On Thu, 5 Dec 2019, Paul Wouters via Unbound-users wrote:
Seems sldns_wire2str_ipseckey_scan() was changed from:
int sldns_wire2str_ipseckey_scan(uint8_t** d, size_t* dl, char** s, size_t* sl,
uint8_t* pkt, size_t pktlen)
to:
int sldns_wire2str_ipseckey_scan(uint8_t** d, size_t* dl, char** s, size_t*
sl,
uint8_t* pkt, size_t pktlen, int* comprloop)
But the only call to it was not updated for the added argument comprloop.
It looks like the variable is to prevent infinite cname/dname
loops?
I was wrong :)
Seems to be handling name compression. I guess the variable name "dname"
in the code predates the DNAME RRTYPE :P
Since RFC 4025 for IPSECKEY states:
3 A wire-encoded domain name is present. The wire-encoded format is
self-describing, so the length is implicit. The domain name MUST
NOT be compressed. (See Section 3.3 of RFC 1035 [2].)
I guess we can just pass in an extra 0?
diff -Naur unbound-1.9.6rc1/ipsecmod/ipsecmod.c
unbound-1.9.6rc1-new/ipsecmod/ipsecmod.c
--- unbound-1.9.6rc1/ipsecmod/ipsecmod.c 2019-12-05 10:26:37.000000000
+0000
+++ unbound-1.9.6rc1-new/ipsecmod/ipsecmod.c 2019-12-06 00:07:45.319917335
+0000
@@ -337,7 +337,7 @@
/* Save the buffer pointers. */
tempstring = s; tempstring_len = slen;
w_temp = sldns_wire2str_ipseckey_scan(&tempdata, &tempdata_len,
&s,
- &slen, NULL, 0);
+ &slen, NULL, 0, 0);
/* There was an error when parsing the IPSECKEY; reset the
buffer
* pointers to their previous values. */
if(w_temp == -1) {
diff -Naur unbound-1.9.6rc1/sldns/wire2str.c
unbound-1.9.6rc1-new/sldns/wire2str.c
--- unbound-1.9.6rc1/sldns/wire2str.c 2019-12-05 10:26:37.000000000 +0000
+++ unbound-1.9.6rc1-new/sldns/wire2str.c 2019-12-06 00:08:14.938307559
+0000
@@ -1544,7 +1544,7 @@
static int sldns_wire2str_ipseckey_scan_internal(uint8_t** d, size_t* dl,
char** s, size_t* sl, uint8_t* pkt, size_t pktlen, int* comprloop)
{
- /* http://www.ietf.org/internet-drafts/draft-ietf-ipseckey-rr-12.txt*/
+ /* https://tools.ietf.org/html/rfc4025 */
uint8_t precedence, gateway_type, algorithm;
int w = 0;
Paul
