summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 08:47:11 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 08:47:11 +0000
commitfa4b01ee7d479f7186d3a1a9c9eaf5211a3521ac (patch)
treeac80b66e9ade699a7a2b02492a4795838be0f6f3 /lib
parentAdding debian version 5.7.1-1. (diff)
downloadknot-resolver-fa4b01ee7d479f7186d3a1a9c9eaf5211a3521ac.tar.xz
knot-resolver-fa4b01ee7d479f7186d3a1a9c9eaf5211a3521ac.zip
Merging upstream version 5.7.2.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'lib')
-rw-r--r--lib/cache/api.c2
-rw-r--r--lib/dnssec.c13
2 files changed, 9 insertions, 6 deletions
diff --git a/lib/cache/api.c b/lib/cache/api.c
index bb627ea..f71a8d0 100644
--- a/lib/cache/api.c
+++ b/lib/cache/api.c
@@ -40,7 +40,7 @@
/** Cache version */
-static const uint16_t CACHE_VERSION = 6;
+static const uint16_t CACHE_VERSION = 7;
/** Key size */
#define KEY_HSIZE (sizeof(uint8_t) + sizeof(uint16_t))
#define KEY_SIZE (KEY_HSIZE + KNOT_DNAME_MAXLEN)
diff --git a/lib/dnssec.c b/lib/dnssec.c
index 262570c..12b8f20 100644
--- a/lib/dnssec.c
+++ b/lib/dnssec.c
@@ -240,8 +240,11 @@ fail:
return NULL;
}
-/// Return if we want to afford yet another crypto-validation (and account it).
-static bool check_crypto_limit(const kr_rrset_validation_ctx_t *vctx)
+/** Checks whether we want to allow yet another crypto-validation and if yes,
+ * decrements the remaining number of allowed validations.
+ *
+ * Returns `true` if the crypto-validation is allowed; otherwise false */
+static bool account_crypto_limit(kr_rrset_validation_ctx_t *vctx)
{
if (vctx->limit_crypto_remains == NULL)
return true; // no limiting
@@ -281,7 +284,7 @@ static int kr_svldr_rrset_with_key(knot_rrset_t *rrs, const knot_rdataset_t *rrs
} else if (retv != 0) {
continue;
}
- if (!check_crypto_limit(vctx))
+ if (!account_crypto_limit(vctx))
return vctx->result = kr_error(E2BIG);
// We only expect non-expanded wildcard records in input;
// that also means we don't need to perform non-existence proofs.
@@ -392,7 +395,7 @@ static int kr_rrset_validate_with_key(kr_rrset_validation_ctx_t *vctx,
break;
}
}
- if (!check_crypto_limit(vctx)) {
+ if (!account_crypto_limit(vctx)) {
vctx->result = kr_error(E2BIG);
goto finish;
}
@@ -477,7 +480,7 @@ int kr_dnskeys_trusted(kr_rrset_validation_ctx_t *vctx, const knot_rdataset_t *s
ret = kr_svldr_rrset_with_key(keys, sigs, vctx, &key);
svldr_key_del(&key);
if (ret == 0 || ret == kr_error(E2BIG)) {
- kr_assert(vctx->result == 0);
+ kr_assert(vctx->result == ret);
return vctx->result;
}
}