openwrt/dnsmasq
1
0
Fork 0
mirror of https://github.com/infinet/dnsmasq.git synced 2025-05-08 17:16:12 +08:00
Code Issues Releases Wiki Activity

Handle corner cases in NSEC coverage checks.

Browse Source
This commit is contained in:
Simon Kelley 2015-06-06 23:13:57 +01:00
parent 24e9207e13
commit 4d25cf89d5
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/dnssec.c
View File

@ -1493,13 +1493,13 @@ static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsi
{
/* Normal case, name falls between NSEC name and next domain name,
wrap around case, name falls between NSEC name (rc == -1) and end */
if (hostname_cmp(workspace2, name) == 1 || hostname_cmp(workspace1, workspace2) == 1)
if (hostname_cmp(workspace2, name) >= 0 || hostname_cmp(workspace1, workspace2) >= 0)
return STAT_SECURE;
}
else
{
/* wrap around case, name falls between start and next domain name */
if (hostname_cmp(workspace1, workspace2) == 1 && hostname_cmp(workspace2, name) == 1)
if (hostname_cmp(workspace1, workspace2) >= 0 && hostname_cmp(workspace2, name) >=0 )
return STAT_SECURE;
}
}
@ -1632,17 +1632,17 @@ static int check_nsec3_coverage(struct dns_header *header, size_t plen, int dige
return 1;
}
else if (rc <= 0)
else if (rc < 0)
{
/* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
wrap around case, name-hash falls between NSEC3 name-hash and end */
if (memcmp(p, digest, digest_len) > 0 || memcmp(workspace2, p, digest_len) > 0)
if (memcmp(p, digest, digest_len) >= 0 || memcmp(workspace2, p, digest_len) >= 0)
return 1;
}
else
{
/* wrap around case, name falls between start and next domain name */
if (memcmp(workspace2, p, digest_len) > 0 && memcmp(p, digest, digest_len) > 0)
if (memcmp(workspace2, p, digest_len) >= 0 && memcmp(p, digest, digest_len) >= 0)
return 1;
}
}