[PATCH] A few small ones around DNS

Volker Lendecke Volker.Lendecke at SerNet.DE
Fri Jun 1 06:00:36 UTC 2018


Hi!

Review appreciated!

Thanks, Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From e2ef1771ebe8b6f59f4d077d18c323772965072d Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 30 May 2018 17:24:35 +0200
Subject: [PATCH 1/5] dnsupdate: Fix a typo

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source4/scripting/bin/samba_dnsupdate | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate
index 508bd5346bd..2d3fedefbc5 100755
--- a/source4/scripting/bin/samba_dnsupdate
+++ b/source4/scripting/bin/samba_dnsupdate
@@ -495,7 +495,7 @@ def call_nsupdate(d, op="add"):
         # Now find the SOA, or if we can't get a ticket to the SOA,
         # any server with an NS record we can get a ticket for.
         #
-        # Thanks to the Kerberos Crednetials cache this is not
+        # Thanks to the Kerberos Credentials cache this is not
         # expensive inside the loop
         server = get_krb5_rw_dns_server(creds, zone)
         f.write('server %s\n' % server)
-- 
2.11.0


From c80fcbe4bcea25842acda2e668a50cd12ead9962 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 31 May 2018 20:56:31 +0200
Subject: [PATCH 2/5] dns: Simplify logic a bit

We've done an early return if (!found_tsig) a few lines before.

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source4/dns_server/dns_crypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source4/dns_server/dns_crypto.c b/source4/dns_server/dns_crypto.c
index 0be9b8209aa..c8b5c46ad30 100644
--- a/source4/dns_server/dns_crypto.c
+++ b/source4/dns_server/dns_crypto.c
@@ -123,7 +123,7 @@ WERROR dns_verify_tsig(struct dns_server *dns,
 	}
 
 	/* The TSIG record needs to be the last additional record */
-	if (found_tsig && i + 1 != packet->arcount) {
+	if (i + 1 != packet->arcount) {
 		DEBUG(1, ("TSIG record not the last additional record!\n"));
 		return DNS_ERR(FORMAT_ERROR);
 	}
-- 
2.11.0


From 68e6ffe90e578184e022d197be7023970fa1c38a Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 31 May 2018 20:57:36 +0200
Subject: [PATCH 3/5] dns: Simplify logic a bit

We don't need a separate boolean variable

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source4/dns_server/dns_crypto.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/source4/dns_server/dns_crypto.c b/source4/dns_server/dns_crypto.c
index c8b5c46ad30..740e1e4dd53 100644
--- a/source4/dns_server/dns_crypto.c
+++ b/source4/dns_server/dns_crypto.c
@@ -100,7 +100,6 @@ WERROR dns_verify_tsig(struct dns_server *dns,
 	WERROR werror;
 	NTSTATUS status;
 	enum ndr_err_code ndr_err;
-	bool found_tsig = false;
 	uint16_t i, arcount = 0;
 	DATA_BLOB tsig_blob, fake_tsig_blob, sig;
 	uint8_t *buffer = NULL;
@@ -113,12 +112,12 @@ WERROR dns_verify_tsig(struct dns_server *dns,
 	/* Find the first TSIG record in the additional records */
 	for (i=0; i < packet->arcount; i++) {
 		if (packet->additional[i].rr_type == DNS_QTYPE_TSIG) {
-			found_tsig = true;
 			break;
 		}
 	}
 
-	if (!found_tsig) {
+	if (i == packet->arcount) {
+		/* no TSIG around */
 		return WERR_OK;
 	}
 
-- 
2.11.0


From f74bf72154cccb94ea74a29e17690e218d5874f5 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 31 May 2018 21:11:16 +0200
Subject: [PATCH 4/5] dns: TALLOC_FREE already checks for !=NULL

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source4/dns_server/dns_query.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c
index f1facc83125..dfcba6e094a 100644
--- a/source4/dns_server/dns_query.c
+++ b/source4/dns_server/dns_query.c
@@ -721,9 +721,7 @@ static NTSTATUS create_tkey(struct dns_server *dns,
 		return status;
 	}
 
-	if (store->tkeys[store->next_idx] != NULL) {
-		TALLOC_FREE(store->tkeys[store->next_idx]);
-	}
+	TALLOC_FREE(store->tkeys[store->next_idx]);
 
 	store->tkeys[store->next_idx] = k;
 	(store->next_idx)++;
-- 
2.11.0


From efd7fa840cf2a6bdcc1fd5917ee9daa0710e401b Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 31 May 2018 21:16:21 +0200
Subject: [PATCH 5/5] dns: Check for talloc_memdup failure

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source4/dns_server/dns_query.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c
index dfcba6e094a..923f7233eb9 100644
--- a/source4/dns_server/dns_query.c
+++ b/source4/dns_server/dns_query.c
@@ -869,6 +869,9 @@ static WERROR handle_tkey(struct dns_server *dns,
 			ret_tkey->rdata.tkey_record.key_data = talloc_memdup(ret_tkey,
 								reply.data,
 								reply.length);
+			if (ret_tkey->rdata.tkey_record.key_data == NULL) {
+				return WERR_NOT_ENOUGH_MEMORY;
+			}
 			state->sign = true;
 			state->key_name = talloc_strdup(state->mem_ctx, tkey->name);
 			if (state->key_name == NULL) {
-- 
2.11.0



More information about the samba-technical mailing list