mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-20 23:00:56 -05:00
- lex fix
- unsecure validation neater - const cast warning removal git-svn-id: file:///svn/unbound/trunk@702 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards
parent
f22716c237
commit
086b257b1d
7 changed files with 20 additions and 25 deletions
|
|
@ -143,8 +143,7 @@ util/config_file.c: util/configparser.h
|
|||
util/configlexer.c: $(srcdir)/util/configlexer.lex util/configparser.h
|
||||
$(INFO) Lex $<
|
||||
ifeq "$(strip $(LEX))" ":"
|
||||
$Qecho "Need to rebuild lexer, but no lex program"
|
||||
exit 1
|
||||
$Qecho "rebuild lexer, but no lex program, skipped"
|
||||
else
|
||||
@if test ! -d util; then $(INSTALL) -d util; fi
|
||||
$Qecho "#include \"util/configyyrename.h\"" > $@
|
||||
|
|
|
|||
|
|
@ -138,7 +138,7 @@ morechecks(struct config_file* cfg)
|
|||
|
||||
/** check config file */
|
||||
static void
|
||||
checkconf(const char* cfgfile)
|
||||
checkconf(char* cfgfile)
|
||||
{
|
||||
struct config_file* cfg = config_create();
|
||||
if(!cfg)
|
||||
|
|
|
|||
|
|
@ -304,7 +304,7 @@ do_chroot(struct daemon* daemon, struct config_file* cfg, int debug_mode)
|
|||
* @param debug_mode: if set, do not daemonize.
|
||||
*/
|
||||
static void
|
||||
run_daemon(const char* cfgfile, int cmdline_verbose, int debug_mode)
|
||||
run_daemon(char* cfgfile, int cmdline_verbose, int debug_mode)
|
||||
{
|
||||
struct config_file* cfg = NULL;
|
||||
struct daemon* daemon = NULL;
|
||||
|
|
@ -360,7 +360,7 @@ int
|
|||
main(int argc, char* argv[])
|
||||
{
|
||||
int c;
|
||||
const char* cfgfile = NULL;
|
||||
char* cfgfile = NULL;
|
||||
int cmdline_verbose = 0;
|
||||
int debug_mode = 0;
|
||||
|
||||
|
|
|
|||
|
|
@ -4,6 +4,9 @@
|
|||
and config.h.in.
|
||||
- added yacc/lex generated files, util/configlexer.c,
|
||||
util/configparser.c util/configparser.h, to svn.
|
||||
- without lex no attempt to use it.
|
||||
- unsecure response validation collated into one block.
|
||||
- remove warning about const cast of cfgfile name.
|
||||
|
||||
18 October 2007: Wouter
|
||||
- addresses are logged with errors.
|
||||
|
|
|
|||
|
|
@ -145,7 +145,7 @@ create_cfg_parser(struct config_file* cfg, char* filename)
|
|||
}
|
||||
|
||||
int
|
||||
config_read(struct config_file* cfg, const char* filename)
|
||||
config_read(struct config_file* cfg, char* filename)
|
||||
{
|
||||
FILE *in;
|
||||
if(!filename)
|
||||
|
|
@ -155,7 +155,7 @@ config_read(struct config_file* cfg, const char* filename)
|
|||
log_err("Could not open %s: %s", filename, strerror(errno));
|
||||
return 0;
|
||||
}
|
||||
create_cfg_parser(cfg, (char*)filename);
|
||||
create_cfg_parser(cfg, filename);
|
||||
ub_c_in = in;
|
||||
ub_c_parse();
|
||||
fclose(in);
|
||||
|
|
|
|||
|
|
@ -209,7 +209,7 @@ struct config_file* config_create();
|
|||
* @param filename: name of configfile. If NULL nothing is done.
|
||||
* @return: false on error.
|
||||
*/
|
||||
int config_read(struct config_file* config, const char* filename);
|
||||
int config_read(struct config_file* config, char* filename);
|
||||
|
||||
/**
|
||||
* Destroy the config file structure.
|
||||
|
|
|
|||
|
|
@ -1348,20 +1348,21 @@ processValidate(struct module_qstate* qstate, struct val_qstate* vq,
|
|||
/* This is the default next state. */
|
||||
vq->state = VAL_FINISHED_STATE;
|
||||
|
||||
/* signerName being null is the indicator that this response was
|
||||
* unsigned */
|
||||
if(vq->signer_name == NULL) {
|
||||
log_query_info(VERB_ALGO, "processValidate: state has no "
|
||||
"signer name", &vq->qchase);
|
||||
/* Unsigned responses must be underneath a "null" key entry.*/
|
||||
if(key_entry_isnull(vq->key_entry)) {
|
||||
verbose(VERB_ALGO, "Unsigned response was proven to "
|
||||
"be validly INSECURE");
|
||||
verbose(VERB_ALGO, "Verified that %sresponse is INSECURE",
|
||||
vq->signer_name?"":"unsigned ");
|
||||
vq->chase_reply->security = sec_status_insecure;
|
||||
val_mark_insecure(vq->chase_reply, vq->key_entry,
|
||||
qstate->env->rrset_cache);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* signerName being null is the indicator that this response was
|
||||
* unsigned */
|
||||
if(vq->signer_name == NULL) {
|
||||
log_query_info(VERB_ALGO, "processValidate: state has no "
|
||||
"signer name", &vq->qchase);
|
||||
verbose(VERB_DETAIL, "Could not establish validation of "
|
||||
"INSECURE status of unsigned response.");
|
||||
vq->chase_reply->security = sec_status_bogus;
|
||||
|
|
@ -1376,14 +1377,6 @@ processValidate(struct module_qstate* qstate, struct val_qstate* vq,
|
|||
return 1;
|
||||
}
|
||||
|
||||
if(key_entry_isnull(vq->key_entry)) {
|
||||
verbose(VERB_ALGO, "Verified that response is INSECURE");
|
||||
vq->chase_reply->security = sec_status_insecure;
|
||||
val_mark_insecure(vq->chase_reply, vq->key_entry,
|
||||
qstate->env->rrset_cache);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* check signatures in the message;
|
||||
* answer and authority must be valid, additional is only checked. */
|
||||
if(!validate_msg_signatures(qstate->env, ve, &vq->qchase,
|
||||
|
|
|
|||
Loading…
Reference in a new issue