diff options
| author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2014-05-14 18:43:20 +0000 |
|---|---|---|
| committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2014-05-14 18:43:20 +0000 |
| commit | f61d78fb42d2662643e7f0dbdcb97adbc2589dbc (patch) | |
| tree | 9b915379eafaa12682f45d6cb1f41e94fcb12a36 /validator/val_sigcrypt.c | |
| parent | 697291b66c481c617cf9875497e2189bc4a4b096 (diff) | |
Diffstat (limited to 'validator/val_sigcrypt.c')
| -rw-r--r-- | validator/val_sigcrypt.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/validator/val_sigcrypt.c b/validator/val_sigcrypt.c index 79d5e45a23791..37e1ce14e21ae 100644 --- a/validator/val_sigcrypt.c +++ b/validator/val_sigcrypt.c @@ -579,7 +579,7 @@ dnskey_verify_rrset(struct module_env* env, struct val_env* ve, enum sec_status dnskeyset_verify_rrset_sig(struct module_env* env, struct val_env* ve, - uint32_t now, struct ub_packed_rrset_key* rrset, + time_t now, struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, size_t sig_idx, struct rbtree_t** sortree, char** reason) { @@ -808,7 +808,12 @@ canonical_compare(struct ub_packed_rrset_key* rrset, size_t i, size_t j) case LDNS_RR_TYPE_MR: case LDNS_RR_TYPE_PTR: case LDNS_RR_TYPE_DNAME: - return query_dname_compare(d->rr_data[i]+2, + /* the wireread function has already checked these + * dname's for correctness, and this double checks */ + if(!dname_valid(d->rr_data[i]+2, d->rr_len[i]-2) || + !dname_valid(d->rr_data[j]+2, d->rr_len[j]-2)) + return 0; + return query_dname_compare(d->rr_data[i]+2, d->rr_data[j]+2); /* These RR types have STR and fixed size rdata fields @@ -1215,12 +1220,12 @@ adjust_ttl(struct val_env* ve, uint32_t unow, * * Use the smallest of these. */ - if(d->ttl > (uint32_t)origttl) { + if(d->ttl > (time_t)origttl) { verbose(VERB_QUERY, "rrset TTL larger than original TTL," " adjusting TTL downwards"); d->ttl = origttl; } - if(expittl > 0 && d->ttl > (uint32_t)expittl) { + if(expittl > 0 && d->ttl > (time_t)expittl) { verbose(VERB_ALGO, "rrset TTL larger than sig expiration ttl," " adjusting TTL downwards"); d->ttl = expittl; @@ -1229,7 +1234,7 @@ adjust_ttl(struct val_env* ve, uint32_t unow, enum sec_status dnskey_verify_rrset_sig(struct regional* region, ldns_buffer* buf, - struct val_env* ve, uint32_t now, + struct val_env* ve, time_t now, struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, size_t dnskey_idx, size_t sig_idx, struct rbtree_t** sortree, int* buf_canon, char** reason) |