Fix problem with --dnssec-timestamp

whereby receipt of SIGHUP would erroneously engage timestamp checking.

Fix problem with --dnssec-timestamp
whereby receipt of SIGHUP would erroneously engage timestamp checking.
06093a9a · Kevin Darbyshire-Bryant · Simon Kelley · 1d07667a · 06093a9a · 06093a9a
Commit 06093a9a authored Jul 11, 2016 by Kevin Darbyshire-Bryant Committed by Simon Kelley Jul 11, 2016
Show whitespace changes
Inline Side-by-side

Showing with 12 additions and 5 deletions

CHANGELOG CHANGELOG +4 -0

src/dnsmasq.c src/dnsmasq.c +4 -3

src/dnsmasq.h src/dnsmasq.h +1 -0

src/dnssec.c src/dnssec.c +3 -2

No files found.
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -17,6 +17,10 @@ version 2.77
 	    Thanks to Ivan Kokshaysky for the diagnosis and
 	    patch.

+ 	    Fix problem with --dnssec-timestamp whereby receipt
+            of SIGHUP would erroneously engage timestamp checking.
+	    Thanks to Kevin Darbyshire-Bryant for this work.
+	

 version 2.76
            Include 0.0.0.0/8 in DNS rebind checks. This range 

--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -750,7 +750,8 @@ int main (int argc, char **argv)
      
      my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
      
-      if (option_bool(OPT_DNSSEC_TIME))
+      daemon->dnssec_no_time_check = option_bool(OPT_DNSSEC_TIME);
+      if (option_bool(OPT_DNSSEC_TIME) && !daemon->back_to_the_future)
 	my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until first cache reload"));
      
      if (rc == 1)
@@ -1226,10 +1227,10 @@ static void async_event(int pipe, time_t now)
      {
      case EVENT_RELOAD:
 #ifdef HAVE_DNSSEC
-	if (option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
+	if (daemon->dnssec_no_time_check && option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
 	  {
 	    my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps"));
-	    reset_option_bool(OPT_DNSSEC_TIME);
+	    daemon->dnssec_no_time_check = 0;
 	  } 
 #endif
 	/* fall through */

--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -992,6 +992,7 @@ extern struct daemon {
 #endif
 #ifdef HAVE_DNSSEC
  struct ds_config *ds;
+  int dnssec_no_time_check;
  int back_to_the_future;
  char *timestamp_file;
 #endif

--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -522,15 +522,16 @@ static int check_date_range(u32 date_start, u32 date_end)
 	  if (utime(daemon->timestamp_file, NULL) != 0)
 	    my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
 	  
+	  my_syslog(LOG_INFO, _("system time considered valid, now checking DNSSEC signature timestamps."));
 	  daemon->back_to_the_future = 1;
-	  set_option_bool(OPT_DNSSEC_TIME);
+	  daemon->dnssec_no_time_check = 0;
 	  queue_event(EVENT_RELOAD); /* purge cache */
 	} 

      if (daemon->back_to_the_future == 0)
 	return 1;
    }
-  else if (option_bool(OPT_DNSSEC_TIME))
+  else if (daemon->dnssec_no_time_check)
    return 1;
  
  /* We must explicitly check against wanted values, because of SERIAL_UNDEF */