../src/resolve/resolved-dns-rr.c

Bug Summary

File:	build-scan/../src/resolve/resolved-dns-rr.c
Warning:	line 537, column 12 Potential leak of memory pointed to by 'key'
Annotated Source Code

Press '?' to see keyboard shortcuts
Show analyzer invocation
clang -cc1 -cc1 -triple x86_64-unknown-linux-gnu -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name resolved-dns-rr.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -mframe-pointer=all -relaxed-aliasing -menable-no-infs -menable-no-nans -menable-unsafe-fp-math -fno-signed-zeros -mreassociate -freciprocal-math -fdenormal-fp-math=preserve-sign,preserve-sign -ffp-contract=fast -fno-rounding-math -ffast-math -ffinite-math-only -mconstructor-aliases -munwind-tables -target-cpu x86-64 -tune-cpu generic -fno-split-dwarf-inlining -debugger-tuning=gdb -resource-dir /usr/lib64/clang/12.0.0 -include config.h -I src/resolve/libsystemd-resolve-core.a.p -I src/resolve -I ../src/resolve -I src/basic -I ../src/basic -I src/shared -I ../src/shared -I src/systemd -I ../src/systemd -I src/journal -I ../src/journal -I src/journal-remote -I ../src/journal-remote -I src/nspawn -I ../src/nspawn -I src/timesync -I ../src/timesync -I ../src/time-wait-sync -I src/login -I ../src/login -I src/udev -I ../src/udev -I src/libudev -I ../src/libudev -I src/core -I ../src/core -I ../src/libsystemd/sd-bus -I ../src/libsystemd/sd-device -I ../src/libsystemd/sd-hwdb -I ../src/libsystemd/sd-id128 -I ../src/libsystemd/sd-netlink -I ../src/libsystemd/sd-network -I src/libsystemd-network -I ../src/libsystemd-network -I . -I .. -D _FILE_OFFSET_BITS=64 -internal-isystem /usr/local/include -internal-isystem /usr/lib64/clang/12.0.0/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -Wwrite-strings -Wno-unused-parameter -Wno-missing-field-initializers -Wno-unused-result -Wno-format-signedness -Wno-error=nonnull -std=gnu99 -fconst-strings -fdebug-compilation-dir /home/mrc0mmand/repos/@redhat-plumbers/systemd-rhel8/build-scan -ferror-limit 19 -fvisibility hidden -stack-protector 2 -fgnuc-version=4.2.1 -fcolor-diagnostics -analyzer-output=html -faddrsig -o /tmp/scan-build-2021-07-16-221226-1465241-1 -x c ../src/resolve/resolved-dns-rr.c
1/* SPDX-License-Identifier: LGPL-2.1+ */

3#include <math.h>

5#include "alloc-util.h"
6#include "dns-domain.h"
7#include "dns-type.h"
8#include "escape.h"
9#include "hexdecoct.h"
10#include "resolved-dns-dnssec.h"
11#include "resolved-dns-packet.h"
12#include "resolved-dns-rr.h"
13#include "string-table.h"
14#include "string-util.h"
15#include "strv.h"
16#include "terminal-util.h"

18DnsResourceKey* dns_resource_key_new(uint16_t class, uint16_t type, const char *name) {
      DnsResourceKey *k;
      size_t l;

      assert(name)do { if ((__builtin_expect(!!(!(name)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("name"), "../src/resolve/resolved-dns-rr.c"
, 22, __PRETTY_FUNCTION__); } while (0);

      l = strlen(name);
      k = malloc0(sizeof(DnsResourceKey) + l + 1)(calloc(1, (sizeof(DnsResourceKey) + l + 1)));
      if (!k)
              return NULL((void*)0);

      k->n_ref = 1;
      k->class = class;
      k->type = type;

      strcpy((char*) k + sizeof(DnsResourceKey), name);

      return k;
36}

38DnsResourceKey* dns_resource_key_new_redirect(const DnsResourceKey *key, const DnsResourceRecord *cname) {
      int r;

      assert(key)do { if ((__builtin_expect(!!(!(key)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("key"), "../src/resolve/resolved-dns-rr.c"
, 41, __PRETTY_FUNCTION__); } while (0);
      assert(cname)do { if ((__builtin_expect(!!(!(cname)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("cname"), "../src/resolve/resolved-dns-rr.c"
, 42, __PRETTY_FUNCTION__); } while (0);

      assert(IN_SET(cname->key->type, DNS_TYPE_CNAME, DNS_TYPE_DNAME))do { if ((__builtin_expect(!!(!(({ _Bool _found = 0; static __attribute__
 ((unused)) char _static_assert__macros_need_to_be_extended[20
 - sizeof((int[]){DNS_TYPE_CNAME, DNS_TYPE_DNAME})/sizeof(int
)]; switch(cname->key->type) { case DNS_TYPE_CNAME: case
 DNS_TYPE_DNAME: _found = 1; break; default: break; } _found;
 }))),0))) log_assert_failed_realm(LOG_REALM_SYSTEMD, ("IN_SET(cname->key->type, DNS_TYPE_CNAME, DNS_TYPE_DNAME)"
), "../src/resolve/resolved-dns-rr.c", 44, __PRETTY_FUNCTION__
); } while (0);

      if (cname->key->type == DNS_TYPE_CNAME)
              return dns_resource_key_new(key->class, key->type, cname->cname.name);
      else {
              DnsResourceKey *k;
              char *destination = NULL((void*)0);

              r = dns_name_change_suffix(dns_resource_key_name(key), dns_resource_key_name(cname->key), cname->dname.name, &destination);
              if (r < 0)
                      return NULL((void*)0);
              if (r == 0)
                      return dns_resource_key_ref((DnsResourceKey*) key);

              k = dns_resource_key_new_consume(key->class, key->type, destination);
              if (!k)
                      return mfree(destination);

              return k;
      }
64}

66int dns_resource_key_new_append_suffix(DnsResourceKey **ret, DnsResourceKey *key, char *name) {
      DnsResourceKey *new_key;
      char *joined;
      int r;

      assert(ret)do { if ((__builtin_expect(!!(!(ret)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("ret"), "../src/resolve/resolved-dns-rr.c"
, 71, __PRETTY_FUNCTION__); } while (0);
      assert(key)do { if ((__builtin_expect(!!(!(key)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("key"), "../src/resolve/resolved-dns-rr.c"
, 72, __PRETTY_FUNCTION__); } while (0);
      assert(name)do { if ((__builtin_expect(!!(!(name)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("name"), "../src/resolve/resolved-dns-rr.c"
, 73, __PRETTY_FUNCTION__); } while (0);

      if (dns_name_is_root(name)) {
              *ret = dns_resource_key_ref(key);
              return 0;
      }

      r = dns_name_concat(dns_resource_key_name(key), name, &joined);
      if (r < 0)
              return r;

      new_key = dns_resource_key_new_consume(key->class, key->type, joined);
      if (!new_key) {
              free(joined);
              return -ENOMEM12;
      }

      *ret = new_key;
      return 0;
92}

94DnsResourceKey* dns_resource_key_new_consume(uint16_t class, uint16_t type, char *name) {
      DnsResourceKey *k;

      assert(name)do { if ((__builtin_expect(!!(!(name)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("name"), "../src/resolve/resolved-dns-rr.c"
, 97, __PRETTY_FUNCTION__); } while (0);
13
←
Assuming 'name' is non-null→
14
←
Taking false branch→
15
←
Loop condition is false.  Exiting loop→

      k = new0(DnsResourceKey, 1)((DnsResourceKey*) calloc((1), sizeof(DnsResourceKey)));
16
←
Memory is allocated→
      if (!k)
17
←
Assuming 'k' is non-null→
18
←
Taking false branch→
              return NULL((void*)0);

      k->n_ref = 1;
      k->class = class;
      k->type = type;
      k->_name = name;

      return k;
109}

111DnsResourceKey* dns_resource_key_ref(DnsResourceKey *k) {

      if (!k)
              return NULL((void*)0);

