summaryrefslogtreecommitdiffstats
path: root/lib/dnssec.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 08:46:54 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 08:46:54 +0000
commit3c899afed505edf3514d43398c208378816a799e (patch)
tree07e69c8a7ef5d952b411e76590c771be9ce83a71 /lib/dnssec.c
parentAdding upstream version 5.7.1. (diff)
downloadknot-resolver-3c899afed505edf3514d43398c208378816a799e.tar.xz
knot-resolver-3c899afed505edf3514d43398c208378816a799e.zip
Adding upstream version 5.7.2.upstream/5.7.2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'lib/dnssec.c')
-rw-r--r--lib/dnssec.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/lib/dnssec.c b/lib/dnssec.c
index 262570c..12b8f20 100644
--- a/lib/dnssec.c
+++ b/lib/dnssec.c
@@ -240,8 +240,11 @@ fail:
return NULL;
}
-/// Return if we want to afford yet another crypto-validation (and account it).
-static bool check_crypto_limit(const kr_rrset_validation_ctx_t *vctx)
+/** Checks whether we want to allow yet another crypto-validation and if yes,
+ * decrements the remaining number of allowed validations.
+ *
+ * Returns `true` if the crypto-validation is allowed; otherwise false */
+static bool account_crypto_limit(kr_rrset_validation_ctx_t *vctx)
{
if (vctx->limit_crypto_remains == NULL)
return true; // no limiting
@@ -281,7 +284,7 @@ static int kr_svldr_rrset_with_key(knot_rrset_t *rrs, const knot_rdataset_t *rrs
} else if (retv != 0) {
continue;
}
- if (!check_crypto_limit(vctx))
+ if (!account_crypto_limit(vctx))
return vctx->result = kr_error(E2BIG);
// We only expect non-expanded wildcard records in input;
// that also means we don't need to perform non-existence proofs.
@@ -392,7 +395,7 @@ static int kr_rrset_validate_with_key(kr_rrset_validation_ctx_t *vctx,
break;
}
}
- if (!check_crypto_limit(vctx)) {
+ if (!account_crypto_limit(vctx)) {
vctx->result = kr_error(E2BIG);
goto finish;
}
@@ -477,7 +480,7 @@ int kr_dnskeys_trusted(kr_rrset_validation_ctx_t *vctx, const knot_rdataset_t *s
ret = kr_svldr_rrset_with_key(keys, sigs, vctx, &key);
svldr_key_del(&key);
if (ret == 0 || ret == kr_error(E2BIG)) {
- kr_assert(vctx->result == 0);
+ kr_assert(vctx->result == ret);
return vctx->result;
}
}