Commit c9438ee2 authored by Mark Andrews's avatar Mark Andrews
Browse files

4779. [bug] Expire NTA at the start of the second. Don't update

                        the expiry value if the record has already expired
                        after a successful check. [RT #46368]
parent a59d687d
4779. [bug] Expire NTA at the start of the second. Don't update
the expiry value if the record has already expired
after a successful check. [RT #46368]
4778. [test] Improve synth-from-dnssec testing. [RT #46352] 4778. [test] Improve synth-from-dnssec testing. [RT #46352]
   
4777. [cleanup] Removed a redundant call to configure_view_acl(). 4777. [cleanup] Removed a redundant call to configure_view_acl().
......
...@@ -227,6 +227,7 @@ fetch_done(isc_task_t *task, isc_event_t *event) { ...@@ -227,6 +227,7 @@ fetch_done(isc_task_t *task, isc_event_t *event) {
case DNS_R_NXDOMAIN: case DNS_R_NXDOMAIN:
case DNS_R_NCACHENXRRSET: case DNS_R_NCACHENXRRSET:
case DNS_R_NXRRSET: case DNS_R_NXRRSET:
if (nta->expiry > now)
nta->expiry = now; nta->expiry = now;
break; break;
default: default:
...@@ -458,7 +459,7 @@ dns_ntatable_covered(dns_ntatable_t *ntatable, isc_stdtime_t now, ...@@ -458,7 +459,7 @@ dns_ntatable_covered(dns_ntatable_t *ntatable, isc_stdtime_t now,
} }
if (result == ISC_R_SUCCESS) { if (result == ISC_R_SUCCESS) {
nta = (dns_nta_t *) node->data; nta = (dns_nta_t *) node->data;
answer = ISC_TF(nta->expiry >= now); answer = ISC_TF(nta->expiry > now);
} }
/* Deal with expired NTA */ /* Deal with expired NTA */
...@@ -551,7 +552,7 @@ dns_ntatable_totext(dns_ntatable_t *ntatable, isc_buffer_t **buf) { ...@@ -551,7 +552,7 @@ dns_ntatable_totext(dns_ntatable_t *ntatable, isc_buffer_t **buf) {
snprintf(obuf, sizeof(obuf), "%s%s: %s %s", snprintf(obuf, sizeof(obuf), "%s%s: %s %s",
first ? "" : "\n", nbuf, first ? "" : "\n", nbuf,
n->expiry < now ? "expired" : "expiry", n->expiry <= now ? "expired" : "expiry",
tbuf); tbuf);
first = ISC_FALSE; first = ISC_FALSE;
result = putstr(buf, obuf); result = putstr(buf, obuf);
...@@ -605,7 +606,7 @@ dns_ntatable_dump(dns_ntatable_t *ntatable, FILE *fp) { ...@@ -605,7 +606,7 @@ dns_ntatable_dump(dns_ntatable_t *ntatable, FILE *fp) {
isc_time_set(&t, n->expiry, 0); isc_time_set(&t, n->expiry, 0);
isc_time_formattimestamp(&t, tbuf, sizeof(tbuf)); isc_time_formattimestamp(&t, tbuf, sizeof(tbuf));
fprintf(fp, "%s: %s %s\n", nbuf, fprintf(fp, "%s: %s %s\n", nbuf,
n->expiry < now ? "expired" : "expiry", n->expiry <= now ? "expired" : "expiry",
tbuf); tbuf);
} }
result = dns_rbtnodechain_next(&chain, NULL, NULL); result = dns_rbtnodechain_next(&chain, NULL, NULL);
...@@ -672,7 +673,7 @@ dns_ntatable_save(dns_ntatable_t *ntatable, FILE *fp) { ...@@ -672,7 +673,7 @@ dns_ntatable_save(dns_ntatable_t *ntatable, FILE *fp) {
dns_rbtnodechain_current(&chain, NULL, NULL, &node); dns_rbtnodechain_current(&chain, NULL, NULL, &node);
if (node->data != NULL) { if (node->data != NULL) {
dns_nta_t *n = (dns_nta_t *) node->data; dns_nta_t *n = (dns_nta_t *) node->data;
if (now <= n->expiry) { if (n->expiry > now) {
isc_buffer_t b; isc_buffer_t b;
char nbuf[DNS_NAME_FORMATSIZE + 1], tbuf[80]; char nbuf[DNS_NAME_FORMATSIZE + 1], tbuf[80];
dns_fixedname_t fn; dns_fixedname_t fn;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment