replysize, outlen, 0, 0);
NTOHS(odh->additional);
odh->additional++;
@@ -276,7 +279,7 @@ out:
u_int16_t *plen;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -347,7 +350,7 @@ reply_nsec3param(struct sreply *sreply, ddDB *db)
u_int16_t rollback;
int saltlen;
- if ((rrset = find_rr(rbt, DNS_TYPE_NSEC3PARAM)) == NULL)
+ if ((rrset = find_rr(rbt, DNS_TYPE_NSEC3PARAM)) == 0)
return -1;
if (istcp) {
@@ -393,7 +396,7 @@ reply_nsec3param(struct sreply *sreply, ddDB *db)
a_count = 0;
rrp = TAILQ_FIRST(&rrset->rr_head);
- if (rrp == NULL)
+ if (rrp == 0)
return -1;
saltlen = ((struct nsec3param *)rrp->rdata)->saltlen;
@@ -474,7 +477,7 @@ out:
}
if (q->tsig.tsigverified == 1) {
- outlen = additional_tsig(q, reply, replysize, outlen, 0);
+ outlen = additional_tsig(q, reply, replysize, outlen, 0, 0);
NTOHS(odh->additional);
odh->additional++;
@@ -487,7 +490,7 @@ out:
u_int16_t *plen;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -553,7 +556,7 @@ reply_nsec3(struct sreply *sreply, ddDB *db)
u_int8_t *somelen;
int bitmaplen, saltlen, nextlen;
- if ((rrset = find_rr(rbt, DNS_TYPE_A)) == NULL)
+ if ((rrset = find_rr(rbt, DNS_TYPE_A)) == 0)
return -1;
if (istcp) {
@@ -604,7 +607,7 @@ reply_nsec3(struct sreply *sreply, ddDB *db)
a_count = 0;
rrp = TAILQ_FIRST(&rrset->rr_head);
- if (rrp == NULL)
+ if (rrp == 0)
return -1;
saltlen = ((struct nsec3 *)rrp->rdata)->saltlen;
@@ -699,7 +702,7 @@ out:
}
if (q->tsig.tsigverified == 1) {
- outlen = additional_tsig(q, reply, replysize, outlen, 0);
+ outlen = additional_tsig(q, reply, replysize, outlen, 0, 0);
NTOHS(odh->additional);
odh->additional++;
@@ -711,7 +714,7 @@ out:
u_int16_t *plen;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -771,7 +774,7 @@ reply_nsec(struct sreply *sreply, ddDB *db)
u_int16_t rollback;
int ndnlen, bitmaplen;
- if ((rrset = find_rr(rbt, DNS_TYPE_A)) == NULL)
+ if ((rrset = find_rr(rbt, DNS_TYPE_A)) == 0)
return -1;
if (istcp) {
@@ -816,7 +819,7 @@ reply_nsec(struct sreply *sreply, ddDB *db)
a_count = 0;
rrp = TAILQ_FIRST(&rrset->rr_head);
- if (rrp == NULL)
+ if (rrp == 0)
return -1;
ndnlen = ((struct nsec *)rrp->rdata)->ndn_len;
@@ -894,7 +897,7 @@ out:
}
if (q->tsig.tsigverified == 1) {
- outlen = additional_tsig(q, reply, replysize, outlen, 0);
+ outlen = additional_tsig(q, reply, replysize, outlen, 0, 0);
NTOHS(odh->additional);
odh->additional++;
@@ -906,7 +909,7 @@ out:
u_int16_t *plen;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -969,7 +972,7 @@ reply_ds(struct sreply *sreply, ddDB *db)
int retlen = -1;
u_int16_t rollback;
- if ((rrset = find_rr(rbt, DNS_TYPE_DS)) == NULL)
+ if ((rrset = find_rr(rbt, DNS_TYPE_DS)) == 0)
return -1;
if (istcp) {
@@ -1087,7 +1090,7 @@ out:
}
if (q->tsig.tsigverified == 1) {
- outlen = additional_tsig(q, reply, replysize, outlen, 0);
+ outlen = additional_tsig(q, reply, replysize, outlen, 0, 0);
NTOHS(odh->additional);
odh->additional++;
@@ -1099,7 +1102,7 @@ out:
u_int16_t *plen;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -1165,7 +1168,7 @@ reply_dnskey(struct sreply *sreply, ddDB *db)
int rrsig_count = 0;
u_int16_t rollback;
