Code cleanup.v2.69test9

author: Simon Kelley <simon@thekelleys.org.uk> 2014-02-24 21:01:09 +0000
committer: Simon Kelley <simon@thekelleys.org.uk> 2014-02-24 21:01:09 +0000
commit: a857daa3511eebbbf63bc894695f4bfc790b2246 (patch)
tree: bb1a0b24a6d7dfc966bdacdbfc42116dd75c577c
parent: f01d7be6c647cc41f4911cdedadf739e24b08f28 (diff)
download: dnsmasq-a857daa3511eebbbf63bc894695f4bfc790b2246.tar.gz
1 files changed, 34 insertions, 47 deletions
diff --git a/src/dnssec.c b/src/dnssec.c
index 7c09d0d..399bc19 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -1272,8 +1272,7 @@ static int prove_non_existance_nsec(struct dns_header *header, size_t plen, unsi
 	      if (p[0] == type >> 8)
 		{
 		  /* Does the NSEC say our type exists? */
-		  if (offset < p[1] &&
-		      (p[offset+2] & mask) != 0)
+		  if (offset < p[1] && (p[offset+2] & mask) != 0)
 		    return STAT_BOGUS;
 		  
 		  break; /* finshed checking */
@@ -1334,16 +1333,11 @@ static int hash_name(char *in, unsigned char **out, struct nettle_hash const *ha
 /* Decode base32 to first "." or end of string */
 static int base32_decode(char *in, unsigned char *out)
 {
-  int oc = 0, on = 0, c, mask, i;
+  int oc, on, c, mask, i;
   unsigned char *p = out;
  
-  while (1) 
+  for (c = *in, oc = 0, on = 0; c != 0 && c != '.'; c = *++in) 
     {
-      c = *in++;
-
-      if (c == 0 || c == '.')
-	break;
-
       if (c >= '0' && c <= '9')
 	c -= '0';
       else if (c >= 'a' && c <= 'v')
@@ -1355,12 +1349,12 @@ static int base32_decode(char *in, unsigned char *out)
       
       for (mask = 0x10, i = 0; i < 5; i++)
         {
-         if (c & mask)
-	   oc |= 1;
-	 mask = mask >> 1;
-	 if (((++on) & 7) == 0)
-	  *p++ = oc;
-	 oc = oc << 1;
+	  if (c & mask)
+	    oc |= 1;
+	  mask = mask >> 1;
+	  if (((++on) & 7) == 0)
+	    *p++ = oc;
+	  oc = oc << 1;
 	}
     }
   
@@ -1373,8 +1367,8 @@ static int base32_decode(char *in, unsigned char *out)
 static int prove_non_existance_nsec3(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
 				     char *workspace1, char *workspace2, char *name, int type)
 {
-  unsigned char *salt, *p, *digest, hash_len;
-  int digest_size, i, iterations, salt_len, algo = 0;
+  unsigned char *salt, *p, *digest;
+  int digest_len, i, iterations, salt_len, hash_len, base32_len, algo = 0;
   struct nettle_hash const *hash;
   char *closest_encloser, *next_closest, *wildcard;
  
@@ -1426,7 +1420,7 @@ static int prove_non_existance_nsec3(struct dns_header *header, size_t plen, uns
  
       p++; /* flags */
       
-      GETSHORT (this_iter, p);
+      GETSHORT(this_iter, p);
       if (this_iter != iterations)
 	continue;
 
@@ -1456,20 +1450,18 @@ static int prove_non_existance_nsec3(struct dns_header *header, size_t plen, uns
       if (*closest_encloser == '.')
 	closest_encloser++;
 
-      if ((digest_size = hash_name(closest_encloser, &digest, hash, salt, salt_len, iterations)) == 0)
+      if ((digest_len = hash_name(closest_encloser, &digest, hash, salt, salt_len, iterations)) == 0)
 	return STAT_INSECURE;
       
       for (i = 0; i < nsec_count; i++)
 	if ((p = nsecs[i]))
 	  {
-	    int base32_size;
-	    
 	    if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
-		!(base32_size = base32_decode(workspace1, (unsigned char *)workspace2)))
+		!(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
 	      return STAT_INSECURE;
 	  
-	    if (digest_size == base32_size &&
-		memcmp(digest, workspace2, digest_size) == 0)
+	    if (digest_len == base32_len &&
+		memcmp(digest, workspace2, digest_len) == 0)
 	      break; /* Gotit */
 	  }
       
@@ -1488,7 +1480,7 @@ static int prove_non_existance_nsec3(struct dns_header *header, size_t plen, uns
     {
       /* We found an NSEC3 whose hashed name exactly matches the query, so
 	 Now we just need to check the type map. p points to the RR data for the record. */
-      int hash_len, rdlen;
+      int rdlen;
       unsigned char *psave;
       int offset = (type & 0xff) >> 3;
       int mask = 0x80 >> (type & 0x07);
@@ -1510,9 +1502,8 @@ static int prove_non_existance_nsec3(struct dns_header *header, size_t plen, uns
 	  
 	  if (p[0] == type >> 8)
 	    {
-	      /* Does the NSEC say our type exists? */
-	      if (offset < p[1] &&
-		  (p[offset+2] & mask) != 0)
+	      /* Does the NSEC3 say our type exists? */
+	      if (offset < p[1] && (p[offset+2] & mask) != 0)
 		return STAT_BOGUS;
 	      
 	      break; /* finshed checking */
@@ -1526,16 +1517,14 @@ static int prove_non_existance_nsec3(struct dns_header *header, size_t plen, uns
     }
 
