Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Return configured DNSKEYs even though we don't have RRSIGS for them.

Browse Source
This commit is contained in:
Simon Kelley
2014-02-03 16:44:32 +00:00
parent 8d718cbb3e
commit 5f938534a9
3 changed files with 69 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/blockdata.c
View File

@@ -73,8 +73,7 @@ struct blockdata *blockdata_alloc(char *data, size_t len)
keyblock_free = block->next; keyblock_free = block->next;
blockdata_count++; blockdata_count++;
} }
else
if (!block)
{ {
/* failed to alloc, free partial chain */ /* failed to alloc, free partial chain */
blockdata_free(ret); blockdata_free(ret);

2
src/cache.c
View File

@@ -486,7 +486,7 @@ struct crec *cache_insert(char *name, struct all_addr *addr,
insert. Once in this state, all inserts will probably fail. */ insert. Once in this state, all inserts will probably fail. */
if (free_avail) if (free_avail)
{ {
static warned = 0; static int warned = 0;
if (!warned) if (!warned)
{ {
my_syslog(LOG_ERR, _("Internal error in cache.")); my_syslog(LOG_ERR, _("Internal error in cache."));

21
src/rfc1035.c
View File

@@ -1553,23 +1553,24 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
#ifdef HAVE_DNSSEC #ifdef HAVE_DNSSEC
if (option_bool(OPT_DNSSEC_VALID) && (qtype == T_DNSKEY || qtype == T_DS || qtype == T_RRSIG)) if (option_bool(OPT_DNSSEC_VALID) && (qtype == T_DNSKEY || qtype == T_DS || qtype == T_RRSIG))
{ {
int gotone = 0; int gotone = 0, have_rrsig = 0;
struct blockdata *keydata; struct blockdata *keydata;
/* Do we have RRSIG? Can't do DS or DNSKEY otherwise. */ /* Do we have RRSIG? Can't do DS or DNSKEY otherwise. */
crecp = NULL; crecp = NULL;
while ((crecp = cache_find_by_name(crecp, name, now, F_DNSKEY | F_DS))) while ((crecp = cache_find_by_name(crecp, name, now, F_DNSKEY | F_DS)))
if (crecp->uid == qclass && (qtype == T_RRSIG || crecp->addr.sig.type_covered == qtype)) if (crecp->uid == qclass && (qtype == T_RRSIG || crecp->addr.sig.type_covered == qtype))
break;
if (crecp)
{ {
if (qtype == T_RRSIG) have_rrsig = 1;
break;
}
if (qtype == T_RRSIG && have_rrsig)
{ {
ans = gotone = 1; ans = gotone = 1;
auth = 0; auth = 0;
} }
else if (qtype == T_DS) else if (qtype == T_DS && have_rrsig)
{ {
auth = 0; auth = 0;
crecp = NULL; crecp = NULL;
@@ -1596,10 +1597,12 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
crecp = NULL; crecp = NULL;
while ((crecp = cache_find_by_name(crecp, name, now, F_DNSKEY))) while ((crecp = cache_find_by_name(crecp, name, now, F_DNSKEY)))
if (crecp->uid == qclass) if (crecp->uid == qclass)
{
if ((crecp->flags & F_CONFIG) || have_rrsig) /* Return configured keys without an RRISG */
{ {
if (!(crecp->flags & F_CONFIG)) if (!(crecp->flags & F_CONFIG))
auth = 0; auth = 0, gotone = 1;
ans = gotone = 1; ans = 1;
if (!dryrun && (keydata = blockdata_retrieve(crecp->addr.key.keydata, crecp->addr.key.keylen, NULL))) if (!dryrun && (keydata = blockdata_retrieve(crecp->addr.key.keydata, crecp->addr.key.keylen, NULL)))
{ {
struct all_addr a; struct all_addr a;
@@ -1613,6 +1616,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
} }
} }
} }
}
/* Now do RRSIGs */ /* Now do RRSIGs */
if (gotone) if (gotone)
@@ -1637,7 +1641,6 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
} }
} }
} }
}
#endif #endif
if (qclass == C_IN) if (qclass == C_IN)