- if ((rrset = find_rr(rbt, DNS_TYPE_DNSKEY)) == NULL)
+ if ((rrset = find_rr(rbt, DNS_TYPE_DNSKEY)) == 0)
return -1;
if (istcp) {
@@ -1257,7 +1260,7 @@ reply_dnskey(struct sreply *sreply, ddDB *db)
int tmplen = 0;
int origlen = outlen;
- if ((rrset2 = find_rr(rbt, DNS_TYPE_RRSIG)) == NULL)
+ if ((rrset2 = find_rr(rbt, DNS_TYPE_RRSIG)) == 0)
goto out;
@@ -1298,7 +1301,7 @@ out:
}
if (q->tsig.tsigverified == 1) {
- outlen = additional_tsig(q, reply, replysize, outlen, 0);
+ outlen = additional_tsig(q, reply, replysize, outlen, 0, 0);
NTOHS(odh->additional);
odh->additional++;
@@ -1310,7 +1313,7 @@ out:
u_int16_t *plen;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -1372,7 +1375,7 @@ reply_rrsig(struct sreply *sreply, ddDB *db)
int tmplen = 0;
u_int16_t rollback;
- if ((find_rr(rbt, DNS_TYPE_RRSIG)) == NULL)
+ if ((find_rr(rbt, DNS_TYPE_RRSIG)) == 0)
return -1;
if (istcp) {
@@ -1450,7 +1453,7 @@ out:
}
if (q->tsig.tsigverified == 1) {
- outlen = additional_tsig(q, reply, replysize, outlen, 0);
+ outlen = additional_tsig(q, reply, replysize, outlen, 0, 0);
NTOHS(odh->additional);
odh->additional++;
@@ -1462,7 +1465,7 @@ out:
u_int16_t *plen;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -1523,7 +1526,7 @@ reply_aaaa(struct sreply *sreply, ddDB *db)
int retlen = -1;
u_int16_t rollback;
- if ((rrset = find_rr(rbt, DNS_TYPE_AAAA)) == NULL)
+ if ((rrset = find_rr(rbt, DNS_TYPE_AAAA)) == 0)
return -1;
if (istcp) {
@@ -1622,7 +1625,7 @@ out:
}
if (q->tsig.tsigverified == 1) {
- outlen = additional_tsig(q, reply, replysize, outlen, 0);
+ outlen = additional_tsig(q, reply, replysize, outlen, 0, 0);
NTOHS(odh->additional);
odh->additional++;
@@ -1635,7 +1638,7 @@ out:
u_int16_t *plen;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -1701,7 +1704,7 @@ reply_mx(struct sreply *sreply, ddDB *db)
int retlen = -1;
u_int16_t rollback;
- if ((rrset = find_rr(rbt, DNS_TYPE_MX)) == NULL)
+ if ((rrset = find_rr(rbt, DNS_TYPE_MX)) == 0)
return -1;
@@ -1818,7 +1821,7 @@ out:
}
if (q->tsig.tsigverified == 1) {
- outlen = additional_tsig(q, reply, replysize, outlen, 0);
+ outlen = additional_tsig(q, reply, replysize, outlen, 0, 0);
NTOHS(odh->additional);
odh->additional++;
@@ -1829,7 +1832,7 @@ out:
char *tmpbuf;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -1892,7 +1895,7 @@ reply_ns(struct sreply *sreply, ddDB *db)
u_int16_t rollback;
int ns_type;
- if ((rrset = find_rr(rbt, DNS_TYPE_NS)) == NULL)
+ if ((rrset = find_rr(rbt, DNS_TYPE_NS)) == 0)
return -1;
if (istcp) {
@@ -2017,7 +2020,7 @@ out:
}
if (q->tsig.tsigverified == 1) {
- outlen = additional_tsig(q, reply, replysize, outlen, 0);
+ outlen = additional_tsig(q, reply, replysize, outlen, 0, 0);
NTOHS(odh->additional);
odh->additional++;
@@ -2028,7 +2031,7 @@ out:
char *tmpbuf;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -2096,7 +2099,7 @@ reply_cname(struct sreply *sreply, ddDB *db)
int retlen = -1;
u_int16_t rollback;
- if ((rrset = find_rr(rbt, DNS_TYPE_CNAME)) == NULL)
+ if ((rrset = find_rr(rbt, DNS_TYPE_CNAME)) == 0)
return -1;
if (istcp) {
@@ -2137,7 +2140,7 @@ reply_cname(struct sreply *sreply, ddDB *db)