      /* Static/const keys created with DNS_RESOURCE_KEY_CONST will
       * set this to -1, they should not be reffed/unreffed */
      assert(k->n_ref != (unsigned) -1)do { if ((__builtin_expect(!!(!(k->n_ref != (unsigned) -1)
),0))) log_assert_failed_realm(LOG_REALM_SYSTEMD, ("k->n_ref != (unsigned) -1"
), "../src/resolve/resolved-dns-rr.c", 118, __PRETTY_FUNCTION__
); } while (0);

      assert(k->n_ref > 0)do { if ((__builtin_expect(!!(!(k->n_ref > 0)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("k->n_ref > 0"), "../src/resolve/resolved-dns-rr.c"
, 120, __PRETTY_FUNCTION__); } while (0);
      k->n_ref++;

      return k;
124}

126DnsResourceKey* dns_resource_key_unref(DnsResourceKey *k) {
      if (!k)
              return NULL((void*)0);

      assert(k->n_ref != (unsigned) -1)do { if ((__builtin_expect(!!(!(k->n_ref != (unsigned) -1)
),0))) log_assert_failed_realm(LOG_REALM_SYSTEMD, ("k->n_ref != (unsigned) -1"
), "../src/resolve/resolved-dns-rr.c", 130, __PRETTY_FUNCTION__
); } while (0);
      assert(k->n_ref > 0)do { if ((__builtin_expect(!!(!(k->n_ref > 0)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("k->n_ref > 0"), "../src/resolve/resolved-dns-rr.c"
, 131, __PRETTY_FUNCTION__); } while (0);

      if (k->n_ref == 1) {
              free(k->_name);
              free(k);
      } else
              k->n_ref--;

      return NULL((void*)0);
140}

142const char* dns_resource_key_name(const DnsResourceKey *key) {
      const char *name;

      if (!key)
              return NULL((void*)0);

      if (key->_name)
              name = key->_name;
      else
              name = (char*) key + sizeof(DnsResourceKey);

      if (dns_name_is_root(name))
              return ".";
      else
              return name;
157}

159bool_Bool dns_resource_key_is_address(const DnsResourceKey *key) {
      assert(key)do { if ((__builtin_expect(!!(!(key)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("key"), "../src/resolve/resolved-dns-rr.c"
, 160, __PRETTY_FUNCTION__); } while (0);

      /* Check if this is an A or AAAA resource key */

      return key->class == DNS_CLASS_IN && IN_SET(key->type, DNS_TYPE_A, DNS_TYPE_AAAA)({ _Bool _found = 0; static __attribute__ ((unused)) char _static_assert__macros_need_to_be_extended
[20 - sizeof((int[]){DNS_TYPE_A, DNS_TYPE_AAAA})/sizeof(int)]
; switch(key->type) { case DNS_TYPE_A: case DNS_TYPE_AAAA:
 _found = 1; break; default: break; } _found; });
165}

167bool_Bool dns_resource_key_is_dnssd_ptr(const DnsResourceKey *key) {
      assert(key)do { if ((__builtin_expect(!!(!(key)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("key"), "../src/resolve/resolved-dns-rr.c"
, 168, __PRETTY_FUNCTION__); } while (0);

      /* Check if this is a PTR resource key used in
         Service Instance Enumeration as described in RFC6763 p4.1. */

      if (key->type != DNS_TYPE_PTR)
              return false0;

      return dns_name_endswith(dns_resource_key_name(key), "_tcp.local") ||
              dns_name_endswith(dns_resource_key_name(key), "_udp.local");
178}

180int dns_resource_key_equal(const DnsResourceKey *a, const DnsResourceKey *b) {
      int r;

      if (a == b)
              return 1;

      r = dns_name_equal(dns_resource_key_name(a), dns_resource_key_name(b));
      if (r <= 0)
              return r;

      if (a->class != b->class)
              return 0;

      if (a->type != b->type)
              return 0;

      return 1;
197}

199int dns_resource_key_match_rr(const DnsResourceKey *key, DnsResourceRecord *rr, const char *search_domain) {
      int r;

      assert(key)do { if ((__builtin_expect(!!(!(key)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("key"), "../src/resolve/resolved-dns-rr.c"
, 202, __PRETTY_FUNCTION__); } while (0);
      assert(rr)do { if ((__builtin_expect(!!(!(rr)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("rr"), "../src/resolve/resolved-dns-rr.c"
, 203, __PRETTY_FUNCTION__); } while (0);

      if (key == rr->key)
              return 1;

      /* Checks if an rr matches the specified key. If a search
       * domain is specified, it will also be checked if the key
       * with the search domain suffixed might match the RR. */

      if (rr->key->class != key->class && key->class != DNS_CLASS_ANY)
              return 0;

      if (rr->key->type != key->type && key->type != DNS_TYPE_ANY)
              return 0;

      r = dns_name_equal(dns_resource_key_name(rr->key), dns_resource_key_name(key));
      if (r != 0)
              return r;

      if (search_domain) {
              _cleanup_free___attribute__((cleanup(freep))) char *joined = NULL((void*)0);

              r = dns_name_concat(dns_resource_key_name(key), search_domain, &joined);
              if (r < 0)
                      return r;

              return dns_name_equal(dns_resource_key_name(rr->key), joined);
      }

      return 0;
233}

235int dns_resource_key_match_cname_or_dname(const DnsResourceKey *key, const DnsResourceKey *cname, const char *search_domain) {
      int r;

      assert(key)do { if ((__builtin_expect(!!(!(key)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("key"), "../src/resolve/resolved-dns-rr.c"
, 238, __PRETTY_FUNCTION__); } while (0);
      assert(cname)do { if ((__builtin_expect(!!(!(cname)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("cname"), "../src/resolve/resolved-dns-rr.c"
, 239, __PRETTY_FUNCTION__); } while (0);

      if (cname->class != key->class && key->class != DNS_CLASS_ANY)
              return 0;

      if (cname->type == DNS_TYPE_CNAME)
              r = dns_name_equal(dns_resource_key_name(key), dns_resource_key_name(cname));
      else if (cname->type == DNS_TYPE_DNAME)
              r = dns_name_endswith(dns_resource_key_name(key), dns_resource_key_name(cname));
      else
              return 0;

      if (r != 0)
              return r;

      if (search_domain) {
              _cleanup_free___attribute__((cleanup(freep))) char *joined = NULL((void*)0);

              r = dns_name_concat(dns_resource_key_name(key), search_domain, &joined);
              if (r < 0)
                      return r;

              if (cname->type == DNS_TYPE_CNAME)
                      return dns_name_equal(joined, dns_resource_key_name(cname));
              else if (cname->type == DNS_TYPE_DNAME)
                      return dns_name_endswith(joined, dns_resource_key_name(cname));
      }

      return 0;
268}

270int dns_resource_key_match_soa(const DnsResourceKey *key, const DnsResourceKey *soa) {
      assert(soa)do { if ((__builtin_expect(!!(!(soa)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("soa"), "../src/resolve/resolved-dns-rr.c"
, 271, __PRETTY_FUNCTION__); } while (0);
      assert(key)do { if ((__builtin_expect(!!(!(key)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("key"), "../src/resolve/resolved-dns-rr.c"
, 272, __PRETTY_FUNCTION__); } while (0);

      /* Checks whether 'soa' is a SOA record for the specified key. */

      if (soa->class != key->class)
              return 0;

      if (soa->type != DNS_TYPE_SOA)
              return 0;

      return dns_name_endswith(dns_resource_key_name(key), dns_resource_key_name(soa));
283}

