1 files changed, 41 insertions, 44 deletions

diff --git a/usr/src/lib/libresolv2/common/nameser/ns_verify.c b/usr/src/lib/libresolv2/common/nameser/ns_verify.c
index c8ccf219d5..97c012db8f 100644
--- a/usr/src/lib/libresolv2/common/nameser/ns_verify.c
+++ b/usr/src/lib/libresolv2/common/nameser/ns_verify.c
@@ -1,29 +1,22 @@
 /*
- * Copyright 2001-2002 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
- */
-
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
-/*
+ * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 1999 by Internet Software Consortium, Inc.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
+ * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 #ifndef lint
-static const char rcsid[] = "$Id: ns_verify.c,v 8.14 2001/05/29 05:49:40 marka Exp $";
+static const char rcsid[] = "$Id: ns_verify.c,v 1.5 2006/03/09 23:57:56 marka Exp $";
 #endif
 
 /* Import. */
@@ -114,28 +107,29 @@ ns_find_tsig(u_char *msg, u_char *eom) {
 }
 
 /* ns_verify
+ *
  * Parameters:
- *	statp		res stuff
- *	msg		received message
- *	msglen		length of message
- *	key		tsig key used for verifying.
- *	querysig	(response), the signature in the query
- *	querysiglen	(response), the length of the signature in the query
- *	sig		(query), a buffer to hold the signature
- *	siglen		(query), input - length of signature buffer
+ *\li	statp		res stuff
+ *\li	msg		received message
+ *\li	msglen		length of message
+ *\li	key		tsig key used for verifying.
+ *\li	querysig	(response), the signature in the query
+ *\li	querysiglen	(response), the length of the signature in the query
+ *\li	sig		(query), a buffer to hold the signature
+ *\li	siglen		(query), input - length of signature buffer
  *				 output - length of signature
  *
  * Errors:
- *	- bad input (-1)
- *	- invalid dns message (NS_TSIG_ERROR_FORMERR)
- *	- TSIG is not present (NS_TSIG_ERROR_NO_TSIG)
- *	- key doesn't match (-ns_r_badkey)
- *	- TSIG verification fails with BADKEY (-ns_r_badkey)
- *	- TSIG verification fails with BADSIG (-ns_r_badsig)
- *	- TSIG verification fails with BADTIME (-ns_r_badtime)
- *	- TSIG verification succeeds, error set to BAKEY (ns_r_badkey)
- *	- TSIG verification succeeds, error set to BADSIG (ns_r_badsig)
- *	- TSIG verification succeeds, error set to BADTIME (ns_r_badtime)
+ *\li	- bad input (-1)
+ *\li	- invalid dns message (NS_TSIG_ERROR_FORMERR)
+ *\li	- TSIG is not present (NS_TSIG_ERROR_NO_TSIG)
+ *\li	- key doesn't match (-ns_r_badkey)
+ *\li	- TSIG verification fails with BADKEY (-ns_r_badkey)
+ *\li	- TSIG verification fails with BADSIG (-ns_r_badsig)
+ *\li	- TSIG verification fails with BADTIME (-ns_r_badtime)
+ *\li	- TSIG verification succeeds, error set to BAKEY (ns_r_badkey)
+ *\li	- TSIG verification succeeds, error set to BADSIG (ns_r_badsig)
+ *\li	- TSIG verification succeeds, error set to BADTIME (ns_r_badtime)
  */
 int
 ns_verify(u_char *msg, int *msglen, void *k,
@@ -151,7 +145,7 @@ ns_verify(u_char *msg, int *msglen, void *k,
 	int n;
 	int error;
 	u_int16_t type, length;
-	u_int16_t fudge, sigfieldlen, id, otherfieldlen;
+	u_int16_t fudge, sigfieldlen, otherfieldlen;
 
 	dst_init();
 	if (msg == NULL || msglen == NULL || *msglen < 0)
@@ -205,9 +199,9 @@ ns_verify(u_char *msg, int *msglen, void *k,
 	sigstart = cp;
 	cp += sigfieldlen;
 
-	/* Read the original id and error. */
+	/* Skip id and read error. */
 	BOUNDS_CHECK(cp, 2*INT16SZ);
-	GETSHORT(id, cp);
+	cp += INT16SZ;
 	GETSHORT(error, cp);
 
 	/* Parse the other data. */
@@ -348,17 +342,19 @@ ns_verify_tcp(u_char *msg, int *msglen, ns_tcp_tsig_state *state,
 	      int required)
 {
 	HEADER *hp = (HEADER *)msg;
-	u_char *recstart, *rdatastart, *sigstart;
+	u_char *recstart, *sigstart;
 	unsigned int sigfieldlen, otherfieldlen;
-	u_char *cp, *eom = msg + *msglen, *cp2;
+	u_char *cp, *eom, *cp2;
 	char name[MAXDNAME], alg[MAXDNAME];
 	u_char buf[MAXDNAME];
-	int n, type, length, fudge, id, error;
+	int n, type, length, fudge, error;
 	time_t timesigned;
 
 	if (msg == NULL || msglen == NULL || state == NULL)
 		return (-1);
 
+	eom = msg + *msglen;
+
 	state->counter++;
 	if (state->counter == 0)
 		return (ns_verify(msg, msglen, state->key,
@@ -410,7 +406,6 @@ ns_verify_tcp(u_char *msg, int *msglen, ns_tcp_tsig_state *state,
 		return (NS_TSIG_ERROR_FORMERR);
 
 	/* Read the algorithm name. */
-	rdatastart = cp;
 	n = dn_expand(msg, eom, cp, alg, MAXDNAME);
 	if (n < 0)
 		return (NS_TSIG_ERROR_FORMERR);
@@ -436,9 +431,9 @@ ns_verify_tcp(u_char *msg, int *msglen, ns_tcp_tsig_state *state,
 	sigstart = cp;
 	cp += sigfieldlen;
 
-	/* Read the original id and error. */
+	/* Skip id and read error. */
 	BOUNDS_CHECK(cp, 2*INT16SZ);
-	GETSHORT(id, cp);
+	cp += INT16SZ;
 	GETSHORT(error, cp);
 
 	/* Parse the other data. */
@@ -456,7 +451,7 @@ ns_verify_tcp(u_char *msg, int *msglen, ns_tcp_tsig_state *state,
 
 	/* Digest the time signed and fudge. */
 	cp2 = buf;
-	PUTSHORT(0, cp2);       /* Top 16 bits of time. */
+	PUTSHORT(0, cp2);       /*%< Top 16 bits of time. */
 	PUTLONG(timesigned, cp2);
 	PUTSHORT(NS_TSIG_FUDGE, cp2);
 
@@ -485,3 +480,5 @@ ns_verify_tcp(u_char *msg, int *msglen, ns_tcp_tsig_state *state,
 
 	return (0);
 }
+
+/*! \file */