lib/zonecut: kr_zonecut_set() does not reset TA and DNSKEY

The trust anchor and keys are not changed in order not to disrupt packet validation.

lib/zonecut: kr_zonecut_set() does not reset TA and DNSKEY
The trust anchor and keys are not changed in order not to disrupt packet validation.
3638f234 · Karel Slaný · 0b12cb32 · 3638f234 · 3638f234 · 3638f234
Commit 3638f234 authored 9 years ago by Karel Slaný
--- a/lib/layer/validate.c
+++ b/lib/layer/validate.c
@@ -540,7 +540,11 @@ static int validate_section(struct kr_query *qry, knot_pkt_t *answer,
 			}
 		}
 		/* Validate RRSet. */
-		ret = kr_rrset_validate(sec, covered, qry->zone_cut.key, qry->zone_cut.name, qry->timestamp.tv_sec);
+		/* Can't use qry->zone_cut.name directly, as this name can
+		 * change when updating cut information before validation.
+		 */
+		const knot_dname_t *zone_name = qry->zone_cut.key ? qry->zone_cut.key->owner : NULL;
+		ret = kr_rrset_validate(sec, covered, qry->zone_cut.key, zone_name, qry->timestamp.tv_sec);
 		if (ret != 0) {
 			break;
 		}

--- a/lib/zonecut.c
+++ b/lib/zonecut.c
@@ -105,8 +105,13 @@ void kr_zonecut_set(struct kr_zonecut *cut, const knot_dname_t *name)
 	if (!cut || !name) {
 		return;
 	}
+	knot_rrset_t *key, *ta;
+	key = cut->key; cut->key = NULL;
+	ta = cut->trust_anchor; cut->trust_anchor = NULL;
 	kr_zonecut_deinit(cut);
 	kr_zonecut_init(cut, name, cut->pool);
+	cut->key = key;
+	cut->trust_anchor = ta;
 }

 static int copy_addr_set(const char *k, void *v, void *baton)

--- a/lib/zonecut.h
+++ b/lib/zonecut.h
@@ -51,7 +51,7 @@ void kr_zonecut_deinit(struct kr_zonecut *cut);

 /**
 * Reset zone cut to given name and clear address list.
- * @note This clears the address list even if the name doesn't change.
+ * @note This clears the address list even if the name doesn't change. TA and DNSKEY don't change.
 * @param cut  zone cut to be set
 * @param name new zone cut name
 */