285static void dns_resource_key_hash_func(const void *i, struct siphash *state) {
      const DnsResourceKey *k = i;

      assert(k)do { if ((__builtin_expect(!!(!(k)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("k"), "../src/resolve/resolved-dns-rr.c"
, 288, __PRETTY_FUNCTION__); } while (0);

      dns_name_hash_func(dns_resource_key_name(k), state);
      siphash24_compress(&k->class, sizeof(k->class), state);
      siphash24_compress(&k->type, sizeof(k->type), state);
293}

295static int dns_resource_key_compare_func(const void *a, const void *b) {
      const DnsResourceKey *x = a, *y = b;
      int ret;

      ret = dns_name_compare_func(dns_resource_key_name(x), dns_resource_key_name(y));
      if (ret != 0)
              return ret;

      if (x->type < y->type)
              return -1;
      if (x->type > y->type)
              return 1;

      if (x->class < y->class)
              return -1;
      if (x->class > y->class)
              return 1;

      return 0;
314}

316const struct hash_ops dns_resource_key_hash_ops = {
      .hash = dns_resource_key_hash_func,
      .compare = dns_resource_key_compare_func
319};

321char* dns_resource_key_to_string(const DnsResourceKey *key, char *buf, size_t buf_size) {
      const char *c, *t;
      char *ans = buf;

      /* If we cannot convert the CLASS/TYPE into a known string,
         use the format recommended by RFC 3597, Section 5. */

      c = dns_class_to_string(key->class);
      t = dns_type_to_string(key->type);

      snprintf(buf, buf_size, "%s %s%s%.0u %s%s%.0u",
               dns_resource_key_name(key),
               strempty(c), c ? "" : "CLASS", c ? 0 : key->class,
               strempty(t), t ? "" : "TYPE", t ? 0 : key->type);

      return ans;
337}

339bool_Bool dns_resource_key_reduce(DnsResourceKey **a, DnsResourceKey **b) {
      assert(a)do { if ((__builtin_expect(!!(!(a)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("a"), "../src/resolve/resolved-dns-rr.c"
, 340, __PRETTY_FUNCTION__); } while (0);
      assert(b)do { if ((__builtin_expect(!!(!(b)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("b"), "../src/resolve/resolved-dns-rr.c"
, 341, __PRETTY_FUNCTION__); } while (0);

      /* Try to replace one RR key by another if they are identical, thus saving a bit of memory. Note that we do
       * this only for RR keys, not for RRs themselves, as they carry a lot of additional metadata (where they come
       * from, validity data, and suchlike), and cannot be replaced so easily by other RRs that have the same
       * superficial data. */

      if (!*a)
              return false0;
      if (!*b)
              return false0;

      /* We refuse merging const keys */
      if ((*a)->n_ref == (unsigned) -1)
              return false0;
      if ((*b)->n_ref == (unsigned) -1)
              return false0;

      /* Already the same? */
      if (*a == *b)
              return true1;

      /* Are they really identical? */
      if (dns_resource_key_equal(*a, *b) <= 0)
              return false0;

      /* Keep the one which already has more references. */
      if ((*a)->n_ref > (*b)->n_ref) {
              dns_resource_key_unref(*b);
              *b = dns_resource_key_ref(*a);
      } else {
              dns_resource_key_unref(*a);
              *a = dns_resource_key_ref(*b);
      }

      return true1;
377}

379DnsResourceRecord* dns_resource_record_new(DnsResourceKey *key) {
      DnsResourceRecord *rr;

      rr = new0(DnsResourceRecord, 1)((DnsResourceRecord*) calloc((1), sizeof(DnsResourceRecord)));
      if (!rr)
              return NULL((void*)0);

      rr->n_ref = 1;
      rr->key = dns_resource_key_ref(key);
      rr->expiry = USEC_INFINITY((usec_t) -1);
      rr->n_skip_labels_signer = rr->n_skip_labels_source = (unsigned) -1;

      return rr;
392}

394DnsResourceRecord* dns_resource_record_new_full(uint16_t class, uint16_t type, const char *name) {
      _cleanup_(dns_resource_key_unrefp)__attribute__((cleanup(dns_resource_key_unrefp))) DnsResourceKey *key = NULL((void*)0);

      key = dns_resource_key_new(class, type, name);
      if (!key)
              return NULL((void*)0);

      return dns_resource_record_new(key);
402}

404DnsResourceRecord* dns_resource_record_ref(DnsResourceRecord *rr) {
      if (!rr)
              return NULL((void*)0);

      assert(rr->n_ref > 0)do { if ((__builtin_expect(!!(!(rr->n_ref > 0)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("rr->n_ref > 0"), "../src/resolve/resolved-dns-rr.c"
, 408, __PRETTY_FUNCTION__); } while (0);
      rr->n_ref++;

      return rr;
412}

414DnsResourceRecord* dns_resource_record_unref(DnsResourceRecord *rr) {
      if (!rr)
              return NULL((void*)0);

      assert(rr->n_ref > 0)do { if ((__builtin_expect(!!(!(rr->n_ref > 0)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("rr->n_ref > 0"), "../src/resolve/resolved-dns-rr.c"
, 418, __PRETTY_FUNCTION__); } while (0);

      if (rr->n_ref > 1) {
              rr->n_ref--;
              return NULL((void*)0);
      }

      if (rr->key) {
              switch(rr->key->type) {

              case DNS_TYPE_SRV:
                      free(rr->srv.name);
                      break;

              case DNS_TYPE_PTR:
              case DNS_TYPE_NS:
              case DNS_TYPE_CNAME:
              case DNS_TYPE_DNAME:
                      free(rr->ptr.name);
                      break;

              case DNS_TYPE_HINFO:
                      free(rr->hinfo.cpu);
                      free(rr->hinfo.os);
                      break;

              case DNS_TYPE_TXT:
              case DNS_TYPE_SPF:
                      dns_txt_item_free_all(rr->txt.items);
                      break;

              case DNS_TYPE_SOA:
                      free(rr->soa.mname);
                      free(rr->soa.rname);
                      break;

              case DNS_TYPE_MX:
                      free(rr->mx.exchange);
                      break;

              case DNS_TYPE_DS:
                      free(rr->ds.digest);
                      break;

              case DNS_TYPE_SSHFP:
                      free(rr->sshfp.fingerprint);
                      break;

              case DNS_TYPE_DNSKEY:
                      free(rr->dnskey.key);
                      break;

              case DNS_TYPE_RRSIG:
                      free(rr->rrsig.signer);
                      free(rr->rrsig.signature);
                      break;

              case DNS_TYPE_NSEC:
                      free(rr->nsec.next_domain_name);
                      bitmap_free(rr->nsec.types);
                      break;

              case DNS_TYPE_NSEC3:
                      free(rr->nsec3.next_hashed_name);
                      free(rr->nsec3.salt);
                      bitmap_free(rr->nsec3.types);
                      break;

              case DNS_TYPE_LOC:
              case DNS_TYPE_A:
              case DNS_TYPE_AAAA:
                      break;

              case DNS_TYPE_TLSA:
                      free(rr->tlsa.data);
                      break;

              case DNS_TYPE_CAA:
                      free(rr->caa.tag);
                      free(rr->caa.value);
                      break;

              case DNS_TYPE_OPENPGPKEY:
              default:
                      if (!rr->unparseable)
                              free(rr->generic.data);
              }

              if (rr->unparseable)
                      free(rr->generic.data);

              free(rr->wire_format);
              dns_resource_key_unref(rr->key);
      }

      free(rr->to_string);
      return mfree(rr);
515}

517int dns_resource_record_new_reverse(DnsResourceRecord **ret, int family, const union in_addr_union *address, const char *hostname) {
      _cleanup_(dns_resource_key_unrefp)__attribute__((cleanup(dns_resource_key_unrefp))) DnsResourceKey *key = NULL((void*)0);
      _cleanup_(dns_resource_record_unrefp)__attribute__((cleanup(dns_resource_record_unrefp))) DnsResourceRecord *rr = NULL((void*)0);
      _cleanup_free___attribute__((cleanup(freep))) char *ptr = NULL((void*)0);
      int r;