odh->additional = 0;
rrp = TAILQ_FIRST(&rrset->rr_head);
- if (rrp == NULL)
+ if (rrp == 0)
return -1;
answer = (struct answer *)(&reply[0] + sizeof(struct dns_header) +
@@ -2200,7 +2203,7 @@ reply_cname(struct sreply *sreply, ddDB *db)
HTONS(odh->answer);
}
- if (ntohs(q->hdr->qtype) == DNS_TYPE_A && rbt1 != NULL) {
+ if (ntohs(q->hdr->qtype) == DNS_TYPE_A && rbt1 != 0) {
tmplen = additional_a(((struct cname *)rrp->rdata)->cname, ((struct cname *)rrp->rdata)->cnamelen, rbt1, reply, replysize, outlen, &addcount);
if (tmplen > 0)
@@ -2230,7 +2233,7 @@ reply_cname(struct sreply *sreply, ddDB *db)
odh->answer++;
HTONS(odh->answer);
}
- } else if (ntohs(q->hdr->qtype) == DNS_TYPE_AAAA && rbt1 != NULL) {
+ } else if (ntohs(q->hdr->qtype) == DNS_TYPE_AAAA && rbt1 != 0) {
tmplen = additional_aaaa(((struct cname *)rrp->rdata)->cname, ((struct cname *)rrp->rdata)->cnamelen, rbt1, reply, replysize, outlen, &addcount);
if (tmplen > 0)
@@ -2260,7 +2263,7 @@ reply_cname(struct sreply *sreply, ddDB *db)
odh->answer++;
HTONS(odh->answer);
}
- } else if (ntohs(q->hdr->qtype) == DNS_TYPE_MX && rbt1 != NULL) {
+ } else if (ntohs(q->hdr->qtype) == DNS_TYPE_MX && rbt1 != 0) {
tmplen = additional_mx(((struct cname *)rrp->rdata)->cname, ((struct cname *)rrp->rdata)->cnamelen, rbt1, reply, replysize, outlen, &addcount);
if (tmplen > 0)
@@ -2290,7 +2293,7 @@ reply_cname(struct sreply *sreply, ddDB *db)
odh->answer++;
HTONS(odh->answer);
}
- } else if (ntohs(q->hdr->qtype) == DNS_TYPE_PTR && rbt1 != NULL) {
+ } else if (ntohs(q->hdr->qtype) == DNS_TYPE_PTR && rbt1 != 0) {
tmplen = additional_ptr(((struct cname *)rrp->rdata)->cname, ((struct cname *)rrp->rdata)->cnamelen, rbt1, reply, replysize, outlen, &addcount);
if (tmplen > 0)
@@ -2333,7 +2336,7 @@ out:
}
if (q->tsig.tsigverified == 1) {
- outlen = additional_tsig(q, reply, replysize, outlen, 0);
+ outlen = additional_tsig(q, reply, replysize, outlen, 0, 0);
NTOHS(odh->additional);
odh->additional++;
@@ -2344,7 +2347,7 @@ out:
char *tmpbuf;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -2406,7 +2409,7 @@ reply_ptr(struct sreply *sreply, ddDB *db)
int retlen = -1;
u_int16_t rollback;
- if ((rrset = find_rr(rbt, DNS_TYPE_PTR)) == NULL)
+ if ((rrset = find_rr(rbt, DNS_TYPE_PTR)) == 0)
return -1;
if (istcp) {
@@ -2425,7 +2428,7 @@ reply_ptr(struct sreply *sreply, ddDB *db)
}
rrp = TAILQ_FIRST(&rrset->rr_head);
- if (rrp == NULL)
+ if (rrp == 0)
return -1;
/* copy question to reply */
@@ -2522,7 +2525,7 @@ out:
}
if (q->tsig.tsigverified == 1) {
- outlen = additional_tsig(q, reply, replysize, outlen, 0);
+ outlen = additional_tsig(q, reply, replysize, outlen, 0, 0);
NTOHS(odh->additional);
odh->additional++;
@@ -2534,7 +2537,7 @@ out:
u_int16_t *plen;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -2598,7 +2601,7 @@ reply_soa(struct sreply *sreply, ddDB *db)
int retlen = -1;
u_int16_t rollback;
- if ((rrset = find_rr(rbt, DNS_TYPE_SOA)) == NULL)
+ if ((rrset = find_rr(rbt, DNS_TYPE_SOA)) == 0)
return -1;
if (istcp) {
@@ -2640,7 +2643,7 @@ reply_soa(struct sreply *sreply, ddDB *db)
odh->additional = 0;
