aboutsummaryrefslogtreecommitdiff
path: root/bin/dig/dighost.c
diff options
context:
space:
mode:
Diffstat (limited to 'bin/dig/dighost.c')
-rw-r--r--bin/dig/dighost.c234
1 files changed, 110 insertions, 124 deletions
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index d6fea27bef5c..45dac2f5a112 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -85,6 +85,7 @@
#include <isc/print.h>
#include <isc/random.h>
#include <isc/result.h>
+#include <isc/safe.h>
#include <isc/serial.h>
#include <isc/string.h>
#include <isc/task.h>
@@ -193,7 +194,7 @@ dig_lookup_t *current_lookup = NULL;
#ifdef DIG_SIGCHASE
-isc_result_t get_trusted_key(isc_mem_t *mctx);
+isc_result_t get_trusted_key(void);
dns_rdataset_t * sigchase_scanname(dns_rdatatype_t type,
dns_rdatatype_t covers,
isc_boolean_t *lookedup,
@@ -211,32 +212,26 @@ isc_result_t advanced_rrsearch(dns_rdataset_t **rdataset,
isc_result_t sigchase_verify_sig_key(dns_name_t *name,
dns_rdataset_t *rdataset,
dst_key_t* dnsseckey,
- dns_rdataset_t *sigrdataset,
- isc_mem_t *mctx);
+ dns_rdataset_t *sigrdataset);
isc_result_t sigchase_verify_sig(dns_name_t *name,
dns_rdataset_t *rdataset,
dns_rdataset_t *keyrdataset,
- dns_rdataset_t *sigrdataset,
- isc_mem_t *mctx);
+ dns_rdataset_t *sigrdataset);
isc_result_t sigchase_verify_ds(dns_name_t *name,
dns_rdataset_t *keyrdataset,
- dns_rdataset_t *dsrdataset,
- isc_mem_t *mctx);
+ dns_rdataset_t *dsrdataset);
void sigchase(dns_message_t *msg);
void print_rdata(dns_rdata_t *rdata, isc_mem_t *mctx);
-void print_rdataset(dns_name_t *name,
- dns_rdataset_t *rdataset, isc_mem_t *mctx);
-void dup_name(dns_name_t *source, dns_name_t* target,
- isc_mem_t *mctx);
-void free_name(dns_name_t *name, isc_mem_t *mctx);
+void print_rdataset(dns_name_t *name, dns_rdataset_t *rdataset);
+void dup_name(dns_name_t *source, dns_name_t* target);
+void free_name(dns_name_t *name);
void dump_database(void);
void dump_database_section(dns_message_t *msg, int section);
dns_rdataset_t * search_type(dns_name_t *name, dns_rdatatype_t type,
dns_rdatatype_t covers);
isc_result_t contains_trusted_key(dns_name_t *name,
dns_rdataset_t *rdataset,
- dns_rdataset_t *sigrdataset,
- isc_mem_t *mctx);
+ dns_rdataset_t *sigrdataset);
void print_type(dns_rdatatype_t type);
isc_result_t prove_nx_domain(dns_message_t * msg,
dns_name_t * name,
@@ -258,7 +253,7 @@ isc_result_t prove_nx(dns_message_t * msg, dns_name_t * name,
dns_rdataset_t ** sigrdataset);
static void nameFromString(const char *str, dns_name_t *p_ret);
int inf_name(dns_name_t * name1, dns_name_t * name2);
-isc_result_t removetmpkey(isc_mem_t *mctx, const char *file);
+isc_result_t removetmpkey(const char *file);
void clean_trustedkey(void);
isc_result_t insert_trustedkey(void *arg, dns_name_t *name,
dns_rdataset_t *rdataset);
@@ -1011,7 +1006,6 @@ parse_bits(char *arg, const char *desc, isc_uint32_t max) {
return (tmp);
}
-
/*
* Parse HMAC algorithm specification
*/