      assert(ret)do { if ((__builtin_expect(!!(!(ret)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("ret"), "../src/resolve/resolved-dns-rr.c"
, 523, __PRETTY_FUNCTION__); } while (0);
1
Assuming 'ret' is non-null→
2
←
Taking false branch→
3
←
Loop condition is false.  Exiting loop→
      assert(address)do { if ((__builtin_expect(!!(!(address)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("address"), "../src/resolve/resolved-dns-rr.c"
, 524, __PRETTY_FUNCTION__); } while (0);
4
←
Assuming 'address' is non-null→
5
←
Taking false branch→
6
←
Loop condition is false.  Exiting loop→
      assert(hostname)do { if ((__builtin_expect(!!(!(hostname)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("hostname"), "../src/resolve/resolved-dns-rr.c"
, 525, __PRETTY_FUNCTION__); } while (0);
7
←
Assuming 'hostname' is non-null→
8
←
Taking false branch→
9
←
Loop condition is false.  Exiting loop→

      r = dns_name_reverse(family, address, &ptr);
      if (r < 0)
10
←
Assuming 'r' is >= 0→
11
←
Taking false branch→
              return r;

      key = dns_resource_key_new_consume(DNS_CLASS_IN, DNS_TYPE_PTR, ptr);
12
←
Calling 'dns_resource_key_new_consume'→
19
←
Returned allocated memory→
      if (!key19.1
'key' is non-null
)
20
←
Taking false branch→
              return -ENOMEM12;

      ptr = NULL((void*)0);

      rr = dns_resource_record_new(key);
21
←
Potential leak of memory pointed to by 'key'
      if (!rr)
              return -ENOMEM12;

      rr->ptr.name = strdup(hostname);
      if (!rr->ptr.name)
              return -ENOMEM12;

      *ret = TAKE_PTR(rr)({ typeof(rr) _ptr_ = (rr); (rr) = ((void*)0); _ptr_; });

      return 0;
548}

550int dns_resource_record_new_address(DnsResourceRecord **ret, int family, const union in_addr_union *address, const char *name) {
      DnsResourceRecord *rr;

      assert(ret)do { if ((__builtin_expect(!!(!(ret)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("ret"), "../src/resolve/resolved-dns-rr.c"
, 553, __PRETTY_FUNCTION__); } while (0);
      assert(address)do { if ((__builtin_expect(!!(!(address)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("address"), "../src/resolve/resolved-dns-rr.c"
, 554, __PRETTY_FUNCTION__); } while (0);
      assert(family)do { if ((__builtin_expect(!!(!(family)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("family"), "../src/resolve/resolved-dns-rr.c"
, 555, __PRETTY_FUNCTION__); } while (0);

      if (family == AF_INET2) {

              rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_A, name);
              if (!rr)
                      return -ENOMEM12;

              rr->a.in_addr = address->in;

      } else if (family == AF_INET610) {

              rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_AAAA, name);
              if (!rr)
                      return -ENOMEM12;

              rr->aaaa.in6_addr = address->in6;
      } else
              return -EAFNOSUPPORT97;

      *ret = rr;

      return 0;
578}

580#define FIELD_EQUAL(a, b, field)((a).field_size == (b).field_size && memcmp((a).field
, (b).field, (a).field_size) == 0) \
      ((a).field ## _size == (b).field ## _size &&  \
       memcmp((a).field, (b).field, (a).field ## _size) == 0)

584int dns_resource_record_equal(const DnsResourceRecord *a, const DnsResourceRecord *b) {
      int r;

      assert(a)do { if ((__builtin_expect(!!(!(a)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("a"), "../src/resolve/resolved-dns-rr.c"
, 587, __PRETTY_FUNCTION__); } while (0);
      assert(b)do { if ((__builtin_expect(!!(!(b)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("b"), "../src/resolve/resolved-dns-rr.c"
, 588, __PRETTY_FUNCTION__); } while (0);

      if (a == b)
              return 1;

      r = dns_resource_key_equal(a->key, b->key);
      if (r <= 0)
              return r;

      if (a->unparseable != b->unparseable)
              return 0;

      switch (a->unparseable ? _DNS_TYPE_INVALID : a->key->type) {

      case DNS_TYPE_SRV:
              r = dns_name_equal(a->srv.name, b->srv.name);
              if (r <= 0)
                      return r;

              return a->srv.priority == b->srv.priority &&
                     a->srv.weight == b->srv.weight &&
                     a->srv.port == b->srv.port;

      case DNS_TYPE_PTR:
      case DNS_TYPE_NS:
      case DNS_TYPE_CNAME:
      case DNS_TYPE_DNAME:
              return dns_name_equal(a->ptr.name, b->ptr.name);

      case DNS_TYPE_HINFO:
              return strcaseeq(a->hinfo.cpu, b->hinfo.cpu)(strcasecmp((a->hinfo.cpu),(b->hinfo.cpu)) == 0) &&
                     strcaseeq(a->hinfo.os, b->hinfo.os)(strcasecmp((a->hinfo.os),(b->hinfo.os)) == 0);

      case DNS_TYPE_SPF: /* exactly the same as TXT */
      case DNS_TYPE_TXT:
              return dns_txt_item_equal(a->txt.items, b->txt.items);

      case DNS_TYPE_A:
              return memcmp(&a->a.in_addr, &b->a.in_addr, sizeof(struct in_addr)) == 0;

      case DNS_TYPE_AAAA:
              return memcmp(&a->aaaa.in6_addr, &b->aaaa.in6_addr, sizeof(struct in6_addr)) == 0;

      case DNS_TYPE_SOA:
              r = dns_name_equal(a->soa.mname, b->soa.mname);
              if (r <= 0)
                      return r;
              r = dns_name_equal(a->soa.rname, b->soa.rname);
              if (r <= 0)
                      return r;

              return a->soa.serial  == b->soa.serial &&
                     a->soa.refresh == b->soa.refresh &&
                     a->soa.retry   == b->soa.retry &&
                     a->soa.expire  == b->soa.expire &&
                     a->soa.minimum == b->soa.minimum;

      case DNS_TYPE_MX:
              if (a->mx.priority != b->mx.priority)
                      return 0;

              return dns_name_equal(a->mx.exchange, b->mx.exchange);

      case DNS_TYPE_LOC:
              assert(a->loc.version == b->loc.version)do { if ((__builtin_expect(!!(!(a->loc.version == b->loc
.version)),0))) log_assert_failed_realm(LOG_REALM_SYSTEMD, ("a->loc.version == b->loc.version"
), "../src/resolve/resolved-dns-rr.c", 652, __PRETTY_FUNCTION__
); } while (0);

              return a->loc.size == b->loc.size &&
                     a->loc.horiz_pre == b->loc.horiz_pre &&
                     a->loc.vert_pre == b->loc.vert_pre &&
                     a->loc.latitude == b->loc.latitude &&
                     a->loc.longitude == b->loc.longitude &&
                     a->loc.altitude == b->loc.altitude;

      case DNS_TYPE_DS:
              return a->ds.key_tag == b->ds.key_tag &&
                     a->ds.algorithm == b->ds.algorithm &&
                     a->ds.digest_type == b->ds.digest_type &&
                     FIELD_EQUAL(a->ds, b->ds, digest)((a->ds).digest_size == (b->ds).digest_size && memcmp
((a->ds).digest, (b->ds).digest, (a->ds).digest_size
) == 0);