rrp = TAILQ_FIRST(&rrset->rr_head);
- if (rrp == NULL)
+ if (rrp == 0)
return -1;
answer = (struct answer *)(&reply[0] + sizeof(struct dns_header) +
@@ -2781,7 +2784,7 @@ out:
if (q->tsig.tsigverified == 1) {
- outlen = additional_tsig(q, reply, replysize, outlen, 0);
+ outlen = additional_tsig(q, reply, replysize, outlen, 0, 0);
NTOHS(odh->additional);
odh->additional++;
@@ -2793,7 +2796,7 @@ out:
u_int16_t *plen;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -2853,7 +2856,7 @@ reply_txt(struct sreply *sreply, ddDB *db)
int retlen = -1;
u_int16_t rollback;
- if ((rrset = find_rr(rbt, DNS_TYPE_TXT)) == NULL)
+ if ((rrset = find_rr(rbt, DNS_TYPE_TXT)) == 0)
return -1;
if (istcp) {
@@ -2873,7 +2876,7 @@ reply_txt(struct sreply *sreply, ddDB *db)
}
rrp = TAILQ_FIRST(&rrset->rr_head);
- if (rrp == NULL)
+ if (rrp == 0)
return -1;
/* copy question to reply */
@@ -2953,7 +2956,7 @@ out:
}
if (q->tsig.tsigverified == 1) {
- outlen = additional_tsig(q, reply, replysize, outlen, 0);
+ outlen = additional_tsig(q, reply, replysize, outlen, 0, 0);
NTOHS(odh->additional);
odh->additional++;
@@ -2966,7 +2969,7 @@ out:
u_int16_t *plen;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -3095,7 +3098,7 @@ reply_version(struct sreply *sreply, ddDB *db)
u_int16_t *plen;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -3160,7 +3163,7 @@ reply_tlsa(struct sreply *sreply, ddDB *db)
int retlen = -1;
u_int16_t rollback;
- if ((rrset = find_rr(rbt, DNS_TYPE_TLSA)) == NULL)
+ if ((rrset = find_rr(rbt, DNS_TYPE_TLSA)) == 0)
return -1;
if (istcp) {
@@ -3274,7 +3277,7 @@ out:
}
if (q->tsig.tsigverified == 1) {
- outlen = additional_tsig(q, reply, replysize, outlen, 0);
+ outlen = additional_tsig(q, reply, replysize, outlen, 0, 0);
NTOHS(odh->additional);
odh->additional++;
@@ -3285,7 +3288,7 @@ out:
char *tmpbuf;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -3349,7 +3352,7 @@ reply_sshfp(struct sreply *sreply, ddDB *db)
int retlen = -1;
u_int16_t rollback;
- if ((rrset = find_rr(rbt, DNS_TYPE_SSHFP)) == NULL)
+ if ((rrset = find_rr(rbt, DNS_TYPE_SSHFP)) == 0)
return -1;
if (istcp) {
@@ -3462,7 +3465,7 @@ out:
}
if (q->tsig.tsigverified == 1) {
- outlen = additional_tsig(q, reply, replysize, outlen, 0);
+ outlen = additional_tsig(q, reply, replysize, outlen, 0, 0);
NTOHS(odh->additional);
odh->additional++;
@@ -3473,7 +3476,7 @@ out:
char *tmpbuf;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -3540,7 +3543,7 @@ reply_naptr(struct sreply *sreply, ddDB *db)
int retlen = -1;
u_int16_t rollback;
- if ((rrset = find_rr(rbt, DNS_TYPE_NAPTR)) == NULL)
+ if ((rrset = find_rr(rbt, DNS_TYPE_NAPTR)) == 0)
return -1;
if (istcp) {
@@ -3685,7 +3688,7 @@ out:
}
if (q->tsig.tsigverified == 1) {
- outlen = additional_tsig(q, reply, replysize, outlen, 0);
+ outlen = additional_tsig(q, reply, replysize, outlen, 0, 0);
NTOHS(odh->additional);
odh->additional++;
@@ -3696,7 +3699,7 @@ out:
char *tmpbuf;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -3763,7 +3766,7 @@ reply_srv(struct sreply *sreply, ddDB *db)
int tmplen;
u_int16_t rollback;