@@ -1627,7 +1621,7 @@ start_lookup(void) {
#if DIG_SIGCHASE_TD
if (current_lookup->do_topdown &&
!current_lookup->rdtype_sigchaseset) {
- dst_key_t *trustedkey = NULL;
+ dst_key_t *dstkey = NULL;
isc_buffer_t *b = NULL;
isc_region_t r;
isc_result_t result;
@@ -1635,7 +1629,7 @@ start_lookup(void) {
dns_name_t *key_name;
int i;
- result = get_trusted_key(mctx);
+ result = get_trusted_key();
if (result != ISC_R_SUCCESS) {
printf("\n;; No trusted key, "
"+sigchase option is disabled\n");
@@ -1650,22 +1644,22 @@ start_lookup(void) {
if (dns_name_issubdomain(&query_name,
key_name) == ISC_TRUE)
- trustedkey = tk_list.key[i];
+ dstkey = tk_list.key[i];
/*
* Verify temp is really the lowest
* WARNING
*/
}
- if (trustedkey == NULL) {
+ if (dstkey == NULL) {
printf("\n;; The queried zone: ");
dns_name_print(&query_name, stdout);
printf(" isn't a subdomain of any Trusted Keys"
": +sigchase option is disable\n");
current_lookup->sigchase = ISC_FALSE;
- free_name(&query_name, mctx);
+ free_name(&query_name);
goto novalidation;
}
- free_name(&query_name, mctx);
+ free_name(&query_name);
current_lookup->rdtype_sigchase
= current_lookup->rdtype;
@@ -1690,7 +1684,7 @@ start_lookup(void) {
result = isc_buffer_allocate(mctx, &b, BUFSIZE);
check_result(result, "isc_buffer_allocate");
- result = dns_name_totext(dst_key_name(trustedkey),
+ result = dns_name_totext(dst_key_name(dstkey),
ISC_FALSE, b);
check_result(result, "dns_name_totext");
isc_buffer_usedregion(b, &r);
@@ -2010,9 +2004,6 @@ insert_soa(dig_lookup_t *lookup) {
dns_rdatalist_init(rdatalist);
rdatalist->type = dns_rdatatype_soa;
rdatalist->rdclass = lookup->rdclass;
- rdatalist->covers = 0;
- rdatalist->ttl = 0;
- ISC_LIST_INIT(rdatalist->rdata);
ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
dns_rdataset_init(rdataset);
@@ -3682,10 +3673,14 @@ isc_result_t
get_address(char *host, in_port_t myport, isc_sockaddr_t *sockaddr) {
int count;
isc_result_t result;
+ isc_boolean_t is_running;
- isc_app_block();
+ is_running = isc_app_isrunning();
+ if (is_running)
+ isc_app_block();
result = bind9_getaddresses(host, myport, sockaddr, 1, &count);
- isc_app_unblock();
+ if (is_running)
+ isc_app_unblock();
if (result != ISC_R_SUCCESS)
return (result);
@@ -3922,16 +3917,16 @@ destroy_libs(void) {
isc_mem_free(mctx, ptr);
}
if (dns_name_dynamic(&chase_name))
- free_name(&chase_name, mctx);
+ free_name(&chase_name);
#if DIG_SIGCHASE_TD
if (dns_name_dynamic(&chase_current_name))
- free_name(&chase_current_name, mctx);
+ free_name(&chase_current_name);
if (dns_name_dynamic(&chase_authority_name))
- free_name(&chase_authority_name, mctx);
+ free_name(&chase_authority_name);
#endif
#if DIG_SIGCHASE_BU
if (dns_name_dynamic(&chase_signame))
- free_name(&chase_signame, mctx);
+ free_name(&chase_signame);
#endif
#endif
@@ -4081,7 +4076,7 @@ dump_database_section(dns_message_t *msg, int section)
rdataset = ISC_LIST_NEXT(rdataset, link)) {
