|
|
b2eaff |
diff --git a/bin/named/control.c b/bin/named/control.c
|
|
|
b2eaff |
index fabe442..06eadce 100644
|
|
|
b2eaff |
--- a/bin/named/control.c
|
|
|
b2eaff |
+++ b/bin/named/control.c
|
|
|
b2eaff |
@@ -69,7 +69,7 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
|
|
|
b2eaff |
#endif
|
|
|
b2eaff |
|
|
|
b2eaff |
data = isccc_alist_lookup(message, "_data");
|
|
|
b2eaff |
- if (data == NULL) {
|
|
|
b2eaff |
+ if (!isccc_alist_alistp(data)) {
|
|
|
b2eaff |
/*
|
|
|
b2eaff |
* No data section.
|
|
|
b2eaff |
*/
|
|
|
b2eaff |
diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
|
|
|
b2eaff |
index c46a6e1..ef32790 100644
|
|
|
b2eaff |
--- a/bin/named/controlconf.c
|
|
|
b2eaff |
+++ b/bin/named/controlconf.c
|
|
|
b2eaff |
@@ -396,7 +396,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
|
|
|
b2eaff |
* Limit exposure to replay attacks.
|
|
|
b2eaff |
*/
|
|
|
b2eaff |
_ctrl = isccc_alist_lookup(request, "_ctrl");
|
|
|
b2eaff |
- if (_ctrl == NULL) {
|
|
|
b2eaff |
+ if (!isccc_alist_alistp(_ctrl)) {
|
|
|
b2eaff |
log_invalid(&conn->ccmsg, ISC_R_FAILURE);
|
|
|
b2eaff |
goto cleanup_request;
|
|
|
b2eaff |
}
|
|
|
b2eaff |
diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c
|
|
|
b2eaff |
index ba2c3f6..9a007e2 100644
|
|
|
b2eaff |
--- a/bin/rndc/rndc.c
|
|
|
b2eaff |
+++ b/bin/rndc/rndc.c
|
|
|
b2eaff |
@@ -252,8 +252,8 @@ rndc_recvdone(isc_task_t *task, isc_event_t *event) {
|
|
|
b2eaff |
DO("parse message", isccc_cc_fromwire(&source, &response, &secret));
|
|
|
b2eaff |
|
|
|
b2eaff |
data = isccc_alist_lookup(response, "_data");
|
|
|
b2eaff |
- if (data == NULL)
|
|
|
b2eaff |
- fatal("no data section in response");
|
|
|
b2eaff |
+ if (!isccc_alist_alistp(data))
|
|
|
b2eaff |
+ fatal("bad or missing data section in response");
|
|
|
b2eaff |
result = isccc_cc_lookupstring(data, "err", &errormsg);
|
|
|
b2eaff |
if (result == ISC_R_SUCCESS) {
|
|
|
b2eaff |
failed = ISC_TRUE;
|
|
|
b2eaff |
@@ -316,8 +316,8 @@ rndc_recvnonce(isc_task_t *task, isc_event_t *event) {
|
|
|
b2eaff |
DO("parse message", isccc_cc_fromwire(&source, &response, &secret));
|
|
|
b2eaff |
|
|
|
b2eaff |
_ctrl = isccc_alist_lookup(response, "_ctrl");
|
|
|
b2eaff |
- if (_ctrl == NULL)
|
|
|
b2eaff |
- fatal("_ctrl section missing");
|
|
|
b2eaff |
+ if (!isccc_alist_alistp(_ctrl))
|
|
|
b2eaff |
+ fatal("bad or missing ctrl section in response");
|
|
|
b2eaff |
nonce = 0;
|
|
|
b2eaff |
if (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS)
|
|
|
b2eaff |
nonce = 0;
|
|
|
b2eaff |
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
|
|
|
b2eaff |
index d220986..8696b15 100644
|
|
|
b2eaff |
--- a/lib/dns/resolver.c
|
|
|
b2eaff |
+++ b/lib/dns/resolver.c
|
|
|
b2eaff |
@@ -5408,14 +5408,11 @@ cname_target(dns_rdataset_t *rdataset, dns_name_t *tname) {
|
|
|
b2eaff |
}
|
|
|
b2eaff |
|
|
|
b2eaff |
static inline isc_result_t
|
|
|
b2eaff |
-dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname,
|
|
|
b2eaff |
- dns_name_t *oname, dns_fixedname_t *fixeddname)
|
|
|
b2eaff |
+dname_target(dns_rdataset_t *rdataset, dns_name_t *qname,
|
|
|
b2eaff |
+ unsigned int nlabels, dns_fixedname_t *fixeddname)
|
|
|
b2eaff |
{
|
|
|
b2eaff |
isc_result_t result;
|
|
|
b2eaff |
dns_rdata_t rdata = DNS_RDATA_INIT;
|
|
|
b2eaff |
- unsigned int nlabels;
|
|
|
b2eaff |
- int order;
|
|
|
b2eaff |
- dns_namereln_t namereln;
|
|
|
b2eaff |
dns_rdata_dname_t dname;
|
|
|
b2eaff |
dns_fixedname_t prefix;
|
|
|
b2eaff |
|
|
|
b2eaff |
@@ -5430,21 +5427,6 @@ dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname,
|
|
|
b2eaff |
if (result != ISC_R_SUCCESS)
|
|
|
b2eaff |
return (result);
|
|
|
b2eaff |
|
|
|
b2eaff |
- /*
|
|
|
b2eaff |
- * Get the prefix of qname.
|
|
|
b2eaff |
- */
|
|
|
b2eaff |
- namereln = dns_name_fullcompare(qname, oname, &order, &nlabels);
|
|
|
b2eaff |
- if (namereln != dns_namereln_subdomain) {
|
|
|
b2eaff |
- char qbuf[DNS_NAME_FORMATSIZE];
|
|
|
b2eaff |
- char obuf[DNS_NAME_FORMATSIZE];
|
|
|
b2eaff |
-
|
|
|
b2eaff |
- dns_rdata_freestruct(&dname);
|
|
|
b2eaff |
- dns_name_format(qname, qbuf, sizeof(qbuf));
|
|
|
b2eaff |
- dns_name_format(oname, obuf, sizeof(obuf));
|
|
|
b2eaff |
- log_formerr(fctx, "unrelated DNAME in answer: "
|
|
|
b2eaff |
- "%s is not in %s", qbuf, obuf);
|
|
|
b2eaff |
- return (DNS_R_FORMERR);
|
|
|
b2eaff |
- }
|
|
|
b2eaff |
dns_fixedname_init(&prefix);
|
|
|
b2eaff |
dns_name_split(qname, nlabels, dns_fixedname_name(&prefix), NULL);
|
|
|
b2eaff |
dns_fixedname_init(fixeddname);
|
|
|
b2eaff |
@@ -6057,13 +6039,13 @@ static isc_result_t
|
|
|
b2eaff |
answer_response(fetchctx_t *fctx) {
|
|
|
b2eaff |
isc_result_t result;
|
|
|
b2eaff |
dns_message_t *message;
|
|
|
b2eaff |
- dns_name_t *name, *qname, tname, *ns_name;
|
|
|
b2eaff |
+ dns_name_t *name, *dname = NULL, *qname, tname, *ns_name;
|
|
|
b2eaff |
dns_rdataset_t *rdataset, *ns_rdataset;
|
|
|
b2eaff |
isc_boolean_t done, external, chaining, aa, found, want_chaining;
|
|
|
b2eaff |
isc_boolean_t have_answer, found_cname, found_type, wanted_chaining;
|
|
|
b2eaff |
unsigned int aflag;
|
|
|
b2eaff |
dns_rdatatype_t type;
|
|
|
b2eaff |
- dns_fixedname_t dname, fqname;
|
|
|
b2eaff |
+ dns_fixedname_t fdname, fqname;
|
|
|
b2eaff |
dns_view_t *view;
|
|
|
b2eaff |
|
|
|
b2eaff |
FCTXTRACE("answer_response");
|
|
|
b2eaff |
@@ -6091,10 +6073,15 @@ answer_response(fetchctx_t *fctx) {
|
|
|
b2eaff |
view = fctx->res->view;
|
|
|
b2eaff |
result = dns_message_firstname(message, DNS_SECTION_ANSWER);
|
|
|
b2eaff |
while (!done && result == ISC_R_SUCCESS) {
|
|
|
b2eaff |
+ dns_namereln_t namereln;
|
|
|
b2eaff |
+ int order;
|
|
|
b2eaff |
+ unsigned int nlabels;
|
|
|
b2eaff |
+
|
|
|
b2eaff |
name = NULL;
|
|
|
b2eaff |
dns_message_currentname(message, DNS_SECTION_ANSWER, &name);
|
|
|
b2eaff |
external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
|
|
|
b2eaff |
- if (dns_name_equal(name, qname)) {
|
|
|
b2eaff |
+ namereln = dns_name_fullcompare(qname, name, &order, &nlabels);
|
|
|
b2eaff |
+ if (namereln == dns_namereln_equal) {
|
|
|
b2eaff |
wanted_chaining = ISC_FALSE;
|
|
|
b2eaff |
for (rdataset = ISC_LIST_HEAD(name->list);
|
|
|
b2eaff |
rdataset != NULL;
|
|
|
b2eaff |
@@ -6219,10 +6206,11 @@ answer_response(fetchctx_t *fctx) {
|
|
|
b2eaff |
*/
|
|
|
b2eaff |
INSIST(!external);
|
|
|
b2eaff |
if (aflag ==
|
|
|
b2eaff |
- DNS_RDATASETATTR_ANSWER)
|
|
|
b2eaff |
+ DNS_RDATASETATTR_ANSWER) {
|
|
|
b2eaff |
have_answer = ISC_TRUE;
|
|
|
b2eaff |
- name->attributes |=
|
|
|
b2eaff |
- DNS_NAMEATTR_ANSWER;
|
|
|
b2eaff |
+ name->attributes |=
|
|
|
b2eaff |
+ DNS_NAMEATTR_ANSWER;
|
|
|
b2eaff |
+ }
|
|
|
b2eaff |
rdataset->attributes |= aflag;
|
|
|
b2eaff |
if (aa)
|
|
|
b2eaff |
rdataset->trust =
|
|
|
b2eaff |
@@ -6277,6 +6265,8 @@ answer_response(fetchctx_t *fctx) {
|
|
|
b2eaff |
if (wanted_chaining)
|
|
|
b2eaff |
chaining = ISC_TRUE;
|
|
|
b2eaff |
} else {
|
|
|
b2eaff |
+ dns_rdataset_t *dnameset = NULL;
|
|
|
b2eaff |
+
|
|
|
b2eaff |
/*
|
|
|
b2eaff |
* Look for a DNAME (or its SIG). Anything else is
|
|
|
b2eaff |
* ignored.
|
|
|
b2eaff |
@@ -6284,32 +6274,56 @@ answer_response(fetchctx_t *fctx) {
|
|
|
b2eaff |
wanted_chaining = ISC_FALSE;
|
|
|
b2eaff |
for (rdataset = ISC_LIST_HEAD(name->list);
|
|
|
b2eaff |
rdataset != NULL;
|
|
|
b2eaff |
- rdataset = ISC_LIST_NEXT(rdataset, link)) {
|
|
|
b2eaff |
- isc_boolean_t found_dname = ISC_FALSE;
|
|
|
b2eaff |
- dns_name_t *dname_name;
|
|
|
b2eaff |
+ rdataset = ISC_LIST_NEXT(rdataset, link))
|
|
|
b2eaff |
+ {
|
|
|
b2eaff |
+ /*
|
|
|
b2eaff |
+ * Only pass DNAME or RRSIG(DNAME).
|
|
|
b2eaff |
+ */
|
|
|
b2eaff |
+ if (rdataset->type != dns_rdatatype_dname &&
|
|
|
b2eaff |
+ (rdataset->type != dns_rdatatype_rrsig ||
|
|
|
b2eaff |
+ rdataset->covers != dns_rdatatype_dname))
|
|
|
b2eaff |
+ continue;
|
|
|
b2eaff |
+
|
|
|
b2eaff |
+ /*
|
|
|
b2eaff |
+ * If we're not chaining, then the DNAME and
|
|
|
b2eaff |
+ * its signature should not be external.
|
|
|
b2eaff |
+ */
|
|
|
b2eaff |
+ if (!chaining && external) {
|
|
|
b2eaff |
+ char qbuf[DNS_NAME_FORMATSIZE];
|
|
|
b2eaff |
+ char obuf[DNS_NAME_FORMATSIZE];
|
|
|
b2eaff |
+
|
|
|
b2eaff |
+ dns_name_format(name, qbuf,
|
|
|
b2eaff |
+ sizeof(qbuf));
|
|
|
b2eaff |
+ dns_name_format(&fctx->domain, obuf,
|
|
|
b2eaff |
+ sizeof(obuf));
|
|
|
b2eaff |
+ log_formerr(fctx, "external DNAME or "
|
|
|
b2eaff |
+ "RRSIG covering DNAME "
|
|
|
b2eaff |
+ "in answer: %s is "
|
|
|
b2eaff |
+ "not in %s", qbuf, obuf);
|
|
|
b2eaff |
+ return (DNS_R_FORMERR);
|
|
|
b2eaff |
+ }
|
|
|
b2eaff |
+
|
|
|
b2eaff |
+ if (namereln != dns_namereln_subdomain) {
|
|
|
b2eaff |
+ char qbuf[DNS_NAME_FORMATSIZE];
|
|
|
b2eaff |
+ char obuf[DNS_NAME_FORMATSIZE];
|
|
|
b2eaff |
+
|
|
|
b2eaff |
+ dns_name_format(qname, qbuf,
|
|
|
b2eaff |
+ sizeof(qbuf));
|
|
|
b2eaff |
+ dns_name_format(name, obuf,
|
|
|
b2eaff |
+ sizeof(obuf));
|
|
|
b2eaff |
+ log_formerr(fctx, "unrelated DNAME "
|
|
|
b2eaff |
+ "in answer: %s is "
|
|
|
b2eaff |
+ "not in %s", qbuf, obuf);
|
|
|
b2eaff |
+ return (DNS_R_FORMERR);
|
|
|
b2eaff |
+ }
|
|
|
b2eaff |
|
|
|
b2eaff |
- found = ISC_FALSE;
|
|
|
b2eaff |
aflag = 0;
|
|
|
b2eaff |
if (rdataset->type == dns_rdatatype_dname) {
|
|
|
b2eaff |
- /*
|
|
|
b2eaff |
- * We're looking for something else,
|
|
|
b2eaff |
- * but we found a DNAME.
|
|
|
b2eaff |
- *
|
|
|
b2eaff |
- * If we're not chaining, then the
|
|
|
b2eaff |
- * DNAME should not be external.
|
|
|
b2eaff |
- */
|
|
|
b2eaff |
- if (!chaining && external) {
|
|
|
b2eaff |
- log_formerr(fctx,
|
|
|
b2eaff |
- "external DNAME");
|
|
|
b2eaff |
- return (DNS_R_FORMERR);
|
|
|
b2eaff |
- }
|
|
|
b2eaff |
- found = ISC_TRUE;
|
|
|
b2eaff |
want_chaining = ISC_TRUE;
|
|
|
b2eaff |
POST(want_chaining);
|
|
|
b2eaff |
aflag = DNS_RDATASETATTR_ANSWER;
|
|
|
b2eaff |
- result = dname_target(fctx, rdataset,
|
|
|
b2eaff |
- qname, name,
|
|
|
b2eaff |
- &dname);
|
|
|
b2eaff |
+ result = dname_target(rdataset, qname,
|
|
|
b2eaff |
+ nlabels, &fdname);
|
|
|
b2eaff |
if (result == ISC_R_NOSPACE) {
|
|
|
b2eaff |
/*
|
|
|
b2eaff |
* We can't construct the
|
|
|
b2eaff |
@@ -6321,90 +6335,73 @@ answer_response(fetchctx_t *fctx) {
|
|
|
b2eaff |
} else if (result != ISC_R_SUCCESS)
|
|
|
b2eaff |
return (result);
|
|
|
b2eaff |
else
|
|
|
b2eaff |
- found_dname = ISC_TRUE;
|
|
|
b2eaff |
+ dnameset = rdataset;
|
|
|
b2eaff |
|
|
|
b2eaff |
- dname_name = dns_fixedname_name(&dname);
|
|
|
b2eaff |
+ dname = dns_fixedname_name(&fdname);
|
|
|
b2eaff |
if (!is_answertarget_allowed(view,
|
|
|
b2eaff |
- qname,
|
|
|
b2eaff |
- rdataset->type,
|
|
|
b2eaff |
- dname_name,
|
|
|
b2eaff |
- &fctx->domain)) {
|
|
|
b2eaff |
+ qname, rdataset->type,
|
|
|
b2eaff |
+ dname, &fctx->domain)) {
|
|
|
b2eaff |
return (DNS_R_SERVFAIL);
|
|
|
b2eaff |
}
|
|
|
b2eaff |
- } else if (rdataset->type == dns_rdatatype_rrsig
|
|
|
b2eaff |
- && rdataset->covers ==
|
|
|
b2eaff |
- dns_rdatatype_dname) {
|
|
|
b2eaff |
+ } else {
|
|
|
b2eaff |
/*
|
|
|
b2eaff |
* We've found a signature that
|
|
|
b2eaff |
* covers the DNAME.
