3268. [bug] Convert RRSIG expiry times to 64 timestamps to work

out the earliest expiry time. [RT #23311]
2025-08-30 14:07:59 +00:00 · 2012-01-27 01:43:53 +00:00 · 2012-01-27 01:43:53 +00:00 · bc298cd0f7
commit bc298cd0f7
parent 1bb3831e13
5 changed files with 45 additions and 19 deletions
--- a/3
+++ b/3
@ -1,3 +1,6 @@
+3268.	[bug]		Convert RRSIG expiry times to 64 timestamps to work
+			out the earliest expiry time. [RT #23311]
+
 3267.	[bug]		Memory allocation failures could be mis-reported as
 			unexpected error.  New ISC_R_UNSET result code.
 			[RT #27336]
--- a/lib/dns/include/dns/time.h
+++ b/lib/dns/include/dns/time.h
@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: time.h,v 1.17 2007/06/19 23:47:17 tbox Exp $ */
+/* $Id: time.h,v 1.18 2012/01/27 01:43:52 marka Exp $ */

 #ifndef DNS_TIME_H
 #define DNS_TIME_H 1
@ -67,6 +67,12 @@ dns_time32_totext(isc_uint32_t value, isc_buffer_t *target);
 * current date is chosen.
 */

+isc_int64_t
+dns_time64_from32(isc_uint32_t value);
+/*%<
+ * Covert a 32-bit cyclic time value into a 64 bit time stamp. 
+ */
+
 ISC_LANG_ENDDECLS

 #endif /* DNS_TIME_H */
--- a/lib/dns/time.c
+++ b/lib/dns/time.c
@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: time.c,v 1.37 2011/03/09 23:47:17 tbox Exp $ */
+/* $Id: time.c,v 1.38 2012/01/27 01:43:51 marka Exp $ */

 /*! \file */

@ -103,8 +103,8 @@ dns_time64_totext(isc_int64_t t, isc_buffer_t *target) {
 	return (ISC_R_SUCCESS);
 }

-isc_result_t
-dns_time32_totext(isc_uint32_t value, isc_buffer_t *target) {
+isc_int64_t
+dns_time64_from32(isc_uint32_t value) {
 	isc_stdtime_t now;
 	isc_int64_t start;
 	isc_int64_t t;
@ -121,7 +121,13 @@ dns_time32_totext(isc_uint32_t value, isc_buffer_t *target) {
 		t = start + (value - now);
 	else
 		t = start - (now - value);
-	return (dns_time64_totext(t, target));
+
+	return (t);
+}
+
+isc_result_t
+dns_time32_totext(isc_uint32_t value, isc_buffer_t *target) {
+	return (dns_time64_totext(dns_time64_from32(value), target));
 }

 isc_result_t
--- a/lib/dns/win32/libdns.def
+++ b/lib/dns/win32/libdns.def
@ -686,6 +686,7 @@ dns_tcpmsg_readmessage
 dns_tcpmsg_setmaxsize
 dns_time32_fromtext
 dns_time32_totext
+dns_time64_from32
 dns_time64_fromtext
 dns_time64_totext
 dns_timer_setidle
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: zone.c,v 1.664 2012/01/25 23:46:49 tbox Exp $ */
+/* $Id: zone.c,v 1.665 2012/01/27 01:43:51 marka Exp $ */

 /*! \file */

@ -76,6 +76,7 @@
 #include <dns/soa.h>
 #include <dns/ssu.h>
 #include <dns/stats.h>
+#include <dns/time.h>
 #include <dns/tsig.h>
 #include <dns/update.h>
 #include <dns/xfrin.h>
@ -5001,7 +5002,7 @@ offline(dns_db_t *db, dns_dbversion_t *ver, dns_diff_t *diff, dns_name_t *name,
 }

 static void
-set_key_expiry_warning(dns_zone_t *zone, isc_stdtime_t when, isc_stdtime_t now)
+set_key_expiry_warning(dns_zone_t *zone, isc_uint64_t when, isc_stdtime_t now)
 {
 	unsigned int delta;
 	char timebuf[80];
@ -5080,7 +5081,7 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
 	unsigned int i;
 	dns_rdata_rrsig_t rrsig;
 	isc_boolean_t found, changed;
-	isc_stdtime_t warn = 0, maybe = 0;
+	isc_int64_t warn = 0, maybe = 0;

 	dns_rdataset_init(&rdataset);

@ -5182,21 +5183,20 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
 				 * iff there is a new offline signature.
 				 */
 				if (!dst_key_isprivate(keys[i])) {
-					if (warn != 0 &&
-					    warn > rrsig.timeexpire)
-						warn = rrsig.timeexpire;
+					isc_int64_t timeexpire =
+					   dns_time64_from32(rrsig.timeexpire);
+					if (warn != 0 && warn > timeexpire)
+						warn = timeexpire;
 					if (rdata.flags & DNS_RDATA_OFFLINE) {
 						if (maybe == 0 ||
-						    maybe > rrsig.timeexpire)
-							maybe =
-							     rrsig.timeexpire;
+						    maybe > timeexpire)
+							maybe = timeexpire;
 						break;
 					}
 					if (warn == 0)
 						warn = maybe;
-					if (warn == 0 ||
-					    warn > rrsig.timeexpire)
-						warn = rrsig.timeexpire;
+					if (warn == 0 || warn > timeexpire)
+						warn = timeexpire;
 					result = offline(db, ver, diff, name,
 							 rdataset.ttl, &rdata);
 					break;
@ -5227,8 +5227,18 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
 	dns_rdataset_disassociate(&rdataset);
 	if (result == ISC_R_NOMORE)
 		result = ISC_R_SUCCESS;
-	if (warn != 0)
-		set_key_expiry_warning(zone, warn, now);
+	if (warn > 0) {
+#if defined(STDTIME_ON_32BITS)
+		isc_stdtime_t stdwarn = (isc_stdtime_t)warn;
+		if (warn == stdwarn)
+#endif
+			set_key_expiry_warning(zone, (isc_stdtime_t)warn, now);
+#if defined(STDTIME_ON_32BITS)
+		else
+			dns_zone_log(zone, ISC_LOG_ERROR,
+			     	     "key expiry warning time out of range");
+#endif
+	}
 failure:
 	if (node != NULL)
 		dns_db_detachnode(db, &node);