dns_name_print(msg_name, stdout);
printf("\n");
- print_rdataset(msg_name, rdataset, mctx);
+ print_rdataset(msg_name, rdataset);
printf("end\n");
}
msg_name = NULL;
@@ -4261,7 +4256,7 @@ isc_result_t
insert_trustedkey(void *arg, dns_name_t *name, dns_rdataset_t *rdataset)
{
isc_result_t result;
- dst_key_t *key;
+ dst_key_t *dstkey;
UNUSED(arg);
@@ -4279,11 +4274,11 @@ insert_trustedkey(void *arg, dns_name_t *name, dns_rdataset_t *rdataset)
isc_buffer_add(&b, rdata.length);
if (tk_list.nb_tk >= MAX_TRUSTED_KEY)
return (ISC_R_SUCCESS);
- key = NULL;
- result = dst_key_fromdns(name, rdata.rdclass, &b, mctx, &key);
+ dstkey = NULL;
+ result = dst_key_fromdns(name, rdata.rdclass, &b, mctx, &dstkey);
if (result != ISC_R_SUCCESS)
continue;
- tk_list.key[tk_list.nb_tk++] = key;
+ tk_list.key[tk_list.nb_tk++] = dstkey;
}
return (ISC_R_SUCCESS);
}
@@ -4308,7 +4303,7 @@ char alphnum[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
isc_result_t
-removetmpkey(isc_mem_t *mctx, const char *file)
+removetmpkey(const char *file)
{
char *tempnamekey = NULL;
int tempnamekeylen;
@@ -4332,8 +4327,7 @@ removetmpkey(isc_mem_t *mctx, const char *file)
}
isc_result_t
-get_trusted_key(isc_mem_t *mctx)
-{
+get_trusted_key(void) {
isc_result_t result;
const char *filename = NULL;
dns_rdatacallbacks_t callbacks;
@@ -4384,7 +4378,7 @@ nameFromString(const char *str, dns_name_t *p_ret) {
check_result(result, "nameFromString");
if (dns_name_dynamic(p_ret))
- free_name(p_ret, mctx);
+ free_name(p_ret);
result = dns_name_dup(dns_fixedname_name(&fixedname), mctx, p_ret);
check_result(result, "nameFromString");
@@ -4433,7 +4427,6 @@ prepare_lookup(dns_name_t *name)
#define __FOLLOW_GLUE__
#ifdef __FOLLOW_GLUE__
isc_buffer_t *b = NULL;
- isc_result_t result;
isc_region_t r;
dns_rdataset_t *rdataset = NULL;
isc_boolean_t true = ISC_TRUE;
@@ -4528,7 +4521,7 @@ prepare_lookup(dns_name_t *name)
printf(" for zone: %s", lookup->textname);
printf(" with nameservers:");
printf("\n");
- print_rdataset(name, chase_nsrdataset, mctx);
+ print_rdataset(name, chase_nsrdataset);
return (ISC_R_SUCCESS);
}
@@ -4611,14 +4604,14 @@ initialization(dns_name_t *name)
INSIST(chase_nsrdataset != NULL);
prepare_lookup(name);
- dup_name(name, &chase_current_name, mctx);
+ dup_name(name, &chase_current_name);
return (ISC_R_SUCCESS);
}
#endif
void
-print_rdataset(dns_name_t *name, dns_rdataset_t *rdataset, isc_mem_t *mctx)
+print_rdataset(dns_name_t *name, dns_rdataset_t *rdataset)
{
isc_buffer_t *b = NULL;
isc_result_t result;
@@ -4640,17 +4633,17 @@ print_rdataset(dns_name_t *name, dns_rdataset_t *rdataset, isc_mem_t *mctx)
void
-dup_name(dns_name_t *source, dns_name_t *target, isc_mem_t *mctx) {
+dup_name(dns_name_t *source, dns_name_t *target) {
isc_result_t result;
if (dns_name_dynamic(target))
- free_name(target, mctx);
+ free_name(target);
result = dns_name_dup(source, mctx, target);
check_result(result, "dns_name_dup");
}
void
