diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 08:46:54 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 08:46:54 +0000 |
| commit | 3c899afed505edf3514d43398c208378816a799e (patch) | |
| tree | 07e69c8a7ef5d952b411e76590c771be9ce83a71 /lib | |
| parent | Adding upstream version 5.7.1. (diff) | |
| download | knot-resolver-3c899afed505edf3514d43398c208378816a799e.tar.xz knot-resolver-3c899afed505edf3514d43398c208378816a799e.zip | |
Adding upstream version 5.7.2.upstream/5.7.2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
| -rw-r--r-- | lib/cache/api.c | 2 | ||||
| -rw-r--r-- | lib/dnssec.c | 13 |
2 files changed, 9 insertions, 6 deletions
diff --git a/lib/cache/api.c b/lib/cache/api.c index bb627ea..f71a8d0 100644 --- a/lib/cache/api.c +++ b/lib/cache/api.c @@ -40,7 +40,7 @@ /** Cache version */ -static const uint16_t CACHE_VERSION = 6; +static const uint16_t CACHE_VERSION = 7; /** Key size */ #define KEY_HSIZE (sizeof(uint8_t) + sizeof(uint16_t)) #define KEY_SIZE (KEY_HSIZE + KNOT_DNAME_MAXLEN) diff --git a/lib/dnssec.c b/lib/dnssec.c index 262570c..12b8f20 100644 --- a/lib/dnssec.c +++ b/lib/dnssec.c @@ -240,8 +240,11 @@ fail: return NULL; } -/// Return if we want to afford yet another crypto-validation (and account it). -static bool check_crypto_limit(const kr_rrset_validation_ctx_t *vctx) +/** Checks whether we want to allow yet another crypto-validation and if yes, + * decrements the remaining number of allowed validations. + * + * Returns `true` if the crypto-validation is allowed; otherwise false */ +static bool account_crypto_limit(kr_rrset_validation_ctx_t *vctx) { if (vctx->limit_crypto_remains == NULL) return true; // no limiting @@ -281,7 +284,7 @@ static int kr_svldr_rrset_with_key(knot_rrset_t *rrs, const knot_rdataset_t *rrs } else if (retv != 0) { continue; } - if (!check_crypto_limit(vctx)) + if (!account_crypto_limit(vctx)) return vctx->result = kr_error(E2BIG); // We only expect non-expanded wildcard records in input; // that also means we don't need to perform non-existence proofs. @@ -392,7 +395,7 @@ static int kr_rrset_validate_with_key(kr_rrset_validation_ctx_t *vctx, break; } } - if (!check_crypto_limit(vctx)) { + if (!account_crypto_limit(vctx)) { vctx->result = kr_error(E2BIG); goto finish; } @@ -477,7 +480,7 @@ int kr_dnskeys_trusted(kr_rrset_validation_ctx_t *vctx, const knot_rdataset_t *s ret = kr_svldr_rrset_with_key(keys, sigs, vctx, &key); svldr_key_del(&key); if (ret == 0 || ret == kr_error(E2BIG)) { - kr_assert(vctx->result == 0); + kr_assert(vctx->result == ret); return vctx->result; } } |