      case DNS_TYPE_SSHFP:
              return a->sshfp.algorithm == b->sshfp.algorithm &&
                     a->sshfp.fptype == b->sshfp.fptype &&
                     FIELD_EQUAL(a->sshfp, b->sshfp, fingerprint)((a->sshfp).fingerprint_size == (b->sshfp).fingerprint_size
 && memcmp((a->sshfp).fingerprint, (b->sshfp).fingerprint
, (a->sshfp).fingerprint_size) == 0);

      case DNS_TYPE_DNSKEY:
              return a->dnskey.flags == b->dnskey.flags &&
                     a->dnskey.protocol == b->dnskey.protocol &&
                     a->dnskey.algorithm == b->dnskey.algorithm &&
                     FIELD_EQUAL(a->dnskey, b->dnskey, key)((a->dnskey).key_size == (b->dnskey).key_size &&
 memcmp((a->dnskey).key, (b->dnskey).key, (a->dnskey
).key_size) == 0);

      case DNS_TYPE_RRSIG:
              /* do the fast comparisons first */
              return a->rrsig.type_covered == b->rrsig.type_covered &&
                     a->rrsig.algorithm == b->rrsig.algorithm &&
                     a->rrsig.labels == b->rrsig.labels &&
                     a->rrsig.original_ttl == b->rrsig.original_ttl &&
                     a->rrsig.expiration == b->rrsig.expiration &&
                     a->rrsig.inception == b->rrsig.inception &&
                     a->rrsig.key_tag == b->rrsig.key_tag &&
                     FIELD_EQUAL(a->rrsig, b->rrsig, signature)((a->rrsig).signature_size == (b->rrsig).signature_size
 && memcmp((a->rrsig).signature, (b->rrsig).signature
, (a->rrsig).signature_size) == 0) &&
                     dns_name_equal(a->rrsig.signer, b->rrsig.signer);

      case DNS_TYPE_NSEC:
              return dns_name_equal(a->nsec.next_domain_name, b->nsec.next_domain_name) &&
                     bitmap_equal(a->nsec.types, b->nsec.types);

      case DNS_TYPE_NSEC3:
              return a->nsec3.algorithm == b->nsec3.algorithm &&
                     a->nsec3.flags == b->nsec3.flags &&
                     a->nsec3.iterations == b->nsec3.iterations &&
                     FIELD_EQUAL(a->nsec3, b->nsec3, salt)((a->nsec3).salt_size == (b->nsec3).salt_size &&
 memcmp((a->nsec3).salt, (b->nsec3).salt, (a->nsec3)
.salt_size) == 0) &&
                     FIELD_EQUAL(a->nsec3, b->nsec3, next_hashed_name)((a->nsec3).next_hashed_name_size == (b->nsec3).next_hashed_name_size
 && memcmp((a->nsec3).next_hashed_name, (b->nsec3
).next_hashed_name, (a->nsec3).next_hashed_name_size) == 0
) &&
                     bitmap_equal(a->nsec3.types, b->nsec3.types);

      case DNS_TYPE_TLSA:
              return a->tlsa.cert_usage == b->tlsa.cert_usage &&
                     a->tlsa.selector == b->tlsa.selector &&
                     a->tlsa.matching_type == b->tlsa.matching_type &&
                     FIELD_EQUAL(a->tlsa, b->tlsa, data)((a->tlsa).data_size == (b->tlsa).data_size && memcmp
((a->tlsa).data, (b->tlsa).data, (a->tlsa).data_size
) == 0);

      case DNS_TYPE_CAA:
              return a->caa.flags == b->caa.flags &&
                     streq(a->caa.tag, b->caa.tag)(strcmp((a->caa.tag),(b->caa.tag)) == 0) &&
                     FIELD_EQUAL(a->caa, b->caa, value)((a->caa).value_size == (b->caa).value_size && memcmp
((a->caa).value, (b->caa).value, (a->caa).value_size
) == 0);

      case DNS_TYPE_OPENPGPKEY:
      default:
              return FIELD_EQUAL(a->generic, b->generic, data)((a->generic).data_size == (b->generic).data_size &&
 memcmp((a->generic).data, (b->generic).data, (a->generic
).data_size) == 0);
      }
717}

719static char* format_location(uint32_t latitude, uint32_t longitude, uint32_t altitude,
                           uint8_t size, uint8_t horiz_pre, uint8_t vert_pre) {
      char *s;
      char NS = latitude >= 1U<<31 ? 'N' : 'S';
      char EW = longitude >= 1U<<31 ? 'E' : 'W';

      int lat = latitude >= 1U<<31 ? (int) (latitude - (1U<<31)) : (int) ((1U<<31) - latitude);
      int lon = longitude >= 1U<<31 ? (int) (longitude - (1U<<31)) : (int) ((1U<<31) - longitude);
      double alt = altitude >= 10000000u ? altitude - 10000000u : -(double)(10000000u - altitude);
      double siz = (size >> 4) * exp10((double) (size & 0xF));
      double hor = (horiz_pre >> 4) * exp10((double) (horiz_pre & 0xF));
      double ver = (vert_pre >> 4) * exp10((double) (vert_pre & 0xF));

      if (asprintf(&s, "%d %d %.3f %c %d %d %.3f %c %.2fm %.2fm %.2fm %.2fm",
                   (lat / 60000 / 60),
                   (lat / 60000) % 60,
                   (lat % 60000) / 1000.,
                   NS,
                   (lon / 60000 / 60),
                   (lon / 60000) % 60,
                   (lon % 60000) / 1000.,
                   EW,
                   alt / 100.,
                   siz / 100.,
                   hor / 100.,
                   ver / 100.) < 0)
              return NULL((void*)0);

      return s;
748}

750static int format_timestamp_dns(char *buf, size_t l, time_t sec) {
      struct tm tm;

      assert(buf)do { if ((__builtin_expect(!!(!(buf)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("buf"), "../src/resolve/resolved-dns-rr.c"
, 753, __PRETTY_FUNCTION__); } while (0);
      assert(l > STRLEN("YYYYMMDDHHmmSS"))do { if ((__builtin_expect(!!(!(l > (sizeof("""YYYYMMDDHHmmSS"
"") - 1))),0))) log_assert_failed_realm(LOG_REALM_SYSTEMD, ("l > STRLEN(\"YYYYMMDDHHmmSS\")"
), "../src/resolve/resolved-dns-rr.c", 754, __PRETTY_FUNCTION__
); } while (0);

      if (!gmtime_r(&sec, &tm))
              return -EINVAL22;

      if (strftime(buf, l, "%Y%m%d%H%M%S", &tm) <= 0)
              return -EINVAL22;

      return 0;
763}

765static char *format_types(Bitmap *types) {
      _cleanup_strv_free___attribute__((cleanup(strv_freep))) char **strv = NULL((void*)0);
      _cleanup_free___attribute__((cleanup(freep))) char *str = NULL((void*)0);
      Iterator i;
      unsigned type;
      int r;

      BITMAP_FOREACH(type, types, i)for ((i).idx = 0; bitmap_iterate((types), &(i), (unsigned
*)&(type)); ) {
              if (dns_type_to_string(type)) {
                      r = strv_extend(&strv, dns_type_to_string(type));
                      if (r < 0)
                              return NULL((void*)0);
              } else {
                      char *t;

                      r = asprintf(&t, "TYPE%u", type);
                      if (r < 0)
                              return NULL((void*)0);

                      r = strv_consume(&strv, t);
                      if (r < 0)
                              return NULL((void*)0);
              }
      }

      str = strv_join(strv, " ");
      if (!str)
              return NULL((void*)0);

      return strjoin("( ", str, " )")strjoin_real(("( "), str, " )", ((void*)0));
795}

797static char *format_txt(DnsTxtItem *first) {
      DnsTxtItem *i;
      size_t c = 1;
      char *p, *s;

      LIST_FOREACH(items, i, first)for ((i) = (first); (i); (i) = (i)->items_next)
              c += i->length * 4 + 3;

      p = s = new(char, c)((char*) malloc_multiply(sizeof(char), (c)));
      if (!s)
              return NULL((void*)0);