-free_name(dns_name_t *name, isc_mem_t *mctx) {
+free_name(dns_name_t *name) {
dns_name_free(name, mctx);
dns_name_init(name, NULL);
}
@@ -4667,8 +4660,7 @@ free_name(dns_name_t *name, isc_mem_t *mctx) {
*/
isc_result_t
contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset,
- dns_rdataset_t *sigrdataset,
- isc_mem_t *mctx)
+ dns_rdataset_t *sigrdataset)
{
dns_rdataset_t myrdataset;
dst_key_t *dnsseckey = NULL;
@@ -4704,8 +4696,7 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset,
dst_key_id(dnsseckey));
result = sigchase_verify_sig_key(name, rdataset,
dnsseckey,
- sigrdataset,
- mctx);
+ sigrdataset);
if (result == ISC_R_SUCCESS)
goto cleanup;
}
@@ -4713,19 +4704,20 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset,
dst_key_free(&dnsseckey);
} while (dns_rdataset_next(&myrdataset) == ISC_R_SUCCESS);
+ result = ISC_R_NOTFOUND;
+
cleanup:
if (dnsseckey != NULL)
dst_key_free(&dnsseckey);
dns_rdataset_disassociate(&myrdataset);
- return (ISC_R_NOTFOUND);
+ return (result);
}
isc_result_t
sigchase_verify_sig(dns_name_t *name, dns_rdataset_t *rdataset,
dns_rdataset_t *keyrdataset,
- dns_rdataset_t *sigrdataset,
- isc_mem_t *mctx)
+ dns_rdataset_t *sigrdataset)
{
dns_rdataset_t mykeyrdataset;
dst_key_t *dnsseckey = NULL;
@@ -4748,7 +4740,7 @@ sigchase_verify_sig(dns_name_t *name, dns_rdataset_t *rdataset,
check_result(result, "dns_dnssec_keyfromrdata");
result = sigchase_verify_sig_key(name, rdataset, dnsseckey,
- sigrdataset, mctx);
+ sigrdataset);
if (result == ISC_R_SUCCESS)
goto cleanup;
dst_key_free(&dnsseckey);
@@ -4766,8 +4758,7 @@ sigchase_verify_sig(dns_name_t *name, dns_rdataset_t *rdataset,
isc_result_t
sigchase_verify_sig_key(dns_name_t *name, dns_rdataset_t *rdataset,
- dst_key_t *dnsseckey, dns_rdataset_t *sigrdataset,
- isc_mem_t *mctx)
+ dst_key_t *dnsseckey, dns_rdataset_t *sigrdataset)
{
dns_rdata_sig_t siginfo;
dns_rdataset_t myrdataset;
@@ -4826,7 +4817,7 @@ sigchase_verify_sig_key(dns_name_t *name, dns_rdataset_t *rdataset,
isc_result_t
sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
- dns_rdataset_t *dsrdataset, isc_mem_t *mctx)
+ dns_rdataset_t *dsrdataset)
{
dns_rdata_ds_t dsinfo;
dns_rdataset_t mydsrdataset;
@@ -4893,8 +4884,7 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
result = sigchase_verify_sig_key(name,
keyrdataset,
dnsseckey,
- chase_sigkeyrdataset,
- mctx);
+ chase_sigkeyrdataset);
if (result == ISC_R_SUCCESS)
goto cleanup;
} else {
@@ -5000,7 +4990,7 @@ sigchase_td(dns_message_t *msg)
dns_rdatatype_ns,
dns_rdatatype_any,
DNS_SECTION_AUTHORITY);
- dup_name(name, &chase_authority_name, mctx);
+ dup_name(name, &chase_authority_name);
if (chase_nsrdataset != NULL) {
have_delegation_ns = ISC_TRUE;
printf("no response but there is a delegation"
@@ -5018,7 +5008,7 @@ sigchase_td(dns_message_t *msg)
} else {
printf(";; NO ANSWERS: %s\n",
isc_result_totext(result));
- free_name(&chase_name, mctx);
+ free_name(&chase_name);
clean_trustedkey();