- if ((rrset = find_rr(rbt, DNS_TYPE_SRV)) == NULL)
+ if ((rrset = find_rr(rbt, DNS_TYPE_SRV)) == 0)
return -1;
if (istcp) {
@@ -3879,7 +3882,7 @@ out:
}
if (q->tsig.tsigverified == 1) {
- outlen = additional_tsig(q, reply, replysize, outlen, 0);
+ outlen = additional_tsig(q, reply, replysize, outlen, 0, 0);
NTOHS(odh->additional);
odh->additional++;
@@ -3890,7 +3893,7 @@ out:
char *tmpbuf;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -3961,7 +3964,7 @@ reply_notimpl(struct sreply *sreply, ddDB *db)
u_int16_t *plen;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -4051,7 +4054,7 @@ reply_nxdomain(struct sreply *sreply, ddDB *db)
* no SOA, use the old code
*/
- if ((rrset = find_rr(rbt, DNS_TYPE_SOA)) == NULL) {
+ if ((rrset = find_rr(rbt, DNS_TYPE_SOA)) == 0) {
memcpy(reply, buf, len);
memset((char *)&odh->query, 0, sizeof(u_int16_t));
@@ -4069,7 +4072,7 @@ reply_nxdomain(struct sreply *sreply, ddDB *db)
u_int16_t *plen;
tmpbuf = malloc(len + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -4091,7 +4094,7 @@ reply_nxdomain(struct sreply *sreply, ddDB *db)
}
rrp = TAILQ_FIRST(&rrset->rr_head);
- if (rrp == NULL)
+ if (rrp == 0)
return -1;
/* copy question to reply */
@@ -4245,7 +4248,7 @@ reply_nxdomain(struct sreply *sreply, ddDB *db)
origlen = outlen;
if (find_rr(rbt, DNS_TYPE_NSEC3PARAM)) {
rbt0 = find_nsec3_cover_next_closer(q->hdr->name, q->hdr->namelen, rbt, db);
- if (rbt0 == NULL)
+ if (rbt0 == 0)
goto out;
memcpy(&uniq[rruniq].name, rbt0->zone, rbt0->zonelen);
@@ -4273,7 +4276,7 @@ reply_nxdomain(struct sreply *sreply, ddDB *db)
origlen = outlen;
rbt0 = find_nsec3_match_closest(q->hdr->name, q->hdr->namelen, rbt, db);
- if (rbt0 == NULL)
+ if (rbt0 == 0)
goto out;
memcpy(&uniq[rruniq].name, rbt0->zone, rbt0->zonelen);
@@ -4309,7 +4312,7 @@ reply_nxdomain(struct sreply *sreply, ddDB *db)
origlen = outlen;
rbt0 = find_nsec3_wildcard_closest(q->hdr->name, q->hdr->namelen, rbt, db);
- if (rbt0 == NULL)
+ if (rbt0 == 0)
goto out;
memcpy(&uniq[rruniq].name, rbt0->zone, rbt0->zonelen);
@@ -4354,7 +4357,7 @@ out:
if (q->tsig.tsigverified == 1) {
- outlen = additional_tsig(q, reply, replysize, outlen, 0);
+ outlen = additional_tsig(q, reply, replysize, outlen, 0, 0);
NTOHS(odh->additional);
odh->additional++;
@@ -4366,7 +4369,7 @@ out:
u_int16_t *plen;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -4435,7 +4438,7 @@ reply_refused(struct sreply *sreply, ddDB *db)
u_int16_t *plen;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -4512,7 +4515,7 @@ reply_notauth(struct sreply *sreply, ddDB *db)
odh->additional = htons(1);
- tmplen = additional_tsig(q, reply, replysize, outlen, 0);
+ tmplen = additional_tsig(q, reply, replysize, outlen, 0, 0);
if (tmplen != 0)
outlen = tmplen;
@@ -4522,7 +4525,7 @@ reply_notauth(struct sreply *sreply, ddDB *db)
u_int16_t *plen;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -4591,7 +4594,7 @@ reply_fmterror(struct sreply *sreply, ddDB *db)
u_int16_t *plen;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -4682,7 +4685,7 @@ reply_noerror(struct sreply *sreply, ddDB *db)
* no SOA, use the old code
*/
