mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-04 00:25:29 +00:00
Code Issues Releases Wiki Activity

better error checking

Browse Source
This commit is contained in:
Brian Wellington
1999-09-10 15:42:57 +00:00
parent 0f78de4d61
commit 05b6b2e680
2 changed files with 24 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/dns/include/dns/tsig.h
View File

@@ -87,12 +87,12 @@ dns_tsig_sign(dns_message_t *msg);
* 'msg' is a valid message * 'msg' is a valid message
* 'msg->tsigkey' is a valid TSIG key * 'msg->tsigkey' is a valid TSIG key
* 'msg->tsig' is NULL * 'msg->tsig' is NULL
* 'msg->querytsig' is not NULL if this is a response
* *
* Returns: * Returns:
* ISC_R_SUCCESS * ISC_R_SUCCESS
* ISC_R_NOMEMORY * ISC_R_NOMEMORY
* ISC_R_NOSPACE * ISC_R_NOSPACE
* DNS_R_EXPECTEDTSIG - this is a response & msg->querytsig is NULL
*/ */
isc_result_t isc_result_t
@@ -102,7 +102,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg);
* *
* Requires: * Requires:
* 'source' is a valid buffer containing the unparsed message * 'source' is a valid buffer containing the unparsed message
* 'msg' is a valid message containing a TSIG record * 'msg' is a valid message
* 'msg->tsigkey' is a valid TSIG key if this is a response * 'msg->tsigkey' is a valid TSIG key if this is a response
* 'msg->tsig' is NULL * 'msg->tsig' is NULL
* 'msg->querytsig' is not NULL if this is a response * 'msg->querytsig' is not NULL if this is a response
@@ -110,6 +110,8 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg);
* Returns: * Returns:
* DNS_R_SUCCESS * DNS_R_SUCCESS
* ISC_R_NOMEMORY * ISC_R_NOMEMORY
* DNS_R_EXPECTEDTSIG - A TSIG was expected but not seen
* DNS_R_UNEXPECTEDTSIG - A TSIG was seen but not expected
* DNS_R_TSIGERRORSET - the TSIG verified but ->error was set * DNS_R_TSIGERRORSET - the TSIG verified but ->error was set
* and this is a query * and this is a query
* DNS_R_TSIGVERIFYFAILURE - the TSIG failed to verify * DNS_R_TSIGVERIFYFAILURE - the TSIG failed to verify

32
lib/dns/tsig.c
View File

@@ -16,7 +16,7 @@
*/ */
/* /*
* $Id: tsig.c,v 1.10 1999/09/10 14:56:36 bwelling Exp $ * $Id: tsig.c,v 1.11 1999/09/10 15:42:57 bwelling Exp $
* Principal Author: Brian Wellington * Principal Author: Brian Wellington
*/ */
@@ -175,15 +175,15 @@ dns_tsig_sign(dns_message_t *msg) {
isc_stdtime_t now; isc_stdtime_t now;
dst_context_t ctx; dst_context_t ctx;
isc_mem_t *mctx; isc_mem_t *mctx;
int tries;
isc_result_t ret; isc_result_t ret;
REQUIRE(msg != NULL); REQUIRE(msg != NULL);
if (msg->tsigkey != NULL) REQUIRE(VALID_TSIG_KEY(msg->tsigkey));
REQUIRE(VALID_TSIG_KEY(msg->tsigkey));
REQUIRE(msg->tsig == NULL); REQUIRE(msg->tsig == NULL);
if (is_response(msg))
REQUIRE(msg->querytsig != NULL); /* If this is a response, there should be a query tsig */
if (is_response(msg) && msg->querytsig != NULL)
return (DNS_R_EXPECTEDTSIG);
dynbuf = NULL; dynbuf = NULL;
@@ -374,7 +374,6 @@ dns_tsig_sign(dns_message_t *msg) {
ret = dns_message_gettemprdata(msg, &rdata); ret = dns_message_gettemprdata(msg, &rdata);
if (ret != ISC_R_SUCCESS) if (ret != ISC_R_SUCCESS)
goto cleanup_signature; goto cleanup_signature;
tries = 0;
ret = isc_buffer_allocate(msg->mctx, &dynbuf, 512, ret = isc_buffer_allocate(msg->mctx, &dynbuf, 512,
ISC_BUFFERTYPE_BINARY); ISC_BUFFERTYPE_BINARY);
ret = dns_rdata_fromstruct(rdata, dns_rdataclass_any, ret = dns_rdata_fromstruct(rdata, dns_rdataclass_any,
@@ -450,11 +449,20 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
REQUIRE(source != NULL); REQUIRE(source != NULL);
REQUIRE(msg != NULL); REQUIRE(msg != NULL);
REQUIRE(msg->tsig == NULL); REQUIRE(msg->tsig == NULL);
REQUIRE(!(ISC_LIST_EMPTY(msg->sections[DNS_SECTION_TSIG]))); if (msg->tsigkey != NULL)
if (is_response(msg)) { REQUIRE(VALID_TSIG_KEY(msg->tsigkey));
REQUIRE(msg->querytsig != NULL);
REQUIRE(msg->tsigkey != NULL); /* There should be a TSIG record... */
} if (ISC_LIST_EMPTY(msg->sections[DNS_SECTION_TSIG]))
return (DNS_R_EXPECTEDTSIG);
/*
* If this is a response and there's no key or query TSIG, there
* shouldn't be one on the response.
*/
if (is_response(msg) &&
(msg->tsigkey == NULL || msg->querytsig == NULL))
return (DNS_R_UNEXPECTEDTSIG);
mctx = msg->mctx; mctx = msg->mctx;