summaryrefslogtreecommitdiff
path: root/examples
diff options
context:
space:
mode:
authorWillem Toorop <willem@NLnetLabs.nl>2012-09-25 13:58:14 +0200
committerWillem Toorop <willem@NLnetLabs.nl>2012-09-25 13:58:14 +0200
commite5822572592c6c47f516e99c0ca99e211461859d (patch)
tree013330ffe556c5c3ec9007b11a8adb298ea3c8f1 /examples
parentbb5b0f6359d7e9494dec17f40323b3d87c9fec8e (diff)
downloadldns-e5822572592c6c47f516e99c0ca99e211461859d.tar.gz
Final code review thingies:
Bufferoverflow in data_buffer2wire in ldns-testpkts.c Print unknown rcodes in ldns_axfr_next in resolver.c Handle errors in main in ldns-keyfetcher.c Continue in correct loop in ldns_resolver_new_frm_fp_l in resolver.c Skip set delimeters (to del) when tokenread i.s.o. delim in ldns_bget_token and ldns_fget_token in parse.c Test reply when verifying tsig in ldns_send_buffer in net.c Assert that verify_next_hashed_name is only called with nsecs in the zone with ldns-verify-zone.c Set inception and expiration on keys after they are read from the engine in main in ldns-signzone.c Gracefully return from ldns_dnssec_zone_add_empty_nonterminals in a broken rbtree. Check if tree->rr is null before use in ldns_dnssec_trust_tree_contains_keys in dnssec_verify.c Check data for null before use in ldns_dnssec_create_nsec_bitmap in dnssec.c Dead code in ldns_str2rdf_wks, ldns_resolver_query, examples/ldns_testpkts/data_buffer2wire, drill/work/packetbuffromfile & ldns_dnssec_verify_denial_nsec3_match.
Diffstat (limited to 'examples')
-rw-r--r--examples/ldns-keyfetcher.c19
-rw-r--r--examples/ldns-read-zone.c2
-rw-r--r--examples/ldns-signzone.c15
-rw-r--r--examples/ldns-testpkts.c21
-rw-r--r--examples/ldns-verify-zone.c3
5 files changed, 43 insertions, 17 deletions
diff --git a/examples/ldns-keyfetcher.c b/examples/ldns-keyfetcher.c
index 267822f8..ee06aea9 100644
--- a/examples/ldns-keyfetcher.c
+++ b/examples/ldns-keyfetcher.c
@@ -649,10 +649,21 @@ main(int argc, char *argv[])
fprintf(stderr, "Warning: Unable to create stub resolver from /etc/resolv.conf:\n");
fprintf(stderr, "%s\n", ldns_get_errorstr_by_id(status));
fprintf(stderr, "defaulting to nameserver at 127.0.0.1 for separate nameserver name lookups\n");
- res = ldns_resolver_new();
- ns = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_A, "127.0.0.1");
- status = ldns_resolver_push_nameserver(res, ns);
- if (status != LDNS_STATUS_OK) {
+ for (;;) {
+ res = ldns_resolver_new();
+ if (res) {
+ ns = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_A,
+ "127.0.0.1");
+ if (ns) {
+ status = ldns_resolver_push_nameserver(
+ res, ns);
+ if (status == LDNS_STATUS_OK) {
+ break;
+ }
+ ldns_rdf_deep_free(ns);
+ }
+ ldns_resolver_free(res);
+ }
fprintf(stderr, "Unable to create stub resolver: %s\n", ldns_get_errorstr_by_id(status));
exit(EXIT_FAILURE);
}
diff --git a/examples/ldns-read-zone.c b/examples/ldns-read-zone.c
index 6e00a3fc..efe187e6 100644
--- a/examples/ldns-read-zone.c
+++ b/examples/ldns-read-zone.c
