unbound/unbound-r1657.patch

Index: validator/validator.c
===================================================================
--- validator/validator.c	(revision 1656)
+++ validator/validator.c	(revision 1657)
@@ -251,9 +251,8 @@
 /** 
  * Check to see if a given response needs to go through the validation
  * process. Typical reasons for this routine to return false are: CD bit was
- * on in the original request, the response was already validated, or the
- * response is a kind of message that is unvalidatable (i.e., SERVFAIL,
- * REFUSED, etc.)
+ * on in the original request, or the response is a kind of message that 
+ * is unvalidatable (i.e., SERVFAIL, REFUSED, etc.)
  *
  * @param qstate: query state.
  * @param ret_rc: rcode for this message (if noerror - examine ret_msg).
@@ -292,14 +291,25 @@
 		verbose(VERB_ALGO, "cannot validate RRSIG, no sigs on sigs.");
 		return 0;
 	}
+	return 1;
+}
 
+/**
+ * Check to see if the response has already been validated.
+ * @param ret_msg: return msg, can be NULL
+ * @return true if the response has already been validated
+ */
+static int
+already_validated(struct dns_msg* ret_msg)
+{
 	/* validate unchecked, and re-validate bogus messages */
 	if (ret_msg && ret_msg->rep->security > sec_status_bogus)
 	{
-		verbose(VERB_ALGO, "response has already been validated");
-		return 0;
+		verbose(VERB_ALGO, "response has already been validated: %s",
+			sec_status_to_string(ret_msg->rep->security));
+		return 1;
 	}
-	return 1;
+	return 0;
 }
 
 /**
@@ -1937,6 +1947,10 @@
 			qstate->ext_state[id] = module_finished;
 			return;
 		}
+		if(already_validated(qstate->return_msg)) {
+			qstate->ext_state[id] = module_finished;
+			return;
+		}
 		/* create state to start validation */
 		qstate->ext_state[id] = module_error; /* override this */
 		if(!vq) {
@@ -2397,7 +2411,8 @@
 	}
 	if(msg->rep->security != sec_status_secure) {
 		vq->dlv_status = dlv_error;
-		verbose(VERB_ALGO, "response is not secure");
+		verbose(VERB_ALGO, "response is not secure, %s",
+			sec_status_to_string(msg->rep->security));
 		return;
 	}
 	/* was the lookup a success? validated DLV? */
- Updated to 1.3.0 - Added unbound-python sub package. disabled for now - Patch from svn to fix DLV lookups - Patches from svn to detect wrong truncated response from BIND 9.6.1 with minimal-responses - Added Default-Start and Default-Stop to unbound.init - Re-enabled --enable-sha2 - Re-enabled glob.patch 2009-06-21 04:14:54 +00:00			`Index: validator/validator.c`
			`===================================================================`
			`--- validator/validator.c (revision 1656)`
			`+++ validator/validator.c (revision 1657)`
			`@@ -251,9 +251,8 @@`
			`/**`
			`* Check to see if a given response needs to go through the validation`
			`* process. Typical reasons for this routine to return false are: CD bit was`
			`- * on in the original request, the response was already validated, or the`
			`- * response is a kind of message that is unvalidatable (i.e., SERVFAIL,`
			`- * REFUSED, etc.)`
			`+ * on in the original request, or the response is a kind of message that`
			`+ * is unvalidatable (i.e., SERVFAIL, REFUSED, etc.)`
			`*`
			`* @param qstate: query state.`
			`* @param ret_rc: rcode for this message (if noerror - examine ret_msg).`
			`@@ -292,14 +291,25 @@`
			`verbose(VERB_ALGO, "cannot validate RRSIG, no sigs on sigs.");`
			`return 0;`
			`}`
			`+ return 1;`
			`+}`

			`+/**`
			`+ * Check to see if the response has already been validated.`
			`+ * @param ret_msg: return msg, can be NULL`
			`+ * @return true if the response has already been validated`
			`+ */`
			`+static int`
			`+already_validated(struct dns_msg* ret_msg)`
			`+{`
			`/* validate unchecked, and re-validate bogus messages */`
			`if (ret_msg && ret_msg->rep->security > sec_status_bogus)`
			`{`
			`- verbose(VERB_ALGO, "response has already been validated");`
			`- return 0;`
			`+ verbose(VERB_ALGO, "response has already been validated: %s",`
			`+ sec_status_to_string(ret_msg->rep->security));`
			`+ return 1;`
			`}`
			`- return 1;`
			`+ return 0;`
			`}`

			`/**`
			`@@ -1937,6 +1947,10 @@`
			`qstate->ext_state[id] = module_finished;`
			`return;`
			`}`
			`+ if(already_validated(qstate->return_msg)) {`
			`+ qstate->ext_state[id] = module_finished;`
			`+ return;`
			`+ }`
			`/* create state to start validation */`
			`qstate->ext_state[id] = module_error; /* override this */`
			`if(!vq) {`
			`@@ -2397,7 +2411,8 @@`
			`}`
			`if(msg->rep->security != sec_status_secure) {`
			`vq->dlv_status = dlv_error;`
			`- verbose(VERB_ALGO, "response is not secure");`
			`+ verbose(VERB_ALGO, "response is not secure, %s",`
			`+ sec_status_to_string(msg->rep->security));`
			`return;`
			`}`
			`/* was the lookup a success? validated DLV? */`