diff options
-rw-r--r-- | src/src/acl.c | 15 | ||||
-rw-r--r-- | src/src/dns.c | 52 | ||||
-rw-r--r-- | src/src/functions.h | 2 | ||||
-rw-r--r-- | src/src/host.c | 8 | ||||
-rw-r--r-- | src/src/structs.h | 16 |
5 files changed, 41 insertions, 52 deletions
diff --git a/src/src/acl.c b/src/src/acl.c index cbf71ae1f..1ac2bee23 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -1283,7 +1283,6 @@ acl_verify_csa(const uschar *domain) { tree_node *t; const uschar *found; -uschar *p; int priority, weight, port; dns_answer dnsa; dns_scan dnss; @@ -1361,14 +1360,13 @@ switch (dns_special_lookup(&dnsa, domain, T_CSA, &found)) /* Scan the reply for well-formed CSA SRV records. */ for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); - rr != NULL; - rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT)) + rr; + rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT)) if (rr->type == T_SRV) { - if (rr->type != T_SRV) continue; + const uschar * p = rr->data; /* Extract the numerical SRV fields (p is incremented) */ - p = rr->data; GETSHORT(priority, p); GETSHORT(weight, p); GETSHORT(port, p); @@ -1387,12 +1385,7 @@ for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); SRV records of their own. */ if (Ustrcmp(found, domain) != 0) - { - if (port & 1) - return t->data.val = CSA_FAIL_EXPLICIT; - else - return t->data.val = CSA_UNKNOWN; - } + return t->data.val = port & 1 ? CSA_FAIL_EXPLICIT : CSA_UNKNOWN; /* This CSA SRV record refers directly to our domain, so we check the value in the weight field to work out the domain's authorization. 0 and 1 are diff --git a/src/src/dns.c b/src/src/dns.c index 575b81560..e02f494e8 100644 --- a/src/src/dns.c +++ b/src/src/dns.c @@ -309,7 +309,7 @@ else Return: TRUE for a bad result */ static BOOL -dnss_inc(dns_answer * dnsa, dns_scan * dnss, unsigned delta) +dnss_inc_aptr(const dns_answer * dnsa, dns_scan * dnss, unsigned delta) { return (dnss->aptr += delta) >= dnsa->answer + dnsa->answerlen; } @@ -332,9 +332,9 @@ Returns: next dns record, or NULL when no more */ dns_record * -dns_next_rr(dns_answer *dnsa, dns_scan *dnss, int reset) +dns_next_rr(const dns_answer *dnsa, dns_scan *dnss, int reset) { -HEADER *h = (HEADER *)dnsa->answer; +const HEADER * h = (const HEADER *)dnsa->answer; int namelen; char * trace = NULL; @@ -363,7 +363,7 @@ if (reset != RESET_NEXT) if (namelen < 0) goto null_return; /* skip name & type & class */ TRACE trace = "Q-skip"; - if (dnss_inc(dnsa, dnss, namelen+4)) goto null_return; + if (dnss_inc_aptr(dnsa, dnss, namelen+4)) goto null_return; } /* Get the number of answer records. */ @@ -392,11 +392,11 @@ if (reset != RESET_NEXT) if (namelen < 0) goto null_return; /* skip name, type, class & TTL */ TRACE trace = "A-hdr"; - if (dnss_inc(dnsa, dnss, namelen+8)) goto null_return; + if (dnss_inc_aptr(dnsa, dnss, namelen+8)) goto null_return; GETSHORT(dnss->srr.size, dnss->aptr); /* size of data portion */ /* skip over it */ TRACE trace = "A-skip"; - if (dnss_inc(dnsa, dnss, dnss->srr.size)) goto null_return; + if (dnss_inc_aptr(dnsa, dnss, dnss->srr.size)) goto null_return; } dnss->rrcount = reset == RESET_AUTHORITY ? ntohs(h->nscount) : ntohs(h->arcount); @@ -423,11 +423,11 @@ if (namelen < 0) goto null_return; from the following bytes. */ TRACE trace = "R-name"; -if (dnss_inc(dnsa, dnss, namelen)) goto null_return; +if (dnss_inc_aptr(dnsa, dnss, namelen)) goto null_return; GETSHORT(dnss->srr.type, dnss->aptr); /* Record type */ TRACE trace = "R-class"; -if (dnss_inc(dnsa, dnss, 2)) goto null_return; /* Don't want class */ +if (dnss_inc_aptr(dnsa, dnss, 2)) goto null_return; /* Don't want class */ GETLONG(dnss->srr.ttl, dnss->aptr); /* TTL */ GETSHORT(dnss->srr.size, dnss->aptr); /* Size of data portion */ dnss->srr.data = dnss->aptr; /* The record's data follows */ @@ -466,12 +466,12 @@ dns_extract_auth_name(const dns_answer * dnsa) /* FIXME: const dns_answer */ { dns_scan dnss; dns_record * rr; -HEADER * h = (HEADER *) dnsa->answer; +const HEADER * h = (const HEADER *) dnsa->answer; if (!h->nscount || !h->aa) return NULL; -for (rr = dns_next_rr((dns_answer*) dnsa, &dnss, RESET_AUTHORITY); +for (rr = dns_next_rr(dnsa, &dnss, RESET_AUTHORITY); rr; - rr = dns_next_rr((dns_answer*) dnsa, &dnss, RESET_NEXT)) + rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == (h->ancount ? T_NS : T_SOA)) return rr->name; return NULL; } @@ -499,7 +499,7 @@ DEBUG(D_dns) debug_printf("DNSSEC support disabled at build-time; dns_is_secure() false\n"); return FALSE; #else -HEADER * h = (HEADER *) dnsa->answer; +const HEADER * h = (const HEADER *) dnsa->answer; const uschar * auth_name; const uschar * trusted; @@ -550,7 +550,7 @@ dns_is_aa(const dns_answer *dnsa) #ifdef DISABLE_DNSSEC return FALSE; #else -return ((HEADER*)dnsa->answer)->aa; +return ((const HEADER*)dnsa->answer)->aa; #endif } @@ -874,7 +874,8 @@ for (i = 0; i < 10; i++) /* DNS lookup failures get passed straight back. */ - if ((rc = dns_basic_lookup(dnsa, name, type)) != DNS_SUCCEED) return rc; + if ((rc = dns_basic_lookup(dnsa, name, type)) != DNS_SUCCEED) + return rc; /* We should have either records of the required type, or a CNAME record, or both. We need to know whether both exist for getting the fully qualified @@ -886,22 +887,21 @@ for (i = 0; i < 10; i++) for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) - { if (rr->type == type) { if (type_rr.data == NULL) type_rr = *rr; if (cname_rr.data != NULL) break; } - else if (rr->type == T_CNAME) cname_rr = *rr; - } + else if (rr->type == T_CNAME) + cname_rr = *rr; /* For the first time round this loop, if a CNAME was found, take the fully qualified name from it; otherwise from the first data record, if present. */ - if (i == 0 && fully_qualified_name != NULL) + if (i == 0 && fully_qualified_name) { - uschar * rr_name = cname_rr.data ? cname_rr.name - : type_rr.data ? type_rr.name : NULL; + uschar * rr_name = cname_rr.data + ? cname_rr.name : type_rr.data ? type_rr.name : NULL; if ( rr_name && Ustrcmp(rr_name, *fully_qualified_name) != 0 && rr_name[0] != '*' @@ -933,9 +933,8 @@ for (i = 0; i < 10; i++) return DNS_FAIL; data = store_get(256); - datalen = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, - cname_rr.data, (DN_EXPAND_ARG4_TYPE)data, 256); - if (datalen < 0) + if ((datalen = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, + cname_rr.data, (DN_EXPAND_ARG4_TYPE)data, 256)) < 0) return DNS_FAIL; name = data; @@ -1083,7 +1082,7 @@ switch (type) success and packet length return values.) For added safety we only reset the packet length if the packet header looks plausible. */ - HEADER *h = (HEADER *)dnsa->answer; + const HEADER * h = (const HEADER *)dnsa->answer; if (h->qr == 1 && h->opcode == QUERY && h->tc == 0 && (h->rcode == NOERROR || h->rcode == NXDOMAIN) && ntohs(h->qdcount) == 1 && ntohs(h->ancount) == 0 @@ -1128,12 +1127,11 @@ switch (type) for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr; - rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) + rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == T_SRV) { - if (rr->type != T_SRV) continue; + const uschar * p = rr->data; /* Extract the numerical SRV fields (p is incremented) */ - p = rr->data; GETSHORT(priority, p); GETSHORT(weight, p); weight = weight; /* compiler quietening */ GETSHORT(port, p); diff --git a/src/src/functions.h b/src/src/functions.h index 05386d105..cc4e22b2e 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -158,7 +158,7 @@ extern BOOL dns_is_secure(const dns_answer *); extern int dns_lookup(dns_answer *, const uschar *, int, const uschar **); extern void dns_pattern_init(void); extern int dns_special_lookup(dns_answer *, const uschar *, int, const uschar **); -extern dns_record *dns_next_rr(dns_answer *, dns_scan *, int); +extern dns_record *dns_next_rr(const dns_answer *, dns_scan *, int); extern uschar *dns_text_type(int); extern void dscp_list_to_stream(FILE *); extern BOOL dscp_lookup(const uschar *, int, int *, int *, int *); diff --git a/src/src/host.c b/src/src/host.c index 7fda13d3c..25dab2bb8 100644 --- a/src/src/host.c +++ b/src/src/host.c @@ -2777,17 +2777,15 @@ host which is not the primary hostname. */ last = NULL; /* Indicates that not even the first item is filled yet */ for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); - rr != NULL; - rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT)) + rr; + rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT)) if (rr->type == ind_type) { int precedence; int weight = 0; /* For SRV records */ int port = PORT_NONE; - uschar *s; /* MUST be unsigned for GETSHORT */ + const uschar * s = rr->data; /* MUST be unsigned for GETSHORT */ uschar data[256]; - if (rr->type != ind_type) continue; - s = rr->data; GETSHORT(precedence, s); /* Pointer s is advanced */ /* For MX records, we use a random "weight" which causes multiple records of diff --git a/src/src/structs.h b/src/src/structs.h index 179ce58de..12d714f28 100644 --- a/src/src/structs.h +++ b/src/src/structs.h @@ -731,11 +731,11 @@ typedef struct search_cache { uncompressed, but the data pointer is into the raw data. */ typedef struct { - uschar name[DNS_MAXNAME]; /* domain name */ - int type; /* record type */ - unsigned short ttl; /* time-to-live, seconds */ - int size; /* size of data */ - uschar *data; /* pointer to data */ + uschar name[DNS_MAXNAME]; /* domain name */ + int type; /* record type */ + unsigned short ttl; /* time-to-live, seconds */ + int size; /* size of data */ + const uschar *data; /* pointer to data */ } dns_record; /* Structure for holding the result of a DNS query. */ @@ -749,9 +749,9 @@ typedef struct { block. */ typedef struct { - int rrcount; /* count of RRs in the answer */ - uschar *aptr; /* pointer in the answer while scanning */ - dns_record srr; /* data from current record in scan */ + int rrcount; /* count of RRs in the answer */ + const uschar *aptr; /* pointer in the answer while scanning */ + dns_record srr; /* data from current record in scan */ } dns_scan; /* Structure for holding a chain of IP addresses that are extracted from |