return;
}
@@ -5050,7 +5040,7 @@ sigchase_td(dns_message_t *msg)
return;
INSIST(chase_keyrdataset != NULL);
printf("\n;; DNSKEYset:\n");
- print_rdataset(&chase_current_name , chase_keyrdataset, mctx);
+ print_rdataset(&chase_current_name , chase_keyrdataset);
result = advanced_rrsearch(&chase_sigkeyrdataset,
@@ -5067,22 +5057,20 @@ sigchase_td(dns_message_t *msg)
return;
INSIST(chase_sigkeyrdataset != NULL);
printf("\n;; RRSIG of the DNSKEYset:\n");
- print_rdataset(&chase_current_name , chase_sigkeyrdataset, mctx);
+ print_rdataset(&chase_current_name , chase_sigkeyrdataset);
if (!chase_dslookedup && !chase_nslookedup) {
if (!delegation_follow) {
result = contains_trusted_key(&chase_current_name,
chase_keyrdataset,
- chase_sigkeyrdataset,
- mctx);
+ chase_sigkeyrdataset);
} else {
INSIST(chase_dsrdataset != NULL);
INSIST(chase_sigdsrdataset != NULL);
result = sigchase_verify_ds(&chase_current_name,
chase_keyrdataset,
- chase_dsrdataset,
- mctx);
+ chase_dsrdataset);
}
if (result != ISC_R_SUCCESS) {
@@ -5141,8 +5129,8 @@ sigchase_td(dns_message_t *msg)
result = child_of_zone(&chase_name, &chase_current_name,
&tmp_name);
if (dns_name_dynamic(&chase_authority_name))
- free_name(&chase_authority_name, mctx);
- dup_name(&tmp_name, &chase_authority_name, mctx);
+ free_name(&chase_authority_name);
+ dup_name(&tmp_name, &chase_authority_name);
printf(";; and we try to continue chain of trust"
" validation of the zone: ");
dns_name_print(&chase_authority_name, stdout);
@@ -5187,7 +5175,7 @@ sigchase_td(dns_message_t *msg)
return;
INSIST(chase_dsrdataset != NULL);
printf("\n;; DSset:\n");
- print_rdataset(&chase_authority_name , chase_dsrdataset, mctx);
+ print_rdataset(&chase_authority_name , chase_dsrdataset);
result = advanced_rrsearch(&chase_sigdsrdataset,
&chase_authority_name,
@@ -5200,14 +5188,13 @@ sigchase_td(dns_message_t *msg)
goto cleanandgo;
}
printf("\n;; RRSIGset of DSset\n");
- print_rdataset(&chase_authority_name,
- chase_sigdsrdataset, mctx);
+ print_rdataset(&chase_authority_name, chase_sigdsrdataset);
INSIST(chase_sigdsrdataset != NULL);
result = sigchase_verify_sig(&chase_authority_name,
chase_dsrdataset,
chase_keyrdataset,
- chase_sigdsrdataset, mctx);
+ chase_sigdsrdataset);
if (result != ISC_R_SUCCESS) {
printf("\n;; Impossible to verify the DSset:"
" FAILED\n\n");
@@ -5223,8 +5210,8 @@ sigchase_td(dns_message_t *msg)
have_delegation_ns = ISC_FALSE;
delegation_follow = ISC_TRUE;
error_message = NULL;
- dup_name(&chase_authority_name, &chase_current_name, mctx);
- free_name(&chase_authority_name, mctx);
+ dup_name(&chase_authority_name, &chase_current_name);
+ free_name(&chase_authority_name);
return;
}
@@ -5249,14 +5236,14 @@ sigchase_td(dns_message_t *msg)
}
ret = sigchase_verify_sig(&rdata_name, rdataset,
chase_keyrdataset,
- sigrdataset, mctx);
+ sigrdataset);
if (ret != ISC_R_SUCCESS) {
- free_name(&rdata_name, mctx);
+ free_name(&rdata_name);