|
|
|
b2eaff |
*/
|
|
|
b2eaff |
- found = ISC_TRUE;
|
|
|
b2eaff |
aflag = DNS_RDATASETATTR_ANSWERSIG;
|
|
|
b2eaff |
}
|
|
|
b2eaff |
|
|
|
b2eaff |
- if (found) {
|
|
|
b2eaff |
+ /*
|
|
|
b2eaff |
+ * We've found an answer to our
|
|
|
b2eaff |
+ * question.
|
|
|
b2eaff |
+ */
|
|
|
b2eaff |
+ name->attributes |= DNS_NAMEATTR_CACHE;
|
|
|
b2eaff |
+ rdataset->attributes |= DNS_RDATASETATTR_CACHE;
|
|
|
b2eaff |
+ rdataset->trust = dns_trust_answer;
|
|
|
b2eaff |
+ if (!chaining) {
|
|
|
b2eaff |
/*
|
|
|
b2eaff |
- * We've found an answer to our
|
|
|
b2eaff |
- * question.
|
|
|
b2eaff |
+ * This data is "the" answer to
|
|
|
b2eaff |
+ * our question only if we're
|
|
|
b2eaff |
+ * not chaining.
|
|
|
b2eaff |
*/
|
|
|
b2eaff |
- name->attributes |=
|
|
|
b2eaff |
- DNS_NAMEATTR_CACHE;
|
|
|
b2eaff |
- rdataset->attributes |=
|
|
|
b2eaff |
- DNS_RDATASETATTR_CACHE;
|
|
|
b2eaff |
- rdataset->trust = dns_trust_answer;
|
|
|
b2eaff |
- if (!chaining) {
|
|
|
b2eaff |
- /*
|
|
|
b2eaff |
- * This data is "the" answer
|
|
|
b2eaff |
- * to our question only if
|
|
|
b2eaff |
- * we're not chaining.
|
|
|
b2eaff |
- */
|
|
|
b2eaff |
- INSIST(!external);
|
|
|
b2eaff |
- if (aflag ==
|
|
|
b2eaff |
- DNS_RDATASETATTR_ANSWER)
|
|
|
b2eaff |
- have_answer = ISC_TRUE;
|
|
|
b2eaff |
+ INSIST(!external);
|
|
|
b2eaff |
+ if (aflag == DNS_RDATASETATTR_ANSWER) {
|
|
|
b2eaff |
+ have_answer = ISC_TRUE;
|
|
|
b2eaff |
name->attributes |=
|
|
|
b2eaff |
DNS_NAMEATTR_ANSWER;
|
|
|
b2eaff |
- rdataset->attributes |= aflag;
|
|
|
b2eaff |
- if (aa)
|
|
|
b2eaff |
- rdataset->trust =
|
|
|
b2eaff |
- dns_trust_authanswer;
|
|
|
b2eaff |
- } else if (external) {
|
|
|
b2eaff |
- rdataset->attributes |=
|
|
|
b2eaff |
- DNS_RDATASETATTR_EXTERNAL;
|
|
|
b2eaff |
- }
|
|
|
b2eaff |
-
|
|
|
b2eaff |
- /*
|
|
|
b2eaff |
- * DNAME chaining.
|
|
|
b2eaff |
- */
|
|
|
b2eaff |
- if (found_dname) {
|
|
|
b2eaff |
- /*
|
|
|
b2eaff |
- * Copy the dname into the
|
|
|
b2eaff |
- * qname fixed name.
|
|
|
b2eaff |
- *
|
|
|
b2eaff |
- * Although we check for
|
|
|
b2eaff |
- * failure of the copy
|
|
|
b2eaff |
- * operation, in practice it
|
|
|
b2eaff |
- * should never fail since
|
|
|
b2eaff |
- * we already know that the
|
|
|
b2eaff |
- * result fits in a fixedname.
|
|
|
b2eaff |
- */
|
|
|
b2eaff |
- dns_fixedname_init(&fqname);
|
|
|
b2eaff |
- result = dns_name_copy(
|
|
|
b2eaff |
- dns_fixedname_name(&dname),
|
|
|
b2eaff |
- dns_fixedname_name(&fqname),
|
|
|
b2eaff |
- NULL);
|
|
|
b2eaff |
- if (result != ISC_R_SUCCESS)
|
|
|
b2eaff |
- return (result);
|
|
|
b2eaff |
- wanted_chaining = ISC_TRUE;
|
|
|
b2eaff |
- name->attributes |=
|
|
|
b2eaff |
- DNS_NAMEATTR_CHAINING;
|
|
|
b2eaff |
- rdataset->attributes |=
|
|
|
b2eaff |
- DNS_RDATASETATTR_CHAINING;
|
|
|
b2eaff |
- qname = dns_fixedname_name(
|
|
|
b2eaff |
- &fqname);
|
|
|
b2eaff |
}
|
|
|
b2eaff |
+ rdataset->attributes |= aflag;
|
|
|
b2eaff |
+ if (aa)
|
|
|
b2eaff |
+ rdataset->trust =
|
|
|
b2eaff |
+ dns_trust_authanswer;
|
|
|
b2eaff |
+ } else if (external) {
|
|
|
b2eaff |
+ rdataset->attributes |=
|
|
|
b2eaff |
+ DNS_RDATASETATTR_EXTERNAL;
|
|
|
b2eaff |
}
|
|
|
b2eaff |
}
|
|
|
b2eaff |
+
|
|
|
b2eaff |
+ /*
|
|
|
b2eaff |
+ * DNAME chaining.
|
|
|
b2eaff |
+ */
|
|
|
b2eaff |
+ if (dnameset != NULL) {
|
|
|
b2eaff |
+ /*
|
|
|
b2eaff |
+ * Copy the dname into the qname fixed name.
|
|
|
b2eaff |
+ *
|
|
|
b2eaff |
+ * Although we check for failure of the copy
|
|
|
b2eaff |
+ * operation, in practice it should never fail
|
|
|
b2eaff |
+ * since we already know that the result fits
|
|
|
b2eaff |
+ * in a fixedname.
|
|
|
b2eaff |
+ */
|
|
|
b2eaff |
+ dns_fixedname_init(&fqname);
|
|
|
b2eaff |
+ qname = dns_fixedname_name(&fqname);
|
|
|
b2eaff |
+ result = dns_name_copy(dname, qname, NULL);
|
|
|
b2eaff |
+ if (result != ISC_R_SUCCESS)
|
|
|
b2eaff |
+ return (result);
|
|
|
b2eaff |
+ wanted_chaining = ISC_TRUE;
|
|
|
b2eaff |
+ name->attributes |= DNS_NAMEATTR_CHAINING;
|
|
|
b2eaff |
+ dnameset->attributes |=
|
|
|
b2eaff |
+ DNS_RDATASETATTR_CHAINING;
|
|
|
b2eaff |
+ }
|
|
|
b2eaff |
if (wanted_chaining)
|
|
|
b2eaff |
chaining = ISC_TRUE;
|
|
|
b2eaff |
}
|
|
|
b2eaff |
diff --git a/lib/isccc/cc.c b/lib/isccc/cc.c
|
|
|
b2eaff |
index ae5391a..10e5dc9 100644
|
|
|
b2eaff |
--- a/lib/isccc/cc.c
|
|
|
b2eaff |
+++ b/lib/isccc/cc.c
|
|
|
b2eaff |
@@ -286,10 +286,10 @@ verify(isccc_sexpr_t *alist, unsigned char *data, unsigned int length,
|
|
|
b2eaff |
* Extract digest.
|
|
|
b2eaff |
*/
|
|
|
b2eaff |
_auth = isccc_alist_lookup(alist, "_auth");
|
|
|
b2eaff |
- if (_auth == NULL)
|
|
|
b2eaff |
+ if (!isccc_alist_alistp(_auth))
|
|
|
b2eaff |
return (ISC_R_FAILURE);
|
|
|
b2eaff |
hmd5 = isccc_alist_lookup(_auth, "hmd5");
|
|
|
b2eaff |
- if (hmd5 == NULL)
|
|
|
b2eaff |
+ if (!isccc_sexpr_binaryp(hmd5))
|
|
|
b2eaff |
return (ISC_R_FAILURE);
|
|
|
b2eaff |
/*
|
|
|
b2eaff |
* Compute digest.