   /* Look for NSEC3 that proves the non-existance of the next-closest encloser */
-  if ((digest_size = hash_name(next_closest, &digest, hash, salt, salt_len, iterations)) == 0)
+  if ((digest_len = hash_name(next_closest, &digest, hash, salt, salt_len, iterations)) == 0)
     return STAT_INSECURE;
 
   for (i = 0; i < nsec_count; i++)
     if ((p = nsecs[i]))
       {
-	int base32_size;
-	
-	if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
-	    !(base32_size = base32_decode(workspace1, (unsigned char *)workspace2)))
+       	if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
+	    !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
 	  return STAT_INSECURE;
 	   
 	p += 15 + salt_len; /* class, type, TTL, rdlen, algo, flags, iterations, salt_len, salt */
@@ -1544,19 +1533,19 @@ static int prove_non_existance_nsec3(struct dns_header *header, size_t plen, uns
 	if (!CHECK_LEN(header, p, plen, hash_len))
 	  return STAT_INSECURE;
 	
-	if (digest_size == base32_size && hash_len == base32_size)
+	if (digest_len == base32_len && hash_len == base32_len)
 	  {
-	    if (memcmp(workspace2, digest, digest_size) <= 0)
+	    if (memcmp(workspace2, digest, digest_len) <= 0)
 	      {
 		/* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
 		   wrap around case, name-hash falls between NSEC3 name-hash and end */
-		if (memcmp(p, digest, digest_size) > 0 || memcmp(workspace2, p, digest_size) > 0)
+		if (memcmp(p, digest, digest_len) > 0 || memcmp(workspace2, p, digest_len) > 0)
 		  return STAT_SECURE;
 	      }
 	    else 
 	      {
 		/* wrap around case, name falls between start and next domain name */
-		if (memcmp(workspace2, p, digest_size) > 0 && memcmp(p, digest, digest_size) > 0)
+		if (memcmp(workspace2, p, digest_len) > 0 && memcmp(p, digest, digest_len) > 0)
 		  return STAT_SECURE;
 	      }
 	  }
@@ -1569,16 +1558,14 @@ static int prove_non_existance_nsec3(struct dns_header *header, size_t plen, uns
   wildcard--;
   *wildcard = '*';
   
-  if ((digest_size = hash_name(wildcard, &digest, hash, salt, salt_len, iterations)) == 0)
+  if ((digest_len = hash_name(wildcard, &digest, hash, salt, salt_len, iterations)) == 0)
     return STAT_INSECURE;
   
   for (i = 0; i < nsec_count; i++)
     if ((p = nsecs[i]))
       {
-	int base32_size;
-	
 	if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
-	    !(base32_size = base32_decode(workspace1, (unsigned char *)workspace2)))
+	    !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
 	  return STAT_INSECURE;
 	   
 	p += 15 + salt_len; /* class, type, TTL, rdlen, algo, flags, iterations, salt_len, salt */
@@ -1587,19 +1574,19 @@ static int prove_non_existance_nsec3(struct dns_header *header, size_t plen, uns
 	if (!CHECK_LEN(header, p, plen, hash_len))
 	  return STAT_INSECURE;
 	
-	if (digest_size == base32_size && hash_len == base32_size)
+	if (digest_len == base32_len && hash_len == base32_len)
 	  {
-	    if (memcmp(workspace2, digest, digest_size) <= 0)
+	    if (memcmp(workspace2, digest, digest_len) <= 0)
 	      {
 		/* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
 		   wrap around case, name-hash falls between NSEC3 name-hash and end */
-		if (memcmp(p, digest, digest_size) > 0 || memcmp(workspace2, p, digest_size) > 0)
+		if (memcmp(p, digest, digest_len) > 0 || memcmp(workspace2, p, digest_len) > 0)
 		  return STAT_SECURE;
 	      }
 	    else 
 	      {
 		/* wrap around case, name falls between start and next domain name */
-		if (memcmp(workspace2, p, digest_size) > 0 && memcmp(p, digest, digest_size) > 0)
+		if (memcmp(workspace2, p, digest_len) > 0 && memcmp(p, digest, digest_len) > 0)
 		  return STAT_SECURE;
 	      }
 	  }
@@ -1671,9 +1658,9 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
 	      if (rc == STAT_SECURE_WILDCARD)
 		{
 		  /* An attacker replay a wildcard answer with a different
-		     answer and overlay an genuine RR. To prove this
+		     answer and overlay a genuine RR. To prove this
 		     hasn't happened, the answer must prove that
-		     a record doesn't exist. Check that here. */
+		     the gennuine record doesn't exist. Check that here. */
 		  if (!nsec_type)
 		    {
 		      nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, class1);
author	Simon Kelley <simon@thekelleys.org.uk>	2014-02-24 21:01:09 +0000
committer	Simon Kelley <simon@thekelleys.org.uk>	2014-02-24 21:01:09 +0000
commit	a857daa3511eebbbf63bc894695f4bfc790b2246 (patch)
tree	bb1a0b24a6d7dfc966bdacdbfc42116dd75c577c
parent	f01d7be6c647cc41f4911cdedadf739e24b08f28 (diff)
download	dnsmasq-a857daa3511eebbbf63bc894695f4bfc790b2246.tar.gz