dnssec/signature: static buffer, checks

1 files changed, 13 insertions, 21 deletions

diff --git a/lib/dnssec/signature.c b/lib/dnssec/signature.c
index 35d82eca..1570ab85 100644
--- a/lib/dnssec/signature.c
+++ b/lib/dnssec/signature.c
@@ -174,19 +174,14 @@ static int sign_ctx_add_records(dnssec_sign_ctx_t *ctx, const knot_rrset_t *cove
                                 uint32_t orig_ttl, int trim_labels)
 {
 	// huge block of rrsets can be optionally created
-	uint8_t *rrwf = malloc(KNOT_WIRE_MAX_PKTSIZE);
-	if (!rrwf) {
-		return KNOT_ENOMEM;
-	}
-
-	int written = knot_rrset_to_wire(covered, rrwf, KNOT_WIRE_MAX_PKTSIZE, NULL);
+	static uint8_t wire_buffer[KNOT_WIRE_MAX_PKTSIZE];
+	int written = knot_rrset_to_wire(covered, wire_buffer, sizeof(wire_buffer), NULL);
 	if (written < 0) {
-		free(rrwf);
 		return written;
 	}
 
 	/* Set original ttl. */
-	int ret = adjust_wire_ttl(rrwf, written, orig_ttl);
+	int ret = adjust_wire_ttl(wire_buffer, written, orig_ttl);
 	if (ret != 0) {
 		return ret;
 	}
@@ -194,24 +189,21 @@ static int sign_ctx_add_records(dnssec_sign_ctx_t *ctx, const knot_rrset_t *cove
 	/* RFC4035 5.3.2
 	 * Remove leftmost labels and replace them with '*.'.
 	 */
-	uint8_t *owner = rrwf;
+	uint8_t *beginp = wire_buffer;
 	if (trim_labels > 0) {
-		/**/
 		for (int i = 0; i < trim_labels; ++i) {
-			assert(owner[0]);
-			owner = (uint8_t *) knot_wire_next_label(owner, NULL);
+			assert(beginp[0]);
+			beginp = (uint8_t *) knot_wire_next_label(beginp, NULL);
 		}
-		*(--owner) = '*';
-		*(--owner) = 1;
+		*(--beginp) = '*';
+		*(--beginp) = 1;
 	}
 
-	dnssec_binary_t rrset_wire = { 0 };
-	rrset_wire.size = written - (owner - rrwf);
-	rrset_wire.data = owner;
-	int result = dnssec_sign_add(ctx, &rrset_wire);
-	free(rrwf);
-
-	return result;
+	dnssec_binary_t wire_binary = {
+		.size = written - (beginp - wire_buffer),
+		.data = beginp
+	};
+	return dnssec_sign_add(ctx, &wire_binary);
 }
 
 /*!