      LIST_FOREACH(items, i, first)for ((i) = (first); (i); (i) = (i)->items_next) {
              size_t j;

              if (i != first)
                      *(p++) = ' ';

              *(p++) = '"';

              for (j = 0; j < i->length; j++) {
                      if (i->data[j] < ' ' || i->data[j] == '"' || i->data[j] >= 127) {
                              *(p++) = '\\';
                              *(p++) = '0' + (i->data[j] / 100);
                              *(p++) = '0' + ((i->data[j] / 10) % 10);
                              *(p++) = '0' + (i->data[j] % 10);
                      } else
                              *(p++) = i->data[j];
              }

              *(p++) = '"';
      }

      *p = 0;
      return s;
832}

834const char *dns_resource_record_to_string(DnsResourceRecord *rr) {
      _cleanup_free___attribute__((cleanup(freep))) char *t = NULL((void*)0);
      char *s, k[DNS_RESOURCE_KEY_STRING_MAX((sizeof "CLASS" + (2+(sizeof(uint16_t) <= 1 ? 3 : sizeof(
uint16_t) <= 2 ? 5 : sizeof(uint16_t) <= 4 ? 10 : sizeof
(uint16_t) <= 8 ? 20 : sizeof(int[-2*(sizeof(uint16_t) >
 8)])))) + (sizeof "CLASS" + (2+(sizeof(uint16_t) <= 1 ? 3
 : sizeof(uint16_t) <= 2 ? 5 : sizeof(uint16_t) <= 4 ? 10
 : sizeof(uint16_t) <= 8 ? 20 : sizeof(int[-2*(sizeof(uint16_t
) > 8)])))) + 253 + 1)];
      int r;

      assert(rr)do { if ((__builtin_expect(!!(!(rr)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("rr"), "../src/resolve/resolved-dns-rr.c"
, 839, __PRETTY_FUNCTION__); } while (0);

      if (rr->to_string)
              return rr->to_string;

      dns_resource_key_to_string(rr->key, k, sizeof(k));

      switch (rr->unparseable ? _DNS_TYPE_INVALID : rr->key->type) {

      case DNS_TYPE_SRV:
              r = asprintf(&s, "%s %u %u %u %s",
                           k,
                           rr->srv.priority,
                           rr->srv.weight,
                           rr->srv.port,
                           strna(rr->srv.name));
              if (r < 0)
                      return NULL((void*)0);
              break;

      case DNS_TYPE_PTR:
      case DNS_TYPE_NS:
      case DNS_TYPE_CNAME:
      case DNS_TYPE_DNAME:
              s = strjoin(k, " ", rr->ptr.name)strjoin_real((k), " ", rr->ptr.name, ((void*)0));
              if (!s)
                      return NULL((void*)0);

              break;

      case DNS_TYPE_HINFO:
              s = strjoin(k, " ", rr->hinfo.cpu, " ", rr->hinfo.os)strjoin_real((k), " ", rr->hinfo.cpu, " ", rr->hinfo.os
, ((void*)0));
              if (!s)
                      return NULL((void*)0);
              break;

      case DNS_TYPE_SPF: /* exactly the same as TXT */
      case DNS_TYPE_TXT:
              t = format_txt(rr->txt.items);
              if (!t)
                      return NULL((void*)0);

              s = strjoin(k, " ", t)strjoin_real((k), " ", t, ((void*)0));
              if (!s)
                      return NULL((void*)0);
              break;

      case DNS_TYPE_A: {
              _cleanup_free___attribute__((cleanup(freep))) char *x = NULL((void*)0);

              r = in_addr_to_string(AF_INET2, (const union in_addr_union*) &rr->a.in_addr, &x);
              if (r < 0)
                      return NULL((void*)0);

              s = strjoin(k, " ", x)strjoin_real((k), " ", x, ((void*)0));
              if (!s)
                      return NULL((void*)0);
              break;
      }

      case DNS_TYPE_AAAA:
              r = in_addr_to_string(AF_INET610, (const union in_addr_union*) &rr->aaaa.in6_addr, &t);
              if (r < 0)
                      return NULL((void*)0);

              s = strjoin(k, " ", t)strjoin_real((k), " ", t, ((void*)0));
              if (!s)
                      return NULL((void*)0);
              break;

      case DNS_TYPE_SOA:
              r = asprintf(&s, "%s %s %s %u %u %u %u %u",
                           k,
                           strna(rr->soa.mname),
                           strna(rr->soa.rname),
                           rr->soa.serial,
                           rr->soa.refresh,
                           rr->soa.retry,
                           rr->soa.expire,
                           rr->soa.minimum);
              if (r < 0)
                      return NULL((void*)0);
              break;

      case DNS_TYPE_MX:
              r = asprintf(&s, "%s %u %s",
                           k,
                           rr->mx.priority,
                           rr->mx.exchange);
              if (r < 0)
                      return NULL((void*)0);
              break;

      case DNS_TYPE_LOC:
              assert(rr->loc.version == 0)do { if ((__builtin_expect(!!(!(rr->loc.version == 0)),0))
) log_assert_failed_realm(LOG_REALM_SYSTEMD, ("rr->loc.version == 0"
), "../src/resolve/resolved-dns-rr.c", 933, __PRETTY_FUNCTION__
); } while (0);

              t = format_location(rr->loc.latitude,
                                  rr->loc.longitude,
                                  rr->loc.altitude,
                                  rr->loc.size,
                                  rr->loc.horiz_pre,
                                  rr->loc.vert_pre);
              if (!t)
                      return NULL((void*)0);

              s = strjoin(k, " ", t)strjoin_real((k), " ", t, ((void*)0));
              if (!s)
                      return NULL((void*)0);
              break;

      case DNS_TYPE_DS:
              t = hexmem(rr->ds.digest, rr->ds.digest_size);
              if (!t)
                      return NULL((void*)0);

              r = asprintf(&s, "%s %u %u %u %s",
                           k,
                           rr->ds.key_tag,
                           rr->ds.algorithm,
                           rr->ds.digest_type,
                           t);
              if (r < 0)
                      return NULL((void*)0);
              break;

      case DNS_TYPE_SSHFP:
              t = hexmem(rr->sshfp.fingerprint, rr->sshfp.fingerprint_size);
              if (!t)
                      return NULL((void*)0);

              r = asprintf(&s, "%s %u %u %s",
                           k,
                           rr->sshfp.algorithm,
                           rr->sshfp.fptype,
                           t);
              if (r < 0)
                      return NULL((void*)0);
              break;

      case DNS_TYPE_DNSKEY: {
              _cleanup_free___attribute__((cleanup(freep))) char *alg = NULL((void*)0);
              char *ss;
              int n;
              uint16_t key_tag;

              key_tag = dnssec_keytag(rr, true1);

              r = dnssec_algorithm_to_string_alloc(rr->dnskey.algorithm, &alg);
              if (r < 0)
                      return NULL((void*)0);

              r = asprintf(&s, "%s %u %u %s %n",
                           k,
                           rr->dnskey.flags,
                           rr->dnskey.protocol,
                           alg,
                           &n);
              if (r < 0)
                      return NULL((void*)0);

              r = base64_append(&s, n,
                                rr->dnskey.key, rr->dnskey.key_size,
                                8, columns());
              if (r < 0)
                      return NULL((void*)0);

              r = asprintf(&ss, "%s\n"
                           "        -- Flags:%s%s%s\n"
                           "        -- Key tag: %u",
                           s,
                           rr->dnskey.flags & DNSKEY_FLAG_SEP(1 << 0) ? " SEP" : "",
                           rr->dnskey.flags & DNSKEY_FLAG_REVOKE(1 << 7) ? " REVOKE" : "",
                           rr->dnskey.flags & DNSKEY_FLAG_ZONE_KEY(1 << 8) ? " ZONE_KEY" : "",
                           key_tag);
              if (r < 0)
                      return NULL((void*)0);
              free(s);
              s = ss;

              break;
      }

      case DNS_TYPE_RRSIG: {
              _cleanup_free___attribute__((cleanup(freep))) char *alg = NULL((void*)0);
              char expiration[STRLEN("YYYYMMDDHHmmSS")(sizeof("""YYYYMMDDHHmmSS""") - 1) + 1], inception[STRLEN("YYYYMMDDHHmmSS")(sizeof("""YYYYMMDDHHmmSS""") - 1) + 1];
              const char *type;
              int n;

              type = dns_type_to_string(rr->rrsig.type_covered);

              r = dnssec_algorithm_to_string_alloc(rr->rrsig.algorithm, &alg);
              if (r < 0)
                      return NULL((void*)0);

              r = format_timestamp_dns(expiration, sizeof(expiration), rr->rrsig.expiration);
              if (r < 0)
                      return NULL((void*)0);

              r = format_timestamp_dns(inception, sizeof(inception), rr->rrsig.inception);
              if (r < 0)
                      return NULL((void*)0);

              /* TYPE?? follows
               * http://tools.ietf.org/html/rfc3597#section-5 */

              r = asprintf(&s, "%s %s%.*u %s %u %u %s %s %u %s %n",
                           k,
                           type ?: "TYPE",
                           type ? 0 : 1, type ? 0u : (unsigned) rr->rrsig.type_covered,
                           alg,
                           rr->rrsig.labels,
                           rr->rrsig.original_ttl,
                           expiration,
                           inception,
                           rr->rrsig.key_tag,
                           rr->rrsig.signer,
                           &n);
              if (r < 0)
                      return NULL((void*)0);

              r = base64_append(&s, n,
                                rr->rrsig.signature, rr->rrsig.signature_size,
                                8, columns());
              if (r < 0)
                      return NULL((void*)0);

              break;
      }

      case DNS_TYPE_NSEC:
              t = format_types(rr->nsec.types);
              if (!t)
                      return NULL((void*)0);

              r = asprintf(&s, "%s %s %s",
                           k,
                           rr->nsec.next_domain_name,
                           t);
              if (r < 0)
                      return NULL((void*)0);
              break;

      case DNS_TYPE_NSEC3: {
              _cleanup_free___attribute__((cleanup(freep))) char *salt = NULL((void*)0), *hash = NULL((void*)0);

              if (rr->nsec3.salt_size > 0) {
                      salt = hexmem(rr->nsec3.salt, rr->nsec3.salt_size);
                      if (!salt)
                              return NULL((void*)0);
              }

              hash = base32hexmem(rr->nsec3.next_hashed_name, rr->nsec3.next_hashed_name_size, false0);
              if (!hash)
                      return NULL((void*)0);

              t = format_types(rr->nsec3.types);
              if (!t)
                      return NULL((void*)0);

              r = asprintf(&s, "%s %"PRIu8"u"" %"PRIu8"u"" %"PRIu16"u"" %s %s %s",
                           k,
                           rr->nsec3.algorithm,
                           rr->nsec3.flags,
                           rr->nsec3.iterations,
                           rr->nsec3.salt_size > 0 ? salt : "-",
                           hash,
                           t);
              if (r < 0)
                      return NULL((void*)0);

              break;
      }

      case DNS_TYPE_TLSA: {
              const char *cert_usage, *selector, *matching_type;

              cert_usage = tlsa_cert_usage_to_string(rr->tlsa.cert_usage);
              selector = tlsa_selector_to_string(rr->tlsa.selector);
              matching_type = tlsa_matching_type_to_string(rr->tlsa.matching_type);

              t = hexmem(rr->sshfp.fingerprint, rr->sshfp.fingerprint_size);
              if (!t)
                      return NULL((void*)0);

              r = asprintf(&s,
                           "%s %u %u %u %s\n"
                           "        -- Cert. usage: %s\n"
                           "        -- Selector: %s\n"
                           "        -- Matching type: %s",
                           k,
                           rr->tlsa.cert_usage,
                           rr->tlsa.selector,
                           rr->tlsa.matching_type,
                           t,
                           cert_usage,
                           selector,
                           matching_type);
              if (r < 0)
                      return NULL((void*)0);

              break;
      }

      case DNS_TYPE_CAA: {
              _cleanup_free___attribute__((cleanup(freep))) char *value;

              value = octescape(rr->caa.value, rr->caa.value_size);
              if (!value)
                      return NULL((void*)0);

              r = asprintf(&s, "%s %u %s \"%s\"%s%s%s%.0u",
                           k,
                           rr->caa.flags,
                           rr->caa.tag,
                           value,
                           rr->caa.flags ? "\n        -- Flags:" : "",
                           rr->caa.flags & CAA_FLAG_CRITICAL(1u << 7) ? " critical" : "",
                           rr->caa.flags & ~CAA_FLAG_CRITICAL(1u << 7) ? " " : "",
                           rr->caa.flags & ~CAA_FLAG_CRITICAL(1u << 7));
              if (r < 0)
                      return NULL((void*)0);

              break;
      }

      case DNS_TYPE_OPENPGPKEY: {
              int n;

              r = asprintf(&s, "%s %n",
                           k,
                           &n);
              if (r < 0)
                      return NULL((void*)0);

              r = base64_append(&s, n,
                                rr->generic.data, rr->generic.data_size,
                                8, columns());
              if (r < 0)
                      return NULL((void*)0);
              break;
      }

      default:
              t = hexmem(rr->generic.data, rr->generic.data_size);
              if (!t)
                      return NULL((void*)0);

              /* Format as documented in RFC 3597, Section 5 */
              r = asprintf(&s, "%s \\# %zu %s", k, rr->generic.data_size, t);
              if (r < 0)
                      return NULL((void*)0);
              break;
      }

      rr->to_string = s;
      return s;
1195}

1197ssize_t dns_resource_record_payload(DnsResourceRecord *rr, void **out) {
      assert(rr)do { if ((__builtin_expect(!!(!(rr)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("rr"), "../src/resolve/resolved-dns-rr.c"
, 1198, __PRETTY_FUNCTION__); } while (0);
      assert(out)do { if ((__builtin_expect(!!(!(out)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("out"), "../src/resolve/resolved-dns-rr.c"
, 1199, __PRETTY_FUNCTION__); } while (0);

      switch(rr->unparseable ? _DNS_TYPE_INVALID : rr->key->type) {
      case DNS_TYPE_SRV:
      case DNS_TYPE_PTR:
      case DNS_TYPE_NS:
      case DNS_TYPE_CNAME:
      case DNS_TYPE_DNAME:
      case DNS_TYPE_HINFO:
      case DNS_TYPE_SPF:
      case DNS_TYPE_TXT:
      case DNS_TYPE_A:
      case DNS_TYPE_AAAA:
      case DNS_TYPE_SOA:
      case DNS_TYPE_MX:
      case DNS_TYPE_LOC:
      case DNS_TYPE_DS:
      case DNS_TYPE_DNSKEY:
      case DNS_TYPE_RRSIG:
      case DNS_TYPE_NSEC:
      case DNS_TYPE_NSEC3:
              return -EINVAL22;

      case DNS_TYPE_SSHFP:
              *out = rr->sshfp.fingerprint;
              return rr->sshfp.fingerprint_size;

      case DNS_TYPE_TLSA:
              *out = rr->tlsa.data;
              return rr->tlsa.data_size;

      case DNS_TYPE_OPENPGPKEY:
      default:
              *out = rr->generic.data;
              return rr->generic.data_size;
      }
1235}

1237int dns_resource_record_to_wire_format(DnsResourceRecord *rr, bool_Bool canonical) {