|
|
|
b2eaff |
@@ -543,7 +543,7 @@ isccc_cc_createack(isccc_sexpr_t *message, isc_boolean_t ok,
|
|
|
b2eaff |
REQUIRE(ackp != NULL && *ackp == NULL);
|
|
|
b2eaff |
|
|
|
b2eaff |
_ctrl = isccc_alist_lookup(message, "_ctrl");
|
|
|
b2eaff |
- if (_ctrl == NULL ||
|
|
|
b2eaff |
+ if (!isccc_alist_alistp(_ctrl) ||
|
|
|
b2eaff |
isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
|
|
|
b2eaff |
isccc_cc_lookupuint32(_ctrl, "_tim", &t) != ISC_R_SUCCESS)
|
|
|
b2eaff |
return (ISC_R_FAILURE);
|
|
|
b2eaff |
@@ -588,7 +588,7 @@ isccc_cc_isack(isccc_sexpr_t *message)
|
|
|
b2eaff |
isccc_sexpr_t *_ctrl;
|
|
|
b2eaff |
|
|
|
b2eaff |
_ctrl = isccc_alist_lookup(message, "_ctrl");
|
|
|
b2eaff |
- if (_ctrl == NULL)
|
|
|
b2eaff |
+ if (!isccc_alist_alistp(_ctrl))
|
|
|
b2eaff |
return (ISC_FALSE);
|
|
|
b2eaff |
if (isccc_cc_lookupstring(_ctrl, "_ack", NULL) == ISC_R_SUCCESS)
|
|
|
b2eaff |
return (ISC_TRUE);
|
|
|
b2eaff |
@@ -601,7 +601,7 @@ isccc_cc_isreply(isccc_sexpr_t *message)
|
|
|
b2eaff |
isccc_sexpr_t *_ctrl;
|
|
|
b2eaff |
|
|
|
b2eaff |
_ctrl = isccc_alist_lookup(message, "_ctrl");
|
|
|
b2eaff |
- if (_ctrl == NULL)
|
|
|
b2eaff |
+ if (!isccc_alist_alistp(_ctrl))
|
|
|
b2eaff |
return (ISC_FALSE);
|
|
|
b2eaff |
if (isccc_cc_lookupstring(_ctrl, "_rpl", NULL) == ISC_R_SUCCESS)
|
|
|
b2eaff |
return (ISC_TRUE);
|
|
|
b2eaff |
@@ -621,7 +621,7 @@ isccc_cc_createresponse(isccc_sexpr_t *message, isccc_time_t now,
|
|
|
b2eaff |
|
|
|
b2eaff |
_ctrl = isccc_alist_lookup(message, "_ctrl");
|
|
|
b2eaff |
_data = isccc_alist_lookup(message, "_data");
|
|
|
b2eaff |
- if (_ctrl == NULL || _data == NULL ||
|
|
|
b2eaff |
+ if (!isccc_alist_alistp(_ctrl) || !isccc_alist_alistp(_data) ||
|
|
|
b2eaff |
isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
|
|
|
b2eaff |
isccc_cc_lookupstring(_data, "type", &type) != ISC_R_SUCCESS)
|
|
|
b2eaff |
return (ISC_R_FAILURE);
|
|
|
b2eaff |
@@ -810,7 +810,7 @@ isccc_cc_checkdup(isccc_symtab_t *symtab, isccc_sexpr_t *message,
|
|
|
b2eaff |
isccc_sexpr_t *_ctrl;
|
|
|
b2eaff |
|
|
|
b2eaff |
_ctrl = isccc_alist_lookup(message, "_ctrl");
|
|
|
b2eaff |
- if (_ctrl == NULL ||
|
|
|
b2eaff |
+ if (!isccc_alist_alistp(_ctrl) ||
|
|
|
b2eaff |
isccc_cc_lookupstring(_ctrl, "_ser", &_ser) != ISC_R_SUCCESS ||
|
|
|
b2eaff |
isccc_cc_lookupstring(_ctrl, "_tim", &_tim) != ISC_R_SUCCESS)
|
|
|
b2eaff |
return (ISC_R_FAILURE);
|