Commit 3c5c1d22 authored by Vladimír Čunát's avatar Vladimír Čunát

cache: avoid bad assertions

The order in nsec1 checks is to do the cheap checks first,
and that results into possibly passing non-rank values as ranks.
parent 5ee8cb4e
......@@ -201,7 +201,7 @@ struct entry_h * entry_h_consistent(knot_db_val_t data, uint16_t type)
}
bool ok = true;
ok = ok && (!kr_rank_test(eh->rank, KR_RANK_BOGUS)
ok = ok && (!kr_rank_test_noassert(eh->rank, KR_RANK_BOGUS)
|| eh->is_packet);
ok = ok && (eh->is_packet || !eh->has_optout);
......
......@@ -187,7 +187,7 @@ static const char * find_leq_NSEC1(struct kr_cache *cache, const struct kr_query
/* FIXME(stale): passing just zone name instead of owner, as we don't
* have it reconstructed at this point. */
int32_t new_ttl_ = get_new_ttl(eh, qry, k->zname, KNOT_RRTYPE_NSEC);
if (new_ttl_ < 0 || !kr_rank_test(eh->rank, KR_RANK_SECURE)) {
if (new_ttl_ < 0 || !kr_rank_test_noassert(eh->rank, KR_RANK_SECURE)) {
return "range search found stale or insecure entry";
/* TODO: remove the stale record *and* retry,
* in case we haven't run off. Perhaps start by in_zone check. */
......
......@@ -132,6 +132,13 @@ static inline bool kr_rank_test(uint8_t rank, uint8_t kr_flag)
/* The rest are exclusive values - exactly one has to be set. */
return (rank & ~KR_RANK_AUTH) == kr_flag;
}
static inline bool kr_rank_test_noassert(uint8_t rank, uint8_t kr_flag)
{ // TODO: copy&paste
if (kr_flag == KR_RANK_AUTH) {
return rank & KR_RANK_AUTH;
}
return (rank & ~KR_RANK_AUTH) == kr_flag;
}
/** Set the rank state. The _AUTH flag is kept as it was. */
static inline void kr_rank_set(uint8_t *rank, uint8_t kr_flag)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment