diff --git a/pdns/axfr-retriever.cc b/pdns/axfr-retriever.cc index 17891bf6ab64..6b87f5bd968f 100644 --- a/pdns/axfr-retriever.cc +++ b/pdns/axfr-retriever.cc @@ -148,9 +148,11 @@ int AXFRRetriever::getChunk(Resolver::res_t &res, vector* records, ui err = parseResult(mdp, DNSName(), 0, 0, &res); if (!err) { - for(const auto& answer : mdp.d_answers) - if (answer.d_type == QType::SOA) + for(const auto& answer : mdp.d_answers) { + if (answer.d_type == QType::SOA) { d_soacount++; + } + } } } else { diff --git a/pdns/dnsreplay.cc b/pdns/dnsreplay.cc index 6426fba6ed39..d7a87d1c1856 100644 --- a/pdns/dnsreplay.cc +++ b/pdns/dnsreplay.cc @@ -241,9 +241,11 @@ static void WeOrigSlowQueriesDelta(int& weOutstanding, int& origOutstanding, int static void compactAnswerSet(MOADNSParser::answers_t orig, set& compacted) { - for(MOADNSParser::answers_t::const_iterator i=orig.begin(); i != orig.end(); ++i) - if(i->d_place==DNSResourceRecord::ANSWER) - compacted.insert(*i); + for (const auto& rec : orig) { + if (rec.d_place == DNSResourceRecord::ANSWER) { + compacted.insert(rec); + } + } } static bool isRcodeOk(int rcode) @@ -261,10 +263,12 @@ static bool isRootReferral(const MOADNSParser::answers_t& answers) bool ok=true; for(MOADNSParser::answers_t::const_iterator iter = answers.begin(); iter != answers.end(); ++iter) { // cerr<<(int)iter->d_place<<", "<d_name<<" "<d_type<<", # "<d_place!=2) - ok=false; - if(!iter->d_name.isRoot() || iter->d_type!=QType::NS) - ok=false; + if (iter->d_place != 2) { + ok = false; + } + if (!iter->d_name.isRoot() || iter->d_type != QType::NS) { + ok = false; + } } return ok; } diff --git a/pdns/ixfr.cc b/pdns/ixfr.cc index 0a7ee6d593d5..09d5d9a9f215 100644 --- a/pdns/ixfr.cc +++ b/pdns/ixfr.cc @@ -263,36 +263,33 @@ vector, vector>> getIXFRDeltas(const ComboAddr throw std::runtime_error("The first record of the IXFR answer for zone '"+zone.toLogString()+"' from primary '"+primary.toStringWithPort()+"' is not a SOA ("+QType(r.d_type).toString()+")"); } - auto sr = getRR(r); - if (!sr) { + auto soaRecord = getRR(r); + if (!soaRecord) { throw std::runtime_error("Error getting the content of the first SOA record of the IXFR answer for zone '"+zone.toLogString()+"' from primary '"+primary.toStringWithPort()+"'"); } - if(sr->d_st.serial == getRR(oursr)->d_st.serial) { + if(soaRecord->d_st.serial == getRR(oursr)->d_st.serial) { // we are up to date return ret; } - primarySOA = std::move(sr); + primarySOA = std::move(soaRecord); ++primarySOACount; } else if (r.d_type == QType::SOA) { - auto sr = getRR(r); - if (!sr) { + auto soaRecord = getRR(r); + if (!soaRecord) { throw std::runtime_error("Error getting the content of SOA record of IXFR answer for zone '"+zone.toLogString()+"' from primary '"+primary.toStringWithPort()+"'"); } // we hit a marker SOA record - if (primarySOA->d_st.serial == sr->d_st.serial) { + if (primarySOA->d_st.serial == soaRecord->d_st.serial) { ++primarySOACount; } } // When we see the 2nd record, we can decide what the style is if (records.size() == 1 && style == Unknown) { - if (r.d_type != QType::SOA) { - // Non-empty AXFR style has a non-SOA record following the first SOA - style = AXFR; - } - else if (primarySOACount == expectedSOAForAXFR) { - // Empty zone AXFR style: start SOA is immediately followed by end marker SOA + if (r.d_type != QType::SOA || primarySOACount == expectedSOAForAXFR) { + // 1. Non-empty AXFR style has a non-SOA record following the first SOA + // 2. Empty zone AXFR style: start SOA is immediately followed by end marker SOA style = AXFR; } else { @@ -302,11 +299,13 @@ vector, vector>> getIXFRDeltas(const ComboAddr } if(r.d_place != DNSResourceRecord::ANSWER) { - if(r.d_type == QType::TSIG) + if (r.d_type == QType::TSIG) { continue; + } - if(r.d_type == QType::OPT) + if (r.d_type == QType::OPT) { continue; + } throw std::runtime_error("Unexpected record (" +QType(r.d_type).toString()+") in non-answer section ("+std::to_string(r.d_place)+") in IXFR response for zone '"+zone.toLogString()+"' from primary '"+primary.toStringWithPort()); } diff --git a/pdns/ixfrdist.cc b/pdns/ixfrdist.cc index bbac3d6f9707..61eb200ef10a 100644 --- a/pdns/ixfrdist.cc +++ b/pdns/ixfrdist.cc @@ -1224,8 +1224,8 @@ static void tcpWorker(int tid) { for (auto &answer : mdp.d_answers) { // from dnsparser.hh: // typedef vector > answers_t; - if (answer.first.d_type == QType::SOA && answer.first.d_place == DNSResourceRecord::AUTHORITY) { - clientSOA = getRR(answer.first); + if (answer.d_type == QType::SOA && answer.d_place == DNSResourceRecord::AUTHORITY) { + clientSOA = getRR(answer); if (clientSOA != nullptr) { break; } diff --git a/pdns/nsec3dig.cc b/pdns/nsec3dig.cc index ea5a1fb8eb4c..a5d6dcb5ecd7 100644 --- a/pdns/nsec3dig.cc +++ b/pdns/nsec3dig.cc @@ -171,16 +171,16 @@ try { // cerr<<"got nsec3 ["<first.d_name<<"]"<first.d_content->getZoneRepresentation()<(*i); - if (!r) { + const auto nsec3Record = getRR(*i); + if (!nsec3Record) { continue; } // nsec3.insert(new nsec3() // cerr<d_name.getRawLabel(0)), toBase32Hex(r->d_nexthash)); - nsec3salt = r->d_salt; - nsec3iters = r->d_iterations; - nsec3t.emplace(toLower(i->d_name.getRawLabel(0)), r->numberOfTypesSet()); + nsec3s.emplace(toLower(i->d_name.getRawLabel(0)), toBase32Hex(nsec3Record->d_nexthash)); + nsec3salt = nsec3Record->d_salt; + nsec3iters = nsec3Record->d_iterations; + nsec3t.emplace(toLower(i->d_name.getRawLabel(0)), nsec3Record->numberOfTypesSet()); } else { diff --git a/pdns/rfc2136handler.cc b/pdns/rfc2136handler.cc index 0b6713fb5d77..be4d78f5c127 100644 --- a/pdns/rfc2136handler.cc +++ b/pdns/rfc2136handler.cc @@ -768,13 +768,14 @@ int PacketHandler::processUpdate(DNSPacket& packet) { // NOLINT(readability-func // Check if all the records provided are within the zone for(const auto & answer : mdp.d_answers) { - const DNSRecord *rr = &answer; + const DNSRecord *dnsRecord = &answer; // Skip this check for other field types (like the TSIG - which is in the additional section) // For a TSIG, the label is the dnskey, so it does not pass the endOn validation. - if (! (rr->d_place == DNSResourceRecord::ANSWER || rr->d_place == DNSResourceRecord::AUTHORITY)) + if (dnsRecord->d_place != DNSResourceRecord::ANSWER && dnsRecord->d_place != DNSResourceRecord::AUTHORITY) { continue; + } - if (!rr->d_name.isPartOf(di.zone)) { + if (!dnsRecord->d_name.isPartOf(di.zone)) { g_log<d_place == DNSResourceRecord::ANSWER) { - int res = checkUpdatePrerequisites(rr, &di); + const DNSRecord *dnsRecord = &answer; + if (dnsRecord->d_place == DNSResourceRecord::ANSWER) { + int res = checkUpdatePrerequisites(dnsRecord, &di); if (res>0) { - g_log<d_name<<", returning "<d_name<<", returning "<abortTransaction(); return res; } @@ -807,16 +808,17 @@ int PacketHandler::processUpdate(DNSPacket& packet) { // NOLINT(readability-func typedef std::map RRsetMap_t; RRsetMap_t preReqRRsets; for(const auto& i: mdp.d_answers) { - const DNSRecord* rr = &i; - if (rr->d_place == DNSResourceRecord::ANSWER) { + const DNSRecord* dnsRecord = &i; + if (dnsRecord->d_place == DNSResourceRecord::ANSWER) { // Last line of 3.2.3 - if (rr->d_class != QClass::IN && rr->d_class != QClass::NONE && rr->d_class != QClass::ANY) + if (dnsRecord->d_class != QClass::IN && dnsRecord->d_class != QClass::NONE && dnsRecord->d_class != QClass::ANY) { return RCode::FormErr; + } - if (rr->d_class == QClass::IN) { - rrSetKey_t key = {rr->d_name, QType(rr->d_type)}; + if (dnsRecord->d_class == QClass::IN) { + rrSetKey_t key = {dnsRecord->d_name, QType(dnsRecord->d_type)}; rrVector_t *vec = &preReqRRsets[key]; - vec->push_back(DNSResourceRecord::fromWire(*rr)); + vec->push_back(DNSResourceRecord::fromWire(*dnsRecord)); } } } @@ -855,9 +857,9 @@ int PacketHandler::processUpdate(DNSPacket& packet) { // NOLINT(readability-func uint changedRecords = 0; // 3.4.1 - Prescan section for(const auto & answer : mdp.d_answers) { - const DNSRecord *rr = &answer; - if (rr->d_place == DNSResourceRecord::AUTHORITY) { - int res = checkUpdatePrescan(rr); + const DNSRecord *dnsRecord = &answer; + if (dnsRecord->d_place == DNSResourceRecord::AUTHORITY) { + int res = checkUpdatePrescan(dnsRecord); if (res>0) { g_log<abortTransaction(); @@ -901,29 +903,30 @@ int PacketHandler::processUpdate(DNSPacket& packet) { // NOLINT(readability-func vector cnamesToAdd, nonCnamesToAdd; for(const auto & answer : mdp.d_answers) { - const DNSRecord *rr = &answer; - if (rr->d_place == DNSResourceRecord::AUTHORITY) { + const DNSRecord *dnsRecord = &answer; + if (dnsRecord->d_place == DNSResourceRecord::AUTHORITY) { /* see if it's permitted by policy */ if (this->d_update_policy_lua != nullptr) { - if (!this->d_update_policy_lua->updatePolicy(rr->d_name, QType(rr->d_type), di.zone, packet)) { - g_log<d_name << "/" << QType(rr->d_type).toString() << ": Not permitted by policy"<d_update_policy_lua->updatePolicy(dnsRecord->d_name, QType(dnsRecord->d_type), di.zone, packet)) { + g_log<d_name << "/" << QType(dnsRecord->d_type).toString() << ": Not permitted by policy"<d_name << "/" << QType(rr->d_type).toString() << ": Permitted by policy"<d_name << "/" << QType(dnsRecord->d_type).toString() << ": Permitted by policy"<d_class == QClass::NONE && rr->d_type == QType::NS && rr->d_name == di.zone) - nsRRtoDelete.push_back(rr); - else if (rr->d_class == QClass::IN && rr->d_ttl > 0) { - if (rr->d_type == QType::CNAME) { - cnamesToAdd.push_back(rr); + if (dnsRecord->d_class == QClass::NONE && dnsRecord->d_type == QType::NS && dnsRecord->d_name == di.zone) { + nsRRtoDelete.push_back(dnsRecord); + } + else if (dnsRecord->d_class == QClass::IN && dnsRecord->d_ttl > 0) { + if (dnsRecord->d_type == QType::CNAME) { + cnamesToAdd.push_back(dnsRecord); } else { - nonCnamesToAdd.push_back(rr); + nonCnamesToAdd.push_back(dnsRecord); } } else - changedRecords += performUpdate(msgPrefix, rr, &di, isPresigned, &narrow, &haveNSEC3, &ns3pr, &updatedSerial); + changedRecords += performUpdate(msgPrefix, dnsRecord, &di, isPresigned, &narrow, &haveNSEC3, &ns3pr, &updatedSerial); } } for (const auto &rr : cnamesToAdd) { diff --git a/pdns/saxfr.cc b/pdns/saxfr.cc index 99d83dac5640..8e733568e96c 100644 --- a/pdns/saxfr.cc +++ b/pdns/saxfr.cc @@ -16,6 +16,7 @@ StatBag S; +// NOLINTNEXTLINE(readability-function-cognitive-complexity) int main(int argc, char** argv) try { @@ -144,9 +145,11 @@ try throw PDNSException(string("Remote server refused: ") + std::to_string(mdp.d_header.rcode)); } for(MOADNSParser::answers_t::const_iterator i=mdp.d_answers.begin(); i!=mdp.d_answers.end(); ++i) { - if(i->first.d_type != QType::TKEY) continue; + if (i->d_type != QType::TKEY) { + continue; + } // recover TKEY record - tkrc = TKEYRecordContent(i->first.getContent()->getZoneRepresentation()); + tkrc = TKEYRecordContent(i->getContent()->getZoneRepresentation()); input = tkrc.d_key; } } diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc index 396e012d0c55..8dfa95731588 100644 --- a/pdns/tcpreceiver.cc +++ b/pdns/tcpreceiver.cc @@ -1189,10 +1189,10 @@ int TCPNameserver::doIXFR(std::unique_ptr& q, int outsock) uint32_t serial = 0; MOADNSParser mdp(false, q->getString()); for(const auto & answer : mdp.d_answers) { - const DNSRecord *rr = &answer; - if (rr->d_type == QType::SOA && rr->d_place == DNSResourceRecord::AUTHORITY) { + const DNSRecord *dnsRecord = &answer; + if (dnsRecord->d_type == QType::SOA && dnsRecord->d_place == DNSResourceRecord::AUTHORITY) { vectorparts; - stringtok(parts, rr->getContent()->getZoneRepresentation()); + stringtok(parts, dnsRecord->getContent()->getZoneRepresentation()); if (parts.size() >= 3) { try { pdns::checked_stoi_into(serial, parts[2]); @@ -1209,8 +1209,8 @@ int TCPNameserver::doIXFR(std::unique_ptr& q, int outsock) sendPacket(outpacket,outsock); return 0; } - } else if (rr->d_type != QType::TSIG && rr->d_type != QType::OPT) { - g_log<d_type).toString()<d_type != QType::TSIG && dnsRecord->d_type != QType::OPT) { + g_log<d_type).toString()<setRcode(RCode::FormErr); sendPacket(outpacket,outsock); return 0;