mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Code Issues Releases Wiki Activity
31,162 Commits 659 Branches 820 Tags
5071c47fbdfe5621dc4b1ab77bc2e5e5dd3b76d3
Commit Graph

212 Commits

Author SHA1 Message Date
Evan Hunt
ba0313e649 fix spelling errors reported by Fossies. 2020-02-21 15:05:08 +11:00
Ondřej Surý
5777c44ad0 Reformat using the new rules 2020-02-14 09:31:05 +01:00
Evan Hunt
e851ed0bb5 apply the modified style 2020-02-13 15:05:06 -08:00
Ondřej Surý
056e133c4c Use clang-tidy to add curly braces around one-line statements 
The command used to reformat the files in this commit was:

./util/run-clang-tidy \
	-clang-tidy-binary clang-tidy-11
	-clang-apply-replacements-binary clang-apply-replacements-11 \
	-checks=-*,readability-braces-around-statements \
	-j 9 \
	-fix \
	-format \
	-style=file \
	-quiet
clang-format -i --style=format $(git ls-files '*.c' '*.h')
uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h')
clang-format -i --style=format $(git ls-files '*.c' '*.h')
 2020-02-13 22:07:21 +01:00
Ondřej Surý
f50b1e0685 Use clang-format to reformat the source files 2020-02-12 15:04:17 +01:00
Ondřej Surý
c73e5866c4 Refactor the isc_buffer_allocate() usage using the semantic patch 
The isc_buffer_allocate() function now cannot fail with ISC_R_MEMORY.
This commit removes all the checks on the return code using the semantic
patch from previous commit, as isc_buffer_allocate() now returns void.
 2020-02-03 08:29:00 +01:00
Ondřej Surý
6afa99362a Remove duplicate INSIST checks for isc_refcount API 
This commits removes superfluous checks when using the isc_refcount API.

Examples of superfluous checks:

1. The isc_refcount_decrement function ensures there was not underflow,
   so this check is superfluous:

    INSIST(isc_refcount_decrement(&r) > 0);

2 .The isc_refcount_destroy() includes check whether the counter
   is zero, therefore this is superfluous:

    INSIST(isc_refcount_decrement(&r) == 1 && isc_refcount_destroy(&r));
 2020-01-14 13:12:13 +01:00
Ondřej Surý
fbf9856f43 Add isc_refcount_destroy() as appropriate 2020-01-14 13:12:13 +01:00
Ondřej Surý
edd97cddc1 Refactor dns_name_dup() usage using the semantic patch 2019-11-29 14:00:37 +01:00
Ondřej Surý
8f2ad12d0a lib/dns/tsig.c: Suppress Cppcheck false positive error uninitStructMember 2019-10-03 09:04:27 +02:00
Ondřej Surý
2e304b0b7f Change dns_tsigkey_identity from macro to a function and const argument and result 2019-10-03 09:04:26 +02:00
Evan Hunt
c48979e6c5 simplify dns_rbtnodechain_init() by removing unnecessary 'mctx' parameter 2019-08-29 10:03:36 -07:00
Ondřej Surý
ae83801e2b Remove blocks checking whether isc_mem_get() failed using the coccinelle 2019-07-23 15:32:35 -04:00
Ondřej Surý
3c30d095c4 lib/dns/tsig.c: use isc_refcount_t 2019-07-09 16:11:14 +02:00
Ondřej Surý
78d0cb0a7d Use coccinelle to remove explicit '#include <config.h>' from the source files 2019-03-08 15:15:05 +01:00
Mark Andrews
4938f97c97 record when querytsig is valid 2019-02-18 17:39:08 -05:00
Matthijs Mekking
b05a095a3e Harden checks 2019-01-30 11:46:43 -08:00
Evan Hunt
13c799267b remove the 'new_tsigkey' exception, allow TSIG to be set any time 
this allows 'dns_message_settsigkey()' to be run any time after
parsing without having to set a special flag in the message object.
 2019-01-30 11:46:11 -08:00
Evan Hunt
33ec311332 allow TSIG key to be added to message structure after parsing 
up until now, message->tsigkey could only be set during parsing
of the request, but gss-tsig allows one to be created afterward.

this commit adds a new flag to the message structure, `new_tsigkey`,
which indicates that in this case it's okay for `dns_message_settsigkey()`
to be run on a message after parsing, without hitting any assertions due
to the lack of a TSIG in the request. this allows us to keep the current
restriction in place generally, but add an exception for TKEY processing.
it's probably better to just remove the restriction entirely (see next
commit).
 2019-01-30 11:46:11 -08:00
Ondřej Surý
b2b43fd235 Turn (int & flag) into (int & flag) != 0 when implicitly typed to bool 2018-11-08 12:21:53 +07:00
Ondřej Surý
0f24c55d38 Refactor *_destroy and *_detach functions to unified order of actions. 
This properly orders clearing the freed pointer and calling isc_refcount_destroy
as early as possible to have ability to put proper memory barrier when cleaning
up reference counting.
 2018-08-28 13:15:59 +02:00
Ondřej Surý
bef8ac5bae Rewrite isc_refcount API to fetch_and_<op>, instead of former <op>_and_<fetch> 2018-08-28 12:15:39 +02:00
Ondřej Surý
0a7535ac81 isc_refcount_init() now doesn't return isc_result_t and asserts on failed initialization 2018-08-28 12:15:39 +02:00
Ondřej Surý
994e656977 Replace custom isc_boolean_t with C standard bool type 2018-08-08 09:37:30 +02:00
Ondřej Surý
cb6a185c69 Replace custom isc_u?intNN_t types with C99 u?intNN_t types 2018-08-08 09:37:28 +02:00
Ondřej Surý
c3b8130fe8 Make OpenSSL mandatory 2018-07-19 12:47:03 -04:00
Michał Kępień
4df4a8e731 Use dns_fixedname_initname() where possible 
Replace dns_fixedname_init() calls followed by dns_fixedname_name()
calls with calls to dns_fixedname_initname() where it is possible
without affecting current behavior and/or performance.

