Commit 0b00e666 authored by Daniel Salzman's avatar Daniel Salzman

tsig: fix packet reservation size

Maximum TSIG wire size is reached only in empty error response with BADTIME.
In most cases reservation of such a size led to early truncation.
parent 6fb2a395
/* Copyright (C) 2016 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
/* Copyright (C) 2017 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -197,7 +197,7 @@ int axfr_process_query(knot_pkt_t *pkt, struct query_data *qdata)
}
/* Reserve space for TSIG. */
knot_pkt_reserve(pkt, knot_tsig_wire_maxsize(&qdata->sign.tsig_key));
knot_pkt_reserve(pkt, knot_tsig_wire_size(&qdata->sign.tsig_key));
/* Answer current packet (or continue). */
struct axfr_proc *axfr = (struct axfr_proc *)qdata->ext;
......
/* Copyright (C) 2016 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
/* Copyright (C) 2017 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -690,7 +690,7 @@ int internet_process_query(knot_pkt_t *pkt, struct query_data *qdata)
NS_NEED_AUTH(qdata, qdata->zone->name, ACL_ACTION_NONE);
/* Reserve space for TSIG. */
knot_pkt_reserve(pkt, knot_tsig_wire_maxsize(&qdata->sign.tsig_key));
knot_pkt_reserve(pkt, knot_tsig_wire_size(&qdata->sign.tsig_key));
}
NS_NEED_ZONE_CONTENTS(qdata, KNOT_RCODE_SERVFAIL); /* Expired */
......
......@@ -275,7 +275,7 @@ static int ixfr_answer_soa(knot_pkt_t *pkt, struct query_data *qdata)
}
/* Reserve space for TSIG. */
knot_pkt_reserve(pkt, knot_tsig_wire_maxsize(&qdata->sign.tsig_key));
knot_pkt_reserve(pkt, knot_tsig_wire_size(&qdata->sign.tsig_key));
/* Guaranteed to have zone contents. */
const zone_node_t *apex = qdata->zone->contents->apex;
......@@ -331,7 +331,7 @@ int ixfr_process_query(knot_pkt_t *pkt, struct query_data *qdata)
}
/* Reserve space for TSIG. */
knot_pkt_reserve(pkt, knot_tsig_wire_maxsize(&qdata->sign.tsig_key));
knot_pkt_reserve(pkt, knot_tsig_wire_size(&qdata->sign.tsig_key));
/* Answer current packet (or continue). */
ret = xfr_process_list(pkt, &ixfr_process_changeset, qdata);
......
/* Copyright (C) 2015 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
/* Copyright (C) 2017 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -63,7 +63,7 @@ int notify_process_query(knot_pkt_t *pkt, struct query_data *qdata)
}
/* Reserve space for TSIG. */
knot_pkt_reserve(pkt, knot_tsig_wire_maxsize(&qdata->sign.tsig_key));
knot_pkt_reserve(pkt, knot_tsig_wire_size(&qdata->sign.tsig_key));
/* SOA RR in answer may be included, recover serial. */
zone_t *zone = (zone_t *)qdata->zone;
......
/* Copyright (C) 2015 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
/* Copyright (C) 2017 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -64,7 +64,7 @@ int sign_packet(knot_pkt_t *pkt, sign_context_t *sign_ctx)
size_t *wire_size = &pkt->size;
size_t max_size = pkt->max_size;
knot_pkt_reserve(pkt, knot_tsig_wire_maxsize(sign_ctx->tsig_key));
knot_pkt_reserve(pkt, knot_tsig_wire_size(sign_ctx->tsig_key));
return knot_tsig_sign(wire, wire_size, max_size, NULL, 0,
sign_ctx->digest, &sign_ctx->digest_size,
......
/* Copyright (C) 2013 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
/* Copyright (C) 2017 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -114,7 +114,7 @@ int main(int argc, char *argv[])
tsig_key.name = dnames[0];
tsig_key.secret.data = (uint8_t *)strdup(tsig_secret);
tsig_key.secret.size = strlen(tsig_secret);
ret = knot_pkt_reserve(out, knot_tsig_wire_maxsize(&tsig_key));
ret = knot_pkt_reserve(out, knot_tsig_wire_size(&tsig_key));
ok(ret == KNOT_EOK, "pkt: set TSIG key");
/* Write question. */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment