From f91dc2400dc33e9a0745ecaaef7489af116dca38 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 2 Dec 2015 20:53:10 +0100 Subject: resolved: store DNSKEY fields flags+protocol as-is When verifying signatures we need to be able to verify the original data we got for an RR set, and that means we cannot simply drop flags bits or consider RRs invalid too eagerly. Hence, instead of parsing the DNSKEY flags store them as-is. Similar, accept the protocol field as it is, and don't consider it a parsing error if it is not 3. Of course, this means that the DNSKEY handling code later on needs to check explicit for protocol != 3. --- src/resolve/resolved-dns-packet.h | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) (limited to 'src/resolve/resolved-dns-packet.h') diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h index d26f77adbe..16a38e5361 100644 --- a/src/resolve/resolved-dns-packet.h +++ b/src/resolve/resolved-dns-packet.h @@ -223,15 +223,11 @@ DnsProtocol dns_protocol_from_string(const char *s) _pure_; #define LLMNR_MULTICAST_IPV4_ADDRESS ((struct in_addr) { .s_addr = htobe32(224U << 24 | 252U) }) #define LLMNR_MULTICAST_IPV6_ADDRESS ((struct in6_addr) { .s6_addr = { 0xFF, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x03 } }) -#define DNSKEY_FLAG_ZONE_KEY (1u << 8) -#define DNSKEY_FLAG_SEP (1u << 0) +#define DNSKEY_FLAG_ZONE_KEY (UINT16_C(1) << 8) +#define DNSKEY_FLAG_SEP (UINT16_C(1) << 0) -static inline uint16_t dnskey_to_flags(const DnsResourceRecord *rr) { - return (rr->dnskey.zone_key_flag * DNSKEY_FLAG_ZONE_KEY | - rr->dnskey.sep_flag * DNSKEY_FLAG_SEP); -} - -/* http://tools.ietf.org/html/rfc4034#appendix-A.1 */ +/* http://tools.ietf.org/html/rfc4034#appendix-A.1 and + * https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */ enum { DNSSEC_ALGORITHM_RSAMD5 = 1, DNSSEC_ALGORITHM_DH, -- cgit v1.2.3-54-g00ecf