- if ((rrset = find_rr(rbt, DNS_TYPE_SOA)) == NULL) {
+ if ((rrset = find_rr(rbt, DNS_TYPE_SOA)) == 0) {
memcpy(reply, buf, len);
memset((char *)&odh->query, 0, sizeof(u_int16_t));
@@ -4699,7 +4702,7 @@ reply_noerror(struct sreply *sreply, ddDB *db)
u_int16_t *plen;
tmpbuf = malloc(len + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -4721,7 +4724,7 @@ reply_noerror(struct sreply *sreply, ddDB *db)
}
rrp = TAILQ_FIRST(&rrset->rr_head);
- if (rrp == NULL)
+ if (rrp == 0)
return -1;
/* copy question to reply */
@@ -4877,7 +4880,7 @@ reply_noerror(struct sreply *sreply, ddDB *db)
free(rbt0);
} else if (find_rr(rbt, DNS_TYPE_NSEC3PARAM)) {
rbt0 = find_nsec3_match_qname(q->hdr->name, q->hdr->namelen, rbt, db);
- if (rbt0 == NULL)
+ if (rbt0 == 0)
goto out;
memcpy(&uniq[rruniq].name, rbt0->zone, rbt0->zonelen);
@@ -4915,7 +4918,7 @@ out:
}
if (q->tsig.tsigverified == 1) {
- outlen = additional_tsig(q, reply, replysize, outlen, 0);
+ outlen = additional_tsig(q, reply, replysize, outlen, 0, 0);
NTOHS(odh->additional);
odh->additional++;
@@ -4927,7 +4930,7 @@ out:
u_int16_t *plen;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -4962,16 +4965,16 @@ Lookup_zone(ddDB *db, char *name, u_int16_t namelen, u
int lzerrno;
fakequestion = build_fake_question(name, namelen, type, NULL, 0);
- if (fakequestion == NULL) {
+ if (fakequestion == 0) {
dolog(LOG_INFO, "fakequestion(2) failed\n");
- return (NULL);
+ return (0);
}
rbt = lookup_zone(db, fakequestion, &mytype, &lzerrno, (char *)&fakereplystring);
- if (rbt == NULL) {
+ if (rbt == 0) {
free_question(fakequestion);
- return (NULL);
+ return (0);
}
free_question(fakequestion);
@@ -5056,7 +5059,7 @@ reply_any(struct sreply *sreply, ddDB *db)
}
if (q->tsig.tsigverified == 1) {
- outlen = additional_tsig(q, reply, replysize, outlen, 0);
+ outlen = additional_tsig(q, reply, replysize, outlen, 0, 0);
NTOHS(odh->additional);
odh->additional++;
@@ -5068,7 +5071,7 @@ reply_any(struct sreply *sreply, ddDB *db)
u_int16_t *plen;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
@@ -5132,13 +5135,13 @@ create_anyreply(struct sreply *sreply, char *reply, in
char *name, *p;
int i;
- if (soa && (rrset = find_rr(rbt, DNS_TYPE_SOA)) != NULL) {
+ if (soa && (rrset = find_rr(rbt, DNS_TYPE_SOA)) != 0) {
NTOHS(odh->answer);
odh->answer++;
HTONS(odh->answer);
rrp = TAILQ_FIRST(&rrset->rr_head);
- if (rrp == NULL)
+ if (rrp == 0)
return -1;
if ((offset + q->hdr->namelen) > rlen) {
@@ -5251,7 +5254,7 @@ create_anyreply(struct sreply *sreply, char *reply, in
answer->rdlength = htons(&reply[offset] - answer->rdata);
}
- if ((rrset = find_rr(rbt, DNS_TYPE_RRSIG)) != NULL) {
+ if ((rrset = find_rr(rbt, DNS_TYPE_RRSIG)) != 0) {
int dnskey_count = 0;
rrsig_count = 0;
@@ -5275,7 +5278,7 @@ create_anyreply(struct sreply *sreply, char *reply, in
HTONS(odh->answer);
}
- if ((rrset = find_rr(rbt, DNS_TYPE_DNSKEY)) != NULL) {
+ if ((rrset = find_rr(rbt, DNS_TYPE_DNSKEY)) != 0) {
dnskey_count = 0;
TAILQ_FOREACH(rrp, &rrset->rr_head, entries) {
if (offset + q->hdr->namelen > rlen)
@@ -5332,7 +5335,7 @@ create_anyreply(struct sreply *sreply, char *reply, in