printf("\n;; Impossible to verify the NSEC RR to prove"
" the non-existence : FAILED\n\n");
goto cleanandgo;
}
- free_name(&rdata_name, mctx);
+ free_name(&rdata_name);
if (result != ISC_R_SUCCESS) {
printf("\n;; Impossible to verify the non-existence:"
" FAILED\n\n");
@@ -5271,9 +5258,9 @@ sigchase_td(dns_message_t *msg)
cleanandgo:
printf(";; cleanandgo \n");
if (dns_name_dynamic(&chase_current_name))
- free_name(&chase_current_name, mctx);
+ free_name(&chase_current_name);
if (dns_name_dynamic(&chase_authority_name))
- free_name(&chase_authority_name, mctx);
+ free_name(&chase_authority_name);
clean_trustedkey();
return;
@@ -5289,22 +5276,22 @@ sigchase_td(dns_message_t *msg)
}
result = sigchase_verify_sig(&chase_name, chase_rdataset,
chase_keyrdataset,
- chase_sigrdataset, mctx);
+ chase_sigrdataset);
if (result != ISC_R_SUCCESS) {
printf("\n;; Impossible to verify the RRset : FAILED\n\n");
/*
printf("RRset:\n");
- print_rdataset(&chase_name , chase_rdataset, mctx);
+ print_rdataset(&chase_name , chase_rdataset);
printf("DNSKEYset:\n");
- print_rdataset(&chase_name , chase_keyrdataset, mctx);
+ print_rdataset(&chase_name , chase_keyrdataset);
printf("RRSIG of RRset:\n");
- print_rdataset(&chase_name , chase_sigrdataset, mctx);
+ print_rdataset(&chase_name , chase_sigrdataset);
printf("\n");
*/
goto cleanandgo;
} else {
printf("\n;; The Answer:\n");
- print_rdataset(&chase_name , chase_rdataset, mctx);
+ print_rdataset(&chase_name , chase_rdataset);
printf("\n;; FINISH : we have validate the DNSSEC chain"
" of trust: SUCCESS\n\n");
@@ -5345,9 +5332,9 @@ getneededrr(dns_message_t *msg)
printf("\n;; No Answers: Validation FAILED\n\n");
return (ISC_R_NOTFOUND);
}
- dup_name(name, &chase_name, mctx);
+ dup_name(name, &chase_name);
printf(";; RRset to chase:\n");
- print_rdataset(&chase_name, chase_rdataset, mctx);
+ print_rdataset(&chase_name, chase_rdataset);
}
INSIST(chase_rdataset != NULL);
@@ -5361,14 +5348,14 @@ getneededrr(dns_message_t *msg)
printf("\n;; RRSIG is missing for continue validation:"
" FAILED\n\n");
if (dns_name_dynamic(&chase_name))
- free_name(&chase_name, mctx);
+ free_name(&chase_name);
return (ISC_R_NOTFOUND);
}
if (result == ISC_R_NOTFOUND) {
return (ISC_R_NOTFOUND);
}
printf("\n;; RRSIG of the RRset to chase:\n");
- print_rdataset(&chase_name, chase_sigrdataset, mctx);
+ print_rdataset(&chase_name, chase_sigrdataset);
}
INSIST(chase_sigrdataset != NULL);
@@ -5379,7 +5366,7 @@ getneededrr(dns_message_t *msg)
dns_rdataset_current(chase_sigrdataset, &sigrdata);
result = dns_rdata_tostruct(&sigrdata, &siginfo, NULL);
check_result(result, "sigrdata tostruct siginfo");
- dup_name(&siginfo.signer, &chase_signame, mctx);
+ dup_name(&siginfo.signer, &chase_signame);
dns_rdata_freestruct(&siginfo);
dns_rdata_reset(&sigrdata);
@@ -5393,17 +5380,17 @@ getneededrr(dns_message_t *msg)
if (result == ISC_R_FAILURE) {
printf("\n;; DNSKEY is missing to continue validation:"
" FAILED\n\n");