This patch was mostly prepared using Coccinelle and the following
semantic patch:

    @@
    expression fixedname, name;
    @@
    -	dns_fixedname_init(&fixedname);
    	...
    -	name = dns_fixedname_name(&fixedname);
    +	name = dns_fixedname_initname(&fixedname);

The resulting set of changes was then manually reviewed to exclude false
positives and apply minor tweaks.

It is likely that more occurrences of this pattern can be refactored in
an identical way.  This commit only takes care of the low-hanging fruit.
 2018-04-09 12:14:16 +02:00
Witold Kręcicki
702c022016 libdns refactoring: get rid of multiple versions of dns_xfrin_create, dst_key_generate, dst_lib_init and dst_context_create 2018-04-06 08:04:41 +02:00
Ondřej Surý
843d389661 Update license headers to not include years in copyright in all applicable files 2018-02-23 10:12:02 +01:00
Mark Andrews
3d905e0533 4817. [cleanup] Use DNS_NAME_INITABSOLUTE and DNS_NAME_INITNONABSOLUTE. 
[RT #45433]
 2017-11-13 16:58:12 +11:00
Evan Hunt
114f95089c [master] cleanup strcat/strcpy 
4722.	[cleanup]	Clean up uses of strcpy() and strcat() in favor of
			strlcpy() and strlcat() for safety. [RT #45981]
 2017-09-13 00:14:37 -07:00
Mark Andrews
34130ee25a 4719. [bug] Address PVS static analyzer warnings. [RT #45946] 2017-09-13 09:50:51 +10:00
Evan Hunt
60387eb495 [master] windows can't cope with #ifdef in a macro expansion 2017-09-07 21:02:17 -07:00
Evan Hunt
e90926bb9e [master] refactor tsig.c 
4701.	[cleanup]	Refactored lib/dns/tsig.c to reduce code
			duplication and simplify the disabling of MD5.
			[RT #45490]
 2017-09-06 10:57:40 -07:00
Evan Hunt
0ad72b96d2 [master] ensure verified_sig 
4670.	[cleanup]	Ensure that a request MAC is never sent back
			in an XFR response unless the signature was
                        verified. [RT #45494]
 2017-08-07 18:54:05 -07:00
Mark Andrews
58f0fb325b 4647. [bug] Change 4643 broke verification of TSIG signed TCP 
message sequences where not all the messages contain
                        TSIG records.  These may be used in AXFR and IXFR
                        responses.  [RT #45509]
 2017-07-07 23:19:05 +10:00
Evan Hunt
b2018b7cff [master] complete change #4643 2017-06-28 09:11:49 -07:00
Evan Hunt
581c1526ab [master] address TSIG bypass/forgery vulnerabilities 
4643.	[security]	An error in TSIG handling could permit unauthorized
			zone transfers or zone updates. (CVE-2017-3142)
			(CVE-2017-3143) [RT #45383]
 2017-06-27 11:39:19 -07:00
Tinderbox User
9748633ce6 update copyright notice / whitespace 2017-01-06 23:45:26 +00:00
Mark Andrews
ea7d5332a6 address memory leak [RT #44072] 2017-01-06 18:48:37 +11:00
Mark Andrews
52e2aab392 4546. [func] Extend the use of const declarations. [RT #43379] 2016-12-30 15:45:08 +11:00
Mark Andrews
61463ab7a4 4482. [bug] Address use before require check and remove extraneous 
dns_message_gettsigkey call in dns_tsig_sign.
                        [RT #43374]
 2016-10-11 14:40:29 +11:00
Mark Andrews
8ee6f289d8 4450. [port] Provide more nuanced HSM support which better matches 
the specific PKCS11 providers capabilities. [RT #42458]
 2016-08-19 08:02:51 +10:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Evan Hunt
a32b6291aa [master] address regression 
4126.	[bug]		Addressed a regression introduced in change #4121.
			[RT #39611]
 2015-05-26 19:11:08 -07:00
Mukund Sivaraman
f5a62d97e3 Fix -Wshadow warnings (#38762) 
These happen due to ntohs()/htons() macro expansion in glibc.
 2015-03-09 09:23:46 +05:30
Tinderbox User
811acf52b8 update copyright notice / whitespace 2015-03-04 23:45:21 +00:00
Mark Andrews
29d52c001f 4081. [cleanup] Use dns_rdatalist_init consistently. [RT #38759] 2015-03-03 16:43:42 +11:00
Mark Andrews
c2f8108123 3996. [bug] Address use after free on out of memory error in 
keyring_add. [RT #37639]
 2014-10-31 11:44:09 +11:00
Evan Hunt
6896fdd3b2 [master] spelling 2014-09-15 18:18:12 -07:00