diff --git a/bin/delv/delv.c b/bin/delv/delv.c index c8a75cda9c..63064e9a79 100644 --- a/bin/delv/delv.c +++ b/bin/delv/delv.c @@ -614,7 +614,7 @@ static isc_result_t key_fromconfig(const cfg_obj_t *key, dns_client_t *client) { dns_rdata_dnskey_t dnskey; dns_rdata_ds_t ds; - uint32_t n1, n2, n3; + uint32_t rdata1, rdata2, rdata3; const char *datastr = NULL, *keynamestr = NULL, *atstr = NULL; unsigned char data[4096]; isc_buffer_t databuf; @@ -655,13 +655,13 @@ key_fromconfig(const cfg_obj_t *key, dns_client_t *client) { delv_log(ISC_LOG_DEBUG(3), "adding trust anchor %s", trust_anchor); /* if DNSKEY, flags; if DS, key tag */ - n1 = cfg_obj_asuint32(cfg_tuple_get(key, "n1")); + rdata1 = cfg_obj_asuint32(cfg_tuple_get(key, "rdata1")); /* if DNSKEY, protocol; if DS, algorithm */ - n2 = cfg_obj_asuint32(cfg_tuple_get(key, "n2")); + rdata2 = cfg_obj_asuint32(cfg_tuple_get(key, "rdata2")); /* if DNSKEY, algorithm; if DS, digest type */ - n3 = cfg_obj_asuint32(cfg_tuple_get(key, "n3")); + rdata3 = cfg_obj_asuint32(cfg_tuple_get(key, "rdata3")); /* What type of trust anchor is this? */ atstr = cfg_obj_asstring(cfg_tuple_get(key, "anchortype")); @@ -684,13 +684,13 @@ key_fromconfig(const cfg_obj_t *key, dns_client_t *client) { isc_buffer_init(&databuf, data, sizeof(data)); isc_buffer_init(&rrdatabuf, rrdata, sizeof(rrdata)); - if (n1 > 0xffff) { + if (rdata1 > 0xffff) { CHECK(ISC_R_RANGE); } - if (n2 > 0xff) { + if (rdata2 > 0xff) { CHECK(ISC_R_RANGE); } - if (n3 > 0xff) { + if (rdata3 > 0xff) { CHECK(ISC_R_RANGE); } @@ -704,9 +704,9 @@ key_fromconfig(const cfg_obj_t *key, dns_client_t *client) { ISC_LINK_INIT(&dnskey.common, link); - dnskey.flags = (uint16_t)n1; - dnskey.protocol = (uint8_t)n2; - dnskey.algorithm = (uint8_t)n3; + dnskey.flags = (uint16_t)rdata1; + dnskey.protocol = (uint8_t)rdata2; + dnskey.algorithm = (uint8_t)rdata3; datastr = cfg_obj_asstring(cfg_tuple_get(key, "data")); CHECK(isc_base64_decodestring(datastr, &databuf)); @@ -729,9 +729,9 @@ key_fromconfig(const cfg_obj_t *key, dns_client_t *client) { ISC_LINK_INIT(&ds.common, link); - ds.key_tag = (uint16_t)n1; - ds.algorithm = (uint8_t)n2; - ds.digest_type = (uint8_t)n3; + ds.key_tag = (uint16_t)rdata1; + ds.algorithm = (uint8_t)rdata2; + ds.digest_type = (uint8_t)rdata3; datastr = cfg_obj_asstring(cfg_tuple_get(key, "data")); CHECK(isc_hex_decodestring(datastr, &databuf)); diff --git a/bin/named/server.c b/bin/named/server.c index 549a6056f1..2eb6865f25 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -705,7 +705,7 @@ ta_fromconfig(const cfg_obj_t *key, bool *initialp, dst_key_t **keyp, { dns_rdata_dnskey_t keystruct; dns_rdata_ds_t *ds = NULL; - uint32_t n1, n2, n3; + uint32_t rdata1, rdata2, rdata3; const char *datastr = NULL, *namestr = NULL; unsigned char data[4096]; isc_buffer_t databuf; @@ -731,13 +731,13 @@ ta_fromconfig(const cfg_obj_t *key, bool *initialp, dst_key_t **keyp, REQUIRE(namestrp != NULL && *namestrp == NULL); /* if DNSKEY, flags; if DS, key tag */ - n1 = cfg_obj_asuint32(cfg_tuple_get(key, "n1")); + rdata1 = cfg_obj_asuint32(cfg_tuple_get(key, "rdata1")); /* if DNSKEY, protocol; if DS, algorithm */ - n2 = cfg_obj_asuint32(cfg_tuple_get(key, "n2")); + rdata2 = cfg_obj_asuint32(cfg_tuple_get(key, "rdata2")); /* if DNSKEY, algorithm; if DS, digest type */ - n3 = cfg_obj_asuint32(cfg_tuple_get(key, "n3")); + rdata3 = cfg_obj_asuint32(cfg_tuple_get(key, "rdata3")); namestr = cfg_obj_asstring(cfg_tuple_get(key, "name")); *namestrp = namestr; @@ -793,22 +793,22 @@ ta_fromconfig(const cfg_obj_t *key, bool *initialp, dst_key_t **keyp, ISC_LINK_INIT(&keystruct.common, link); - if (n1 > 0xffff) { + if (rdata1 > 0xffff) { CHECKM(ISC_R_RANGE, "key flags"); } - if (n1 & DNS_KEYFLAG_REVOKE) { + if (rdata1 & DNS_KEYFLAG_REVOKE) { CHECKM(DST_R_BADKEYTYPE, "key flags revoke bit set"); } - if (n2 > 0xff) { + if (rdata2 > 0xff) { CHECKM(ISC_R_RANGE, "key protocol"); } - if (n3> 0xff) { + if (rdata3> 0xff) { CHECKM(ISC_R_RANGE, "key algorithm"); } - keystruct.flags = (uint16_t)n1; - keystruct.protocol = (uint8_t)n2; - keystruct.algorithm = (uint8_t)n3; + keystruct.flags = (uint16_t)rdata1; + keystruct.protocol = (uint8_t)rdata2; + keystruct.algorithm = (uint8_t)rdata3; datastr = cfg_obj_asstring(cfg_tuple_get(key, "data")); CHECK(isc_base64_decodestring(datastr, &databuf)); @@ -834,19 +834,19 @@ ta_fromconfig(const cfg_obj_t *key, bool *initialp, dst_key_t **keyp, ISC_LINK_INIT(&ds->common, link); - if (n1 > 0xffff) { + if (rdata1 > 0xffff) { CHECKM(ISC_R_RANGE, "key tag"); } - if (n2 > 0xff) { + if (rdata2 > 0xff) { CHECKM(ISC_R_RANGE, "key algorithm"); } - if (n3 > 0xff) { + if (rdata3 > 0xff) { CHECKM(ISC_R_RANGE, "digest type"); } - ds->key_tag = (uint16_t)n1; - ds->algorithm = (uint8_t)n2; - ds->digest_type = (uint8_t)n3; + ds->key_tag = (uint16_t)rdata1; + ds->algorithm = (uint8_t)rdata2; + ds->digest_type = (uint8_t)rdata3; datastr = cfg_obj_asstring(cfg_tuple_get(key, "data")); CHECK(isc_hex_decodestring(datastr, &databuf)); @@ -868,6 +868,14 @@ ta_fromconfig(const cfg_obj_t *key, bool *initialp, dst_key_t **keyp, CHECK(ISC_R_UNEXPECTEDEND); } break; + default: + cfg_obj_log(key, named_g_lctx, ISC_LOG_ERROR, + "key '%s': " + "unknown ds digest type %u", + namestr, ds->digest_type); + result = ISC_R_FAILURE; + goto cleanup; + break; } ds->mctx = mctx; diff --git a/lib/bind9/check.c b/lib/bind9/check.c index 603ad4caee..e5097e8a62 100644 --- a/lib/bind9/check.c +++ b/lib/bind9/check.c @@ -3129,7 +3129,7 @@ check_trust_anchor(const cfg_obj_t *key, bool managed, isc_region_t r; isc_result_t result = ISC_R_SUCCESS; isc_result_t tresult; - uint32_t n1, n2, n3; + uint32_t rdata1, rdata2, rdata3; unsigned char data[4096]; const char *atstr = NULL; enum { @@ -3228,13 +3228,13 @@ check_trust_anchor(const cfg_obj_t *key, bool managed, }; /* if DNSKEY, flags; if DS, key tag */ - n1 = cfg_obj_asuint32(cfg_tuple_get(key, "n1")); + rdata1 = cfg_obj_asuint32(cfg_tuple_get(key, "rdata1")); /* if DNSKEY, protocol; if DS, algorithm */ - n2 = cfg_obj_asuint32(cfg_tuple_get(key, "n2")); + rdata2 = cfg_obj_asuint32(cfg_tuple_get(key, "rdata2")); /* if DNSKEY, algorithm; if DS, digest type */ - n3 = cfg_obj_asuint32(cfg_tuple_get(key, "n3")); + rdata3 = cfg_obj_asuint32(cfg_tuple_get(key, "rdata3")); namestr = cfg_obj_asstring(cfg_tuple_get(key, "name")); @@ -3283,23 +3283,23 @@ check_trust_anchor(const cfg_obj_t *key, bool managed, case INIT_DNSKEY: case STATIC_DNSKEY: case TRUSTED: - if (n1 > 0xffff) { + if (rdata1 > 0xffff) { cfg_obj_log(key, logctx, ISC_LOG_ERROR, - "flags too big: %u", n1); + "flags too big: %u", rdata1); result = ISC_R_RANGE; } - if (n1 & DNS_KEYFLAG_REVOKE) { + if (rdata1 & DNS_KEYFLAG_REVOKE) { cfg_obj_log(key, logctx, ISC_LOG_WARNING, "key flags revoke bit set"); } - if (n2 > 0xff) { + if (rdata2 > 0xff) { cfg_obj_log(key, logctx, ISC_LOG_ERROR, - "protocol