- free_name(&chase_signame, mctx);
+ free_name(&chase_signame);
if (dns_name_dynamic(&chase_name))
- free_name(&chase_name, mctx);
+ free_name(&chase_name);
return (ISC_R_NOTFOUND);
}
if (result == ISC_R_NOTFOUND) {
- free_name(&chase_signame, mctx);
+ free_name(&chase_signame);
return (ISC_R_NOTFOUND);
}
printf("\n;; DNSKEYset that signs the RRset to chase:\n");
- print_rdataset(&chase_signame, chase_keyrdataset, mctx);
+ print_rdataset(&chase_signame, chase_keyrdataset);
}
INSIST(chase_keyrdataset != NULL);
@@ -5416,18 +5403,18 @@ getneededrr(dns_message_t *msg)
if (result == ISC_R_FAILURE) {
printf("\n;; RRSIG for DNSKEY is missing to continue"
" validation : FAILED\n\n");
- free_name(&chase_signame, mctx);
+ free_name(&chase_signame);
if (dns_name_dynamic(&chase_name))
- free_name(&chase_name, mctx);
+ free_name(&chase_name);
return (ISC_R_NOTFOUND);
}
if (result == ISC_R_NOTFOUND) {
- free_name(&chase_signame, mctx);
+ free_name(&chase_signame);
return (ISC_R_NOTFOUND);
}
printf("\n;; RRSIG of the DNSKEYset that signs the "
"RRset to chase:\n");
- print_rdataset(&chase_signame, chase_sigkeyrdataset, mctx);
+ print_rdataset(&chase_signame, chase_sigkeyrdataset);
}
INSIST(chase_sigkeyrdataset != NULL);
@@ -5442,12 +5429,12 @@ getneededrr(dns_message_t *msg)
printf("\n");
}
if (result == ISC_R_NOTFOUND) {
- free_name(&chase_signame, mctx);
+ free_name(&chase_signame);
return (ISC_R_NOTFOUND);
}
if (chase_dsrdataset != NULL) {
printf("\n;; DSset of the DNSKEYset\n");
- print_rdataset(&chase_signame, chase_dsrdataset, mctx);
+ print_rdataset(&chase_signame, chase_dsrdataset);
}
}
@@ -5470,8 +5457,7 @@ getneededrr(dns_message_t *msg)
chase_dsrdataset = NULL;
} else {
printf("\n;; RRSIG of the DSset of the DNSKEYset\n");
- print_rdataset(&chase_signame, chase_sigdsrdataset,
- mctx);
+ print_rdataset(&chase_signame, chase_sigdsrdataset);
}
}
return (1);
@@ -5486,7 +5472,7 @@ sigchase_bu(dns_message_t *msg)
int ret;
if (tk_list.nb_tk == 0) {
- result = get_trusted_key(mctx);
+ result = get_trusted_key();
if (result != ISC_R_SUCCESS) {
printf("No trusted keys present\n");
return;
@@ -5513,7 +5499,7 @@ sigchase_bu(dns_message_t *msg)
result = prove_nx(msg, &query_name, current_lookup->rdclass,
current_lookup->rdtype, &rdata_name,
&rdataset, &sigrdataset);
- free_name(&query_name, mctx);
+ free_name(&query_name);
if (rdataset == NULL || sigrdataset == NULL ||
dns_name_countlabels(&rdata_name) == 0) {
printf("\n;; Impossible to verify the Non-existence,"
@@ -5532,8 +5518,8 @@ sigchase_bu(dns_message_t *msg)
printf(";; An NSEC prove the non-existence of a answers,"
" Now we want validate this NSEC\n");
- dup_name(&rdata_name, &chase_name, mctx);
- free_name(&rdata_name, mctx);
+ dup_name(&rdata_name, &chase_name);
+ free_name(&rdata_name);
chase_rdataset = rdataset;
chase_sigrdataset = sigrdataset;
chase_keyrdataset = NULL;
@@ -5554,10 +5540,10 @@ sigchase_bu(dns_message_t *msg)
