Return configured DNSKEYs even though we don't have RRSIGS for them.

5f938534 · Simon Kelley · 8d718cbb · 5f938534 · 5f938534 · 5f938534
Commit 5f938534 authored Feb 03, 2014 by Simon Kelley
Show whitespace changes
Inline Side-by-side

Showing with 68 additions and 66 deletions

src/blockdata.c src/blockdata.c +1 -2

src/cache.c src/cache.c +1 -1

src/rfc1035.c src/rfc1035.c +66 -63

No files found.
--- a/src/blockdata.c
+++ b/src/blockdata.c
@@ -73,8 +73,7 @@ struct blockdata *blockdata_alloc(char *data, size_t len)
 	  keyblock_free = block->next;
 	  blockdata_count++; 
 	}
-	  
-      if (!block)
+      else
 	{
 	  /* failed to alloc, free partial chain */
 	  blockdata_free(ret);

--- a/src/cache.c
+++ b/src/cache.c
@@ -486,7 +486,7 @@ struct crec *cache_insert(char *name, struct all_addr *addr,
 	   insert. Once in this state, all inserts will probably fail. */
 	if (free_avail)
 	  {
-	    static warned = 0;
+	    static int warned = 0;
 	    if (!warned)
 	      {
 		my_syslog(LOG_ERR, _("Internal error in cache."));

--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1553,23 +1553,24 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 #ifdef HAVE_DNSSEC
      if (option_bool(OPT_DNSSEC_VALID) && (qtype == T_DNSKEY || qtype == T_DS || qtype == T_RRSIG))
 	{
-	  int gotone = 0;
+	  int gotone = 0, have_rrsig = 0;
 	  struct blockdata *keydata;

 	  /* Do we have RRSIG? Can't do DS or DNSKEY otherwise. */
 	  crecp = NULL;
 	  while ((crecp = cache_find_by_name(crecp, name, now, F_DNSKEY | F_DS)))
 	    if (crecp->uid == qclass && (qtype == T_RRSIG || crecp->addr.sig.type_covered == qtype))
+	      {
+		have_rrsig = 1;
 		break;
+	      }
 	  
-	  if (crecp)
-	    {
-	      if (qtype == T_RRSIG)
+	  if (qtype == T_RRSIG && have_rrsig)
 	    {
 	      ans = gotone = 1;
 	      auth = 0;
 	    }
-	      else if (qtype == T_DS)
+	  else if (qtype == T_DS && have_rrsig)
 	    {
 	      auth = 0;
 	      crecp = NULL;
@@ -1596,10 +1597,12 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 	      crecp = NULL;
 	      while ((crecp = cache_find_by_name(crecp, name, now, F_DNSKEY)))
 		if (crecp->uid == qclass)
+		  {
+		    if ((crecp->flags & F_CONFIG) || have_rrsig) /* Return configured keys without an RRISG */
 		      {
 			if (!(crecp->flags & F_CONFIG))
-			    auth = 0;
-			  ans = gotone = 1;
+			  auth = 0, gotone = 1;
+			ans = 1;
 			if (!dryrun && (keydata = blockdata_retrieve(crecp->addr.key.keydata, crecp->addr.key.keylen, NULL)))
 			  {			     			      
 			    struct all_addr a;
@@ -1613,6 +1616,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 			  }
 		      }
 		  }
+	    }
 	      
 	  /* Now do RRSIGs */
 	  if (gotone)
@@ -1637,7 +1641,6 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 		  }
 	    }
 	}
-	}
 #endif	     
      
      if (qclass == C_IN)