diff options
Diffstat (limited to 'contrib/unbound/validator/val_anchor.c')
| -rw-r--r-- | contrib/unbound/validator/val_anchor.c | 99 |
1 files changed, 89 insertions, 10 deletions
diff --git a/contrib/unbound/validator/val_anchor.c b/contrib/unbound/validator/val_anchor.c index b1a54e1f0195..daa04504e595 100644 --- a/contrib/unbound/validator/val_anchor.c +++ b/contrib/unbound/validator/val_anchor.c @@ -483,11 +483,10 @@ anchor_read_file(struct val_anchors* anchors, sldns_buffer* buffer, /** skip file to end of line */ static void -skip_to_eol(FILE* in) +skip_to_eol(FILE* in, int *c) { - int c; - while((c = getc(in)) != EOF ) { - if(c == '\n') + while((*c = getc(in)) != EOF ) { + if(*c == '\n') return; } } @@ -534,7 +533,8 @@ readkeyword_bindfile(FILE* in, sldns_buffer* buf, int* line, int comments) int numdone = 0; while((c = getc(in)) != EOF ) { if(comments && c == '#') { /* # blabla */ - skip_to_eol(in); + skip_to_eol(in, &c); + if(c == EOF) return 0; (*line)++; continue; } else if(comments && c=='/' && numdone>0 && /* /_/ bla*/ @@ -542,7 +542,8 @@ readkeyword_bindfile(FILE* in, sldns_buffer* buf, int* line, int comments) sldns_buffer_position(buf)-1) == '/') { sldns_buffer_skip(buf, -1); numdone--; - skip_to_eol(in); + skip_to_eol(in, &c); + if(c == EOF) return 0; (*line)++; continue; } else if(comments && c=='*' && numdone>0 && /* /_* bla *_/ */ @@ -559,6 +560,7 @@ readkeyword_bindfile(FILE* in, sldns_buffer* buf, int* line, int comments) if(c == '\n') (*line)++; } + if(c == EOF) return 0; continue; } /* not a comment, complete the keyword */ @@ -593,6 +595,7 @@ readkeyword_bindfile(FILE* in, sldns_buffer* buf, int* line, int comments) break; } } + if(c == EOF) return 0; return numdone; } if(is_bind_special(c)) @@ -1018,7 +1021,7 @@ anchors_assemble_rrsets(struct val_anchors* anchors) ta->name, LDNS_RR_TYPE_DNSKEY, ta->dclass); } if(nods == ta->numDS && nokey == ta->numDNSKEY) { - char b[257]; + char b[LDNS_MAX_DOMAINLEN]; dname_str(ta->name, b); log_warn("trust anchor %s has no supported algorithms," " the anchor is ignored (check if you need to" @@ -1170,17 +1173,53 @@ anchors_lookup(struct val_anchors* anchors, return result; } +/** Get memory usage of assembled key rrset */ +static size_t +assembled_rrset_get_mem(struct ub_packed_rrset_key* pkey) +{ + size_t s; + if(!pkey) + return 0; + s = sizeof(*pkey) + pkey->rk.dname_len; + if(pkey->entry.data) { + struct packed_rrset_data* pd = (struct packed_rrset_data*) + pkey->entry.data; + s += sizeof(*pd) + pd->count * (sizeof(size_t)+sizeof(time_t)+ + sizeof(uint8_t*)); + } + return s; +} + size_t anchors_get_mem(struct val_anchors* anchors) { struct trust_anchor *ta; - size_t s = sizeof(*anchors); - if(!anchors) - return 0; + struct ta_key *k; + size_t s; + if(!anchors) return 0; + s = sizeof(*anchors); + lock_basic_lock(&anchors->lock); RBTREE_FOR(ta, struct trust_anchor*, anchors->tree) { + lock_basic_lock(&ta->lock); s += sizeof(*ta) + ta->namelen; /* keys and so on */ + for(k = ta->keylist; k; k = k->next) { + s += sizeof(*k) + k->len; + } + s += assembled_rrset_get_mem(ta->ds_rrset); + s += assembled_rrset_get_mem(ta->dnskey_rrset); + if(ta->autr) { + struct autr_ta* p; + s += sizeof(*ta->autr); + if(ta->autr->file) + s += strlen(ta->autr->file); + for(p = ta->autr->keys; p; p=p->next) { + s += sizeof(*p) + p->rr_len; + } + } + lock_basic_unlock(&ta->lock); } + lock_basic_unlock(&anchors->lock); return s; } @@ -1322,3 +1361,43 @@ anchor_has_keytag(struct val_anchors* anchors, uint8_t* name, int namelabs, free(taglist); return 0; } + +struct trust_anchor* +anchors_find_any_noninsecure(struct val_anchors* anchors) +{ + struct trust_anchor* ta, *next; + lock_basic_lock(&anchors->lock); + ta=(struct trust_anchor*)rbtree_first(anchors->tree); + while((rbnode_type*)ta != RBTREE_NULL) { + next = (struct trust_anchor*)rbtree_next(&ta->node); + lock_basic_lock(&ta->lock); + if(ta->numDS != 0 || ta->numDNSKEY != 0) { + /* not an insecurepoint */ + lock_basic_unlock(&anchors->lock); + return ta; + } + lock_basic_unlock(&ta->lock); + ta = next; + } + lock_basic_unlock(&anchors->lock); + return NULL; +} + +void +anchors_swap_tree(struct val_anchors* anchors, struct val_anchors* data) +{ + rbtree_type* oldtree; + rbtree_type oldprobe; + + if(!anchors || !data) + return; /* If anchors is NULL, there is no validation. */ + + oldtree = anchors->tree; + oldprobe = anchors->autr->probe; + + anchors->tree = data->tree; + anchors->autr->probe = data->autr->probe; + + data->tree = oldtree; + data->autr->probe = oldprobe; +} |