mirror of
https://github.com/pi-hole/dnsmasq.git
synced 2025-12-19 10:18:25 +00:00
Fix brace botch in dnssec_validate_ds()
Thanks to Michał Kępień for spotting this.
This commit is contained in:
Simon Kelley
14
src/dnssec.c
14
src/dnssec.c
@@ -927,7 +927,7 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
|
|||||||
STAT_BOGUS No DNSKEYs found, which can be validated with DS,
|
STAT_BOGUS No DNSKEYs found, which can be validated with DS,
|
||||||
or self-sign for DNSKEY RRset is not valid, bad packet.
|
or self-sign for DNSKEY RRset is not valid, bad packet.
|
||||||
STAT_NEED_DS DS records to validate a key not found, name in keyname
|
STAT_NEED_DS DS records to validate a key not found, name in keyname
|
||||||
STAT_NEED_DNSKEY DNSKEY records to validate a key not found, name in keyname
|
STAT_NEED_KEY DNSKEY records to validate a key not found, name in keyname
|
||||||
*/
|
*/
|
||||||
int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
|
int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
|
||||||
{
|
{
|
||||||
@@ -1224,13 +1224,13 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
|
|||||||
}
|
}
|
||||||
|
|
||||||
p = psave;
|
p = psave;
|
||||||
|
}
|
||||||
if (!ADD_RDLEN(header, p, plen, rdlen))
|
if (!ADD_RDLEN(header, p, plen, rdlen))
|
||||||
return STAT_BOGUS; /* bad packet */
|
return STAT_BOGUS; /* bad packet */
|
||||||
}
|
}
|
||||||
|
|
||||||
cache_end_insert();
|
cache_end_insert();
|
||||||
}
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@@ -1831,7 +1831,7 @@ static int prove_non_existence(struct dns_header *header, size_t plen, char *key
|
|||||||
STAT_SECURE zone is signed.
|
STAT_SECURE zone is signed.
|
||||||
STAT_INSECURE zone proved unsigned.
|
STAT_INSECURE zone proved unsigned.
|
||||||
STAT_NEED_DS require DS record of name returned in keyname.
|
STAT_NEED_DS require DS record of name returned in keyname.
|
||||||
STAT_NEED_DNSKEY require DNSKEY record of name returned in keyname.
|
STAT_NEED_KEY require DNSKEY record of name returned in keyname.
|
||||||
name returned unaltered.
|
name returned unaltered.
|
||||||
*/
|
*/
|
||||||
static int zone_status(char *name, int class, char *keyname, time_t now)
|
static int zone_status(char *name, int class, char *keyname, time_t now)
|
||||||
@@ -2028,7 +2028,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
|
|||||||
if (rc == STAT_SECURE)
|
if (rc == STAT_SECURE)
|
||||||
rc = STAT_BOGUS;
|
rc = STAT_BOGUS;
|
||||||
if (class)
|
if (class)
|
||||||
*class = class1; /* Class for NEED_DS or NEED_DNSKEY */
|
*class = class1; /* Class for NEED_DS or NEED_KEY */
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
rc = STAT_INSECURE;
|
rc = STAT_INSECURE;
|
||||||
@@ -2045,7 +2045,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
|
|||||||
{
|
{
|
||||||
/* Zone is insecure, don't need to validate RRset */
|
/* Zone is insecure, don't need to validate RRset */
|
||||||
if (class)
|
if (class)
|
||||||
*class = class1; /* Class for NEED_DS or NEED_DNSKEY */
|
*class = class1; /* Class for NEED_DS or NEED_KEY */
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -2115,7 +2115,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
|
|||||||
if ((rc = zone_status(name, qclass, keyname, now)) != STAT_SECURE)
|
if ((rc = zone_status(name, qclass, keyname, now)) != STAT_SECURE)
|
||||||
{
|
{
|
||||||
if (class)
|
if (class)
|
||||||
*class = qclass; /* Class for NEED_DS or NEED_DNSKEY */
|
*class = qclass; /* Class for NEED_DS or NEED_KEY */
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user