result = sigchase_verify_sig(&chase_name, chase_rdataset,
chase_keyrdataset,
- chase_sigrdataset, mctx);
+ chase_sigrdataset);
if (result != ISC_R_SUCCESS) {
- free_name(&chase_name, mctx);
- free_name(&chase_signame, mctx);
+ free_name(&chase_name);
+ free_name(&chase_signame);
printf(";; No DNSKEY is valid to check the RRSIG"
" of the RRset: FAILED\n");
clean_trustedkey();
@@ -5566,10 +5552,10 @@ sigchase_bu(dns_message_t *msg)
printf(";; OK We found DNSKEY (or more) to validate the RRset\n");
result = contains_trusted_key(&chase_signame, chase_keyrdataset,
- chase_sigkeyrdataset, mctx);
+ chase_sigkeyrdataset);
if (result == ISC_R_SUCCESS) {
- free_name(&chase_name, mctx);
- free_name(&chase_signame, mctx);
+ free_name(&chase_name);
+ free_name(&chase_signame);
printf("\n;; Ok this DNSKEY is a Trusted Key,"
" DNSSEC validation is ok: SUCCESS\n\n");
clean_trustedkey();
@@ -5579,8 +5565,8 @@ sigchase_bu(dns_message_t *msg)
printf(";; Now, we are going to validate this DNSKEY by the DS\n");
if (chase_dsrdataset == NULL) {
- free_name(&chase_name, mctx);
- free_name(&chase_signame, mctx);
+ free_name(&chase_name);
+ free_name(&chase_signame);
printf(";; the DNSKEY isn't trusted-key and there isn't"
" DS to validate the DNSKEY: FAILED\n");
clean_trustedkey();
@@ -5588,10 +5574,10 @@ sigchase_bu(dns_message_t *msg)
}
result = sigchase_verify_ds(&chase_signame, chase_keyrdataset,
- chase_dsrdataset, mctx);
+ chase_dsrdataset);
if (result != ISC_R_SUCCESS) {
- free_name(&chase_signame, mctx);
- free_name(&chase_name, mctx);
+ free_name(&chase_signame);
+ free_name(&chase_name);
printf(";; ERROR no DS validates a DNSKEY in the"
" DNSKEY RRset: FAILED\n");
clean_trustedkey();
@@ -5602,8 +5588,8 @@ sigchase_bu(dns_message_t *msg)
" the RRset\n");
INSIST(chase_sigdsrdataset != NULL);
- dup_name(&chase_signame, &chase_name, mctx);
- free_name(&chase_signame, mctx);
+ dup_name(&chase_signame, &chase_name);
+ free_name(&chase_signame);
chase_rdataset = chase_dsrdataset;
chase_sigrdataset = chase_sigdsrdataset;
chase_keyrdataset = NULL;
@@ -5716,7 +5702,7 @@ prove_nx_domain(dns_message_t *msg,
printf("There is a NSEC for this zone in the"
" AUTHORITY section:\n");
- print_rdataset(nsecname, nsecset, mctx);
+ print_rdataset(nsecname, nsecset);
for (result = dns_rdataset_first(nsecset);
result == ISC_R_SUCCESS;
@@ -5745,7 +5731,7 @@ prove_nx_domain(dns_message_t *msg,
dns_rdata_freestruct(&nsecstruct);
*rdataset = nsecset;
*sigrdataset = signsecset;
- dup_name(nsecname, rdata_name, mctx);
+ dup_name(nsecname, rdata_name);
return (ISC_R_SUCCESS);
}
@@ -5798,7 +5784,7 @@ prove_nx_type(dns_message_t *msg, dns_name_t *name, dns_rdataset_t *nsecset,
printf("There isn't RRSIG NSEC for the zone \n");
return (ISC_R_FAILURE);
}
- dup_name(name, rdata_name, mctx);
+ dup_name(name, rdata_name);
*rdataset = nsecset;
*sigrdataset = signsecset;
generated by cgit v1.3 (git 2.53.0) at 2026-04-23 11:56:29 +0000