too big: %u", n2); + "protocol too big: %u", rdata2); result = ISC_R_RANGE; } - if (n3 > 0xff) { + if (rdata3 > 0xff) { cfg_obj_log(key, logctx, ISC_LOG_ERROR, - "algorithm too big: %u\n", n3); + "algorithm too big: %u\n", rdata3); result = ISC_R_RANGE; } @@ -3315,7 +3315,7 @@ check_trust_anchor(const cfg_obj_t *key, bool managed, } else { isc_buffer_usedregion(&b, &r); - if ((n3 == DST_ALG_RSASHA1) && + if ((rdata3 == DST_ALG_RSASHA1) && r.length > 1 && r.base[0] == 1 && r.base[1] == 3) { cfg_obj_log(key, logctx, ISC_LOG_WARNING, @@ -3333,7 +3333,7 @@ check_trust_anchor(const cfg_obj_t *key, bool managed, (managed ? ROOT_KSK_MANAGED : ROOT_KSK_STATIC); - if (n1 == 257 && n2 == 3 && n3 == 8 && + if (rdata1 == 257 && rdata2 == 3 && rdata3 == 8 && (isc_buffer_usedlength(&b) == sizeof(root_ksk_2010)) && memcmp(data, root_ksk_2010, @@ -3342,7 +3342,7 @@ check_trust_anchor(const cfg_obj_t *key, bool managed, *flagsp |= ROOT_KSK_2010; } - if (n1 == 257 && n2 == 3 && n3 == 8 && + if (rdata1 == 257 && rdata2 == 3 && rdata3 == 8 && (isc_buffer_usedlength(&b) == sizeof(root_ksk_2017)) && memcmp(data, root_ksk_2017, @@ -3355,19 +3355,19 @@ check_trust_anchor(const cfg_obj_t *key, bool managed, case INIT_DS: case STATIC_DS: - if (n1 > 0xffff) { + if (rdata1 > 0xffff) { cfg_obj_log(key, logctx, ISC_LOG_ERROR, - "key tag too big: %u", n1); + "key tag too big: %u", rdata1); result = ISC_R_RANGE; } - if (n2 > 0xff) { + if (rdata2 > 0xff) { cfg_obj_log(key, logctx, ISC_LOG_ERROR, - "algorithm too big: %u\n", n2); + "algorithm too big: %u\n", rdata2); result = ISC_R_RANGE; } - if (n3 > 0xff) { + if (rdata3 > 0xff) { cfg_obj_log(key, logctx, ISC_LOG_ERROR, - "digest type too big: %u", 32); + "digest type too big: %u", rdata3); result = ISC_R_RANGE; } @@ -3389,7 +3389,7 @@ check_trust_anchor(const cfg_obj_t *key, bool managed, *flagsp |= (managed ? ROOT_KSK_MANAGED : ROOT_KSK_STATIC); - if (n1 == 20326 && n2 == 8 && n3 == 1 && + if (rdata1 == 20326 && rdata2 == 8 && rdata3 == 1 && (isc_buffer_usedlength(&b) == sizeof(root_ds_1_2017)) && memcmp(data, root_ds_1_2017, @@ -3398,7 +3398,7 @@ check_trust_anchor(const cfg_obj_t *key, bool managed, *flagsp |= ROOT_KSK_2017; } - if (n1 == 20326 && n2 == 8 && n3 == 2 && + if (rdata1 == 20326 && rdata2 == 8 && rdata3 == 2 && (isc_buffer_usedlength(&b) == sizeof(root_ds_2_2017)) && memcmp(data, root_ds_2_2017, diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index 81e5a1f487..e8838a24a1 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -446,9 +446,9 @@ static cfg_type_t cfg_type_category = { static cfg_tuplefielddef_t dnsseckey_fields[] = { { "name", &cfg_type_astring, 0 }, { "anchortype", &cfg_type_void, 0 }, - { "n1", &cfg_type_uint32, 0 }, - { "n2", &cfg_type_uint32, 0 }, - { "n3", &cfg_type_uint32, 0 }, + { "rdata1", &cfg_type_uint32, 0 }, + { "rdata2", &cfg_type_uint32, 0 }, + { "rdata3", &cfg_type_uint32, 0 }, { "data", &cfg_type_qstring, 0 }, { NULL, NULL, 0 } }; @@ -471,9 +471,9 @@ static cfg_type_t cfg_type_anchortype = { static cfg_tuplefielddef_t managedkey_fields[] = { { "name", &cfg_type_astring, 0 }, { "anchortype", &cfg_type_anchortype, 0 }, - { "n1", &cfg_type_uint32, 0 }, - { "n2", &cfg_type_uint32, 0 }, - { "n3", &cfg_type_uint32, 0 }, + { "rdata1", &cfg_type_uint32, 0 }, + { "rdata2", &cfg_type_uint32, 0 }, + { "rdata3", &cfg_type_uint32, 0 }, { "data", &cfg_type_qstring, 0 }, { NULL, NULL, 0 } };