odh->answer += dnskey_count;
HTONS(odh->answer);
}
- if ((rrset = find_rr(rbt, DNS_TYPE_DS)) != NULL) {
+ if ((rrset = find_rr(rbt, DNS_TYPE_DS)) != 0) {
ds_count = 0;
TAILQ_FOREACH(rrp, &rrset->rr_head, entries) {
@@ -5388,9 +5391,9 @@ create_anyreply(struct sreply *sreply, char *reply, in
}
}
- if ((rrset = find_rr(rbt, DNS_TYPE_NSEC3)) != NULL) {
+ if ((rrset = find_rr(rbt, DNS_TYPE_NSEC3)) != 0) {
rrp = TAILQ_FIRST(&rrset->rr_head);
- if (rrp == NULL)
+ if (rrp == 0)
return -1;
if (offset + q->hdr->namelen > rlen)
@@ -5466,9 +5469,9 @@ create_anyreply(struct sreply *sreply, char *reply, in
HTONS(odh->answer);
}
- if ((rrset = find_rr(rbt, DNS_TYPE_NSEC3PARAM)) != NULL) {
+ if ((rrset = find_rr(rbt, DNS_TYPE_NSEC3PARAM)) != 0) {
rrp = TAILQ_FIRST(&rrset->rr_head);
- if (rrp == NULL)
+ if (rrp == 0)
return -1;
if (offset + q->hdr->namelen > rlen)
@@ -5529,9 +5532,9 @@ create_anyreply(struct sreply *sreply, char *reply, in
HTONS(odh->answer);
}
- if ((rrset = find_rr(rbt, DNS_TYPE_NSEC)) != NULL) {
+ if ((rrset = find_rr(rbt, DNS_TYPE_NSEC)) != 0) {
rrp = TAILQ_FIRST(&rrset->rr_head);
- if (rrp == NULL)
+ if (rrp == 0)
return -1;
if (offset + q->hdr->namelen > rlen)
@@ -5576,7 +5579,7 @@ create_anyreply(struct sreply *sreply, char *reply, in
HTONS(odh->answer);
}
- if ((rrset = find_rr(rbt, DNS_TYPE_NS)) != NULL) {
+ if ((rrset = find_rr(rbt, DNS_TYPE_NS)) != 0) {
ns_count = 0;
TAILQ_FOREACH(rrp, &rrset->rr_head, entries) {
@@ -5625,10 +5628,10 @@ create_anyreply(struct sreply *sreply, char *reply, in
HTONS(odh->answer);
}
- if ((rrset = find_rr(rbt, DNS_TYPE_PTR)) != NULL) {
+ if ((rrset = find_rr(rbt, DNS_TYPE_PTR)) != 0) {
rrp = TAILQ_FIRST(&rrset->rr_head);
- if (rrp == NULL)
+ if (rrp == 0)
return -1;
NTOHS(odh->answer);
@@ -5680,7 +5683,7 @@ create_anyreply(struct sreply *sreply, char *reply, in
answer->rdlength = htons(&reply[offset] - answer->rdata);
}
- if ((rrset = find_rr(rbt, DNS_TYPE_MX)) != NULL) {
+ if ((rrset = find_rr(rbt, DNS_TYPE_MX)) != 0) {
mx_count = 0;
TAILQ_FOREACH(rrp, &rrset->rr_head, entries) {
@@ -5733,9 +5736,9 @@ create_anyreply(struct sreply *sreply, char *reply, in
HTONS(odh->answer);
}
- if ((rrset = find_rr(rbt, DNS_TYPE_TXT)) != NULL) {
+ if ((rrset = find_rr(rbt, DNS_TYPE_TXT)) != 0) {
rrp = TAILQ_FIRST(&rrset->rr_head);
- if (rrp == NULL)
+ if (rrp == 0)
return -1;
NTOHS(odh->answer);
@@ -5772,7 +5775,7 @@ create_anyreply(struct sreply *sreply, char *reply, in
answer->rdlength = htons(((struct txt *)rrp->rdata)->txtlen + 1);
}
- if ((rrset = find_rr(rbt, DNS_TYPE_TLSA)) != NULL) {
+ if ((rrset = find_rr(rbt, DNS_TYPE_TLSA)) != 0) {
tlsa_count = 0;
TAILQ_FOREACH(rrp, &rrset->rr_head, entries) {
@@ -5833,7 +5836,7 @@ create_anyreply(struct sreply *sreply, char *reply, in
HTONS(odh->answer);
}
- if ((rrset = find_rr(rbt, DNS_TYPE_SSHFP)) != NULL) {
+ if ((rrset = find_rr(rbt, DNS_TYPE_SSHFP)) != 0) {
sshfp_count = 0;
TAILQ_FOREACH(rrp, &rrset->rr_head, entries) {
@@ -5887,7 +5890,7 @@ create_anyreply(struct sreply *sreply, char *reply, in
HTONS(odh->answer);
}
- if ((rrset = find_rr(rbt, DNS_TYPE_NAPTR)) != NULL) {
