From a7c37c1ac477408177f26f15191c0b68ea4ad7e0 Mon Sep 17 00:00:00 2001
From: Jan Kadlec <jan.kadlec@nic.cz>
Date: Mon, 17 Mar 2014 14:53:37 +0100
Subject: [PATCH] DNSSEC: fixed NSEC3 chain creation code.

- nodes were marked as empty, but the information was never used ...
- renamed one function for clarity.
---
 src/knot/dnssec/nsec-chain.c  | 4 ++--
 src/knot/dnssec/nsec-chain.h  | 2 +-
 src/knot/dnssec/nsec3-chain.c | 7 +++----
 3 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/knot/dnssec/nsec-chain.c b/src/knot/dnssec/nsec-chain.c
index 9b0429c32..c353fef7d 100644
--- a/src/knot/dnssec/nsec-chain.c
+++ b/src/knot/dnssec/nsec-chain.c
@@ -107,7 +107,7 @@ static int connect_nsec_nodes(knot_node_t *a, knot_node_t *b,
 	 * just remove the NSEC and its RRSIG, they are redundant
 	 */
 	if (old_next_nsec != NULL
-	    && knot_nsec_only_nsec_and_rrsigs_in_node(b)) {
+	    && knot_nsec_empty_nsec_and_rrsigs_in_node(b)) {
 		ret = knot_nsec_changeset_remove(b, data->changeset);
 		if (ret != KNOT_EOK) {
 			return ret;
@@ -277,7 +277,7 @@ int knot_nsec_changeset_remove(const knot_node_t *n,
  * \brief Checks whether the node is empty or eventually contains only NSEC and
  *        RRSIGs.
  */
-bool knot_nsec_only_nsec_and_rrsigs_in_node(const knot_node_t *n)
+bool knot_nsec_empty_nsec_and_rrsigs_in_node(const knot_node_t *n)
 {
 	assert(n);
 	const knot_rrset_t **rrsets = knot_node_rrsets_no_copy(n);
diff --git a/src/knot/dnssec/nsec-chain.h b/src/knot/dnssec/nsec-chain.h
index e4bce7004..a21c68371 100644
--- a/src/knot/dnssec/nsec-chain.h
+++ b/src/knot/dnssec/nsec-chain.h
@@ -109,7 +109,7 @@ int knot_nsec_changeset_remove(const knot_node_t *n,
  * \retval true if the node is empty or contains only NSEC and RRSIGs.
  * \retval false otherwise.
  */
-bool knot_nsec_only_nsec_and_rrsigs_in_node(const knot_node_t *n);
+bool knot_nsec_empty_nsec_and_rrsigs_in_node(const knot_node_t *n);
 
 /*!
  * \brief Create new NSEC chain, add differences from current into a changeset.
diff --git a/src/knot/dnssec/nsec3-chain.c b/src/knot/dnssec/nsec3-chain.c
index 7b94d7c22..d085f186b 100644
--- a/src/knot/dnssec/nsec3-chain.c
+++ b/src/knot/dnssec/nsec3-chain.c
@@ -447,8 +447,7 @@ static int create_nsec3_nodes(const knot_zone_contents_t *zone, uint32_t ttl,
 		if (knot_node_rrset(node, KNOT_RRTYPE_NSEC)) {
 			knot_node_set_removed_nsec(node);
 		}
-
-		if (knot_node_is_non_auth(node)) {
+		if (knot_node_is_non_auth(node) || knot_node_is_empty(node)) {
 			hattrie_iter_next(it);
 			continue;
 		}
@@ -490,7 +489,7 @@ static bool nsec3_is_empty(knot_node_t *node)
 		return false;
 	}
 
-	return knot_nsec_only_nsec_and_rrsigs_in_node(node);
+	return knot_nsec_empty_nsec_and_rrsigs_in_node(node);
 }
 
 /*!
@@ -514,7 +513,7 @@ static int nsec3_mark_empty(knot_node_t **node_p, void *data)
 
 		if (node->parent) {
 			/* We must decrease the parent's children count,
-			 * but only temporarily! It must be set right after
+			 * but only temporarily! It must be set back right after
 			 * the operation
 			 */
 			node->parent->children--;
-- 
GitLab