@@ -60,7 +60,7 @@ main(int argc, char **argv)
}
break;
case 'h':
- printf("Usage: %s [-c] [-v] [-z] <zonefile>\n", argv[0]);
+ printf("Usage: %s [OPTIONS] <zonefile>\n", argv[0]);
printf("\tReads the zonefile and prints it.\n");
printf("\tThe RR count of the zone is printed to stderr.\n");
printf("\t-b include bubblebabble of DS's.\n");
diff --git a/examples/ldns-signzone.c b/examples/ldns-signzone.c
index 34615039..25ece3a6 100644
--- a/examples/ldns-signzone.c
+++ b/examples/ldns-signzone.c
@@ -513,13 +513,6 @@ main(int argc, char *argv[])
printf("Engine key id: %s, algo %d\n", eng_key_id, eng_key_algo);
- if (expiration != 0) {
- ldns_key_set_expiration(key, expiration);
- }
- if (inception != 0) {
- ldns_key_set_inception(key, inception);
- }
-
s = ldns_key_new_frm_engine(&key, engine, eng_key_id, eng_key_algo);
if (s == LDNS_STATUS_OK) {
/* must be dnssec key */
@@ -544,6 +537,14 @@ main(int argc, char *argv[])
fprintf(stderr, "Warning, key not suitable for signing, ignoring key with algorithm %u\n", ldns_key_algorithm(key));
break;
}
+ if (expiration != 0) {
+ ldns_key_set_expiration(key,
+ expiration);
+ }
+ if (inception != 0) {
+ ldns_key_set_inception(key,
+ inception);
+ }
} else {
printf("Error reading key '%s' from engine: %s\n", eng_key_id, ldns_get_errorstr_by_id(s));
#ifdef HAVE_SSL
diff --git a/examples/ldns-testpkts.c b/examples/ldns-testpkts.c
index 033ea15d..7a6c020e 100644
--- a/examples/ldns-testpkts.c
+++ b/examples/ldns-testpkts.c
@@ -340,6 +340,12 @@ data_buffer2wire(ldns_buffer *data_buffer)
(c >= 'a' && c <= 'f') ||
(c >= 'A' && c <= 'F') )
{
+ if (hexbufpos >= LDNS_MAX_PACKETLEN) {
+ error("buffer overflow");
+ LDNS_FREE(hexbuf);
+ return 0;
+
+ }
hexbuf[hexbufpos] = (uint8_t) c;
hexbufpos++;
} else if (c == ';') {
@@ -354,14 +360,14 @@ data_buffer2wire(ldns_buffer *data_buffer)
}
break;
case 2:
+ if (hexbufpos >= LDNS_MAX_PACKETLEN) {
+ error("buffer overflow");
+ LDNS_FREE(hexbuf);
+ return 0;
+ }
hexbuf[hexbufpos] = (uint8_t) c;
hexbufpos++;
break;
- default:
- error("unknown state while reading");
- LDNS_FREE(hexbuf);
- return 0;
- break;
}
}
@@ -371,6 +377,11 @@ data_buffer2wire(ldns_buffer *data_buffer)
/* lenient mode: length must be multiple of 2 */
if (hexbufpos % 2 != 0) {
+ if (hexbufpos >= LDNS_MAX_PACKETLEN) {
+ error("buffer overflow");
+ LDNS_FREE(hexbuf);
+ return 0;
+ }
hexbuf[hexbufpos] = (uint8_t) '0';
hexbufpos++;
}
diff --git a/examples/ldns-verify-zone.c b/examples/ldns-verify-zone.c
index 7829c43d..373d4701 100644
--- a/examples/ldns-verify-zone.c
+++ b/examples/ldns-verify-zone.c
@@ -309,6 +309,9 @@ verify_next_hashed_name(ldns_dnssec_zone* zone, ldns_dnssec_name *name)
if (!cur_next_name) {
cur_next_name = cur_first_name;
}
+ assert(cur_next_name); /* Because this function is called on nsec
+ * occurrence, it must be there!
+ */
next_owner_str = ldns_rdf2str(ldns_nsec3_next_owner(name->nsec));
next_owner_dname = ldns_dname_new_frm_str(next_owner_str);