+ if ((rrset = find_rr(rbt, DNS_TYPE_NAPTR)) != 0) {
naptr_count = 0;
TAILQ_FOREACH(rrp, &rrset->rr_head, entries) {
if ((offset + q->hdr->namelen) > rlen) {
@@ -5975,7 +5978,7 @@ create_anyreply(struct sreply *sreply, char *reply, in
HTONS(odh->answer);
}
- if ((rrset = find_rr(rbt, DNS_TYPE_SRV)) != NULL) {
+ if ((rrset = find_rr(rbt, DNS_TYPE_SRV)) != 0) {
srv_count = 0;
TAILQ_FOREACH(rrp, &rrset->rr_head, entries) {
if ((offset + q->hdr->namelen) > rlen) {
@@ -6038,9 +6041,9 @@ create_anyreply(struct sreply *sreply, char *reply, in
}
- if ((rrset = find_rr(rbt, DNS_TYPE_CNAME)) != NULL) {
+ if ((rrset = find_rr(rbt, DNS_TYPE_CNAME)) != 0) {
rrp = TAILQ_FIRST(&rrset->rr_head);
- if (rrp == NULL)
+ if (rrp == 0)
return -1;
NTOHS(odh->answer);
@@ -6092,7 +6095,7 @@ create_anyreply(struct sreply *sreply, char *reply, in
answer->rdlength = htons(&reply[offset] - answer->rdata);
}
- if ((rrset = find_rr(rbt, DNS_TYPE_A)) != NULL) {
+ if ((rrset = find_rr(rbt, DNS_TYPE_A)) != 0) {
a_count = 0;
TAILQ_FOREACH(rrp, &rrset->rr_head, entries) {
@@ -6127,7 +6130,7 @@ create_anyreply(struct sreply *sreply, char *reply, in
odh->answer += a_count;
HTONS(odh->answer);
}
- if ((rrset = find_rr(rbt, DNS_TYPE_AAAA)) != NULL) {
+ if ((rrset = find_rr(rbt, DNS_TYPE_AAAA)) != 0) {
aaaa_count = 0;
TAILQ_FOREACH(rrp, &rrset->rr_head, entries) {
@@ -6234,7 +6237,7 @@ reply_badvers(struct sreply *sreply, ddDB *db)
u_int16_t *plen;
tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
+ if (tmpbuf == 0) {
dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
}
plen = (u_int16_t *)tmpbuf;
blob - 0f4c77a6594bf3fa37c79bf2bc5bca6a4213750e
blob + 1a6c96dd3ee36d854ebeedb85a1ffc10d350673c
--- util.c
+++ util.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: util.c,v 1.26 2019/02/26 07:45:56 pjp Exp $
+ * $Id: util.c,v 1.27 2019/02/27 19:11:41 pjp Exp $
*/
#include "ddd-include.h"
@@ -803,6 +803,58 @@ build_question(char *buf, int len, int additional, cha
*p = '\0';
i += (2 * sizeof(u_int16_t)) + 1; /* trailing NUL and type,class*/
+
+ /* in IXFR an additional SOA entry is tacked on, we want to skip this */
+ do {
+ u_int16_t *val16;
+ u_int32_t *val32;
+ char *pb = NULL;
+ char expand[DNS_MAXNAME + 1];
+ int elen;
+
+ rollback = i;
+
+ elen = 0;
+ memset(&expand, 0, sizeof(expand));
+ pb = expand_compression((u_char *)&buf[i], (u_char *)buf, (u_char *)&buf[len], (u_char *)&expand, &elen, sizeof(expand));
+ if (pb == NULL) {
+ i = rollback;
+ break;
+ }
+ i = (pb - buf);
+
+ if (i + 10 > len) { /* type + class + ttl + rdlen == 10 */
+ i = rollback;
+ break;
+ }
+
+ /* type */
+ val16 = (u_int16_t *)&buf[i];
+ if (ntohs(*val16) != DNS_TYPE_SOA) {
+ i = rollback;
+ break;
+ }
+ i += 2;
+ /* class */
+ val16 = (u_int16_t *)&buf[i];
+ if (ntohs(*val16) != DNS_CLASS_IN) {
+ i = rollback;
+ break;
+ }
+ i += 2;
+ /* ttl */
+ val32 = (u_int32_t *)&buf[i];
+ i += 4;
+ val16 = (u_int16_t *)&buf[i];
+ i += 2;
+
+ if (i + ntohs(*val16) > len) { /* rdlen of SOA */
+ i = rollback;
+ break;
+ }
+
+ i += ntohs(*val16);
+ } while (0);
/* check for edns0 opt rr */
do {
repomaster@centroid.eu