      DnsPacket packet = {
              .n_ref = 1,
              .protocol = DNS_PROTOCOL_DNS,
              .on_stack = true1,
              .refuse_compression = true1,
              .canonical_form = canonical,
      };

      size_t start, rds;
      int r;

      assert(rr)do { if ((__builtin_expect(!!(!(rr)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("rr"), "../src/resolve/resolved-dns-rr.c"
, 1250, __PRETTY_FUNCTION__); } while (0);

      /* Generates the RR in wire-format, optionally in the
       * canonical form as discussed in the DNSSEC RFC 4034, Section
       * 6.2. We allocate a throw-away DnsPacket object on the stack
       * here, because we need some book-keeping for memory
       * management, and can reuse the DnsPacket serializer, that
       * can generate the canonical form, too, but also knows label
       * compression and suchlike. */

      if (rr->wire_format && rr->wire_format_canonical == canonical)
              return 0;

      r = dns_packet_append_rr(&packet, rr, 0, &start, &rds);
      if (r < 0)
              return r;

      assert(start == 0)do { if ((__builtin_expect(!!(!(start == 0)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("start == 0"), "../src/resolve/resolved-dns-rr.c"
, 1267, __PRETTY_FUNCTION__); } while (0);
      assert(packet._data)do { if ((__builtin_expect(!!(!(packet._data)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("packet._data"), "../src/resolve/resolved-dns-rr.c"
, 1268, __PRETTY_FUNCTION__); } while (0);

      free(rr->wire_format);
      rr->wire_format = packet._data;
      rr->wire_format_size = packet.size;
      rr->wire_format_rdata_offset = rds;
      rr->wire_format_canonical = canonical;

      packet._data = NULL((void*)0);
      dns_packet_unref(&packet);

      return 0;
1280}

1282int dns_resource_record_signer(DnsResourceRecord *rr, const char **ret) {
      const char *n;
      int r;

      assert(rr)do { if ((__builtin_expect(!!(!(rr)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("rr"), "../src/resolve/resolved-dns-rr.c"
, 1286, __PRETTY_FUNCTION__); } while (0);
      assert(ret)do { if ((__builtin_expect(!!(!(ret)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("ret"), "../src/resolve/resolved-dns-rr.c"
, 1287, __PRETTY_FUNCTION__); } while (0);

      /* Returns the RRset's signer, if it is known. */

      if (rr->n_skip_labels_signer == (unsigned) -1)
              return -ENODATA61;

      n = dns_resource_key_name(rr->key);
      r = dns_name_skip(n, rr->n_skip_labels_signer, &n);
      if (r < 0)
              return r;
      if (r == 0)
              return -EINVAL22;

      *ret = n;
      return 0;
1303}

1305int dns_resource_record_source(DnsResourceRecord *rr, const char **ret) {
      const char *n;
      int r;

      assert(rr)do { if ((__builtin_expect(!!(!(rr)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("rr"), "../src/resolve/resolved-dns-rr.c"
, 1309, __PRETTY_FUNCTION__); } while (0);
      assert(ret)do { if ((__builtin_expect(!!(!(ret)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("ret"), "../src/resolve/resolved-dns-rr.c"
, 1310, __PRETTY_FUNCTION__); } while (0);

      /* Returns the RRset's synthesizing source, if it is known. */

      if (rr->n_skip_labels_source == (unsigned) -1)
              return -ENODATA61;

      n = dns_resource_key_name(rr->key);
      r = dns_name_skip(n, rr->n_skip_labels_source, &n);
      if (r < 0)
              return r;
      if (r == 0)
              return -EINVAL22;

      *ret = n;
      return 0;
1326}

1328int dns_resource_record_is_signer(DnsResourceRecord *rr, const char *zone) {
      const char *signer;
      int r;

      assert(rr)do { if ((__builtin_expect(!!(!(rr)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("rr"), "../src/resolve/resolved-dns-rr.c"
, 1332, __PRETTY_FUNCTION__); } while (0);

      r = dns_resource_record_signer(rr, &signer);
      if (r < 0)
              return r;

      return dns_name_equal(zone, signer);
1339}

1341int dns_resource_record_is_synthetic(DnsResourceRecord *rr) {
      int r;

      assert(rr)do { if ((__builtin_expect(!!(!(rr)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("rr"), "../src/resolve/resolved-dns-rr.c"
, 1344, __PRETTY_FUNCTION__); } while (0);

      /* Returns > 0 if the RR is generated from a wildcard, and is not the asterisk name itself */

      if (rr->n_skip_labels_source == (unsigned) -1)
              return -ENODATA61;

      if (rr->n_skip_labels_source == 0)
              return 0;

      if (rr->n_skip_labels_source > 1)
              return 1;

      r = dns_name_startswith(dns_resource_key_name(rr->key), "*");
      if (r < 0)
              return r;

      return !r;
1362}

1364void dns_resource_record_hash_func(const void *i, struct siphash *state) {
      const DnsResourceRecord *rr = i;

      assert(rr)do { if ((__builtin_expect(!!(!(rr)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("rr"), "../src/resolve/resolved-dns-rr.c"
, 1367, __PRETTY_FUNCTION__); } while (0);

      dns_resource_key_hash_func(rr->key, state);

      switch (rr->unparseable ? _DNS_TYPE_INVALID : rr->key->type) {

      case DNS_TYPE_SRV:
              siphash24_compress(&rr->srv.priority, sizeof(rr->srv.priority), state);
              siphash24_compress(&rr->srv.weight, sizeof(rr->srv.weight), state);
              siphash24_compress(&rr->srv.port, sizeof(rr->srv.port), state);
              dns_name_hash_func(rr->srv.name, state);
              break;

      case DNS_TYPE_PTR:
      case DNS_TYPE_NS:
      case DNS_TYPE_CNAME:
      case DNS_TYPE_DNAME:
              dns_name_hash_func(rr->ptr.name, state);
              break;

      case DNS_TYPE_HINFO:
              string_hash_func(rr->hinfo.cpu, state);
              string_hash_func(rr->hinfo.os, state);
              break;

      case DNS_TYPE_TXT:
      case DNS_TYPE_SPF: {
              DnsTxtItem *j;

              LIST_FOREACH(items, j, rr->txt.items)for ((j) = (rr->txt.items); (j); (j) = (j)->items_next) {
                      siphash24_compress(j->data, j->length, state);

                      /* Add an extra NUL byte, so that "a" followed by "b" doesn't result in the same hash as "ab"
                       * followed by "". */
                      siphash24_compress_byte(0, state)siphash24_compress((const uint8_t[]) { (0) }, 1, (state));
              }
              break;
      }

      case DNS_TYPE_A:
              siphash24_compress(&rr->a.in_addr, sizeof(rr->a.in_addr), state);
              break;

      case DNS_TYPE_AAAA:
              siphash24_compress(&rr->aaaa.in6_addr, sizeof(rr->aaaa.in6_addr), state);
              break;

      case DNS_TYPE_SOA:
              dns_name_hash_func(rr->soa.mname, state);
              dns_name_hash_func(rr->soa.rname, state);
              siphash24_compress(&rr->soa.serial, sizeof(rr->soa.serial), state);
              siphash24_compress(&rr->soa.refresh, sizeof(rr->soa.refresh), state);
              siphash24_compress(&rr->soa.retry, sizeof(rr->soa.retry), state);
              siphash24_compress(&rr->soa.expire, sizeof(rr->soa.expire), state);
              siphash24_compress(&rr->soa.minimum, sizeof(rr->soa.minimum), state);
              break;

      case DNS_TYPE_MX:
              siphash24_compress(&rr->mx.priority, sizeof(rr->mx.priority), state);
              dns_name_hash_func(rr->mx.exchange, state);
              break;

      case DNS_TYPE_LOC:
              siphash24_compress(&rr->loc.version, sizeof(rr->loc.version), state);
              siphash24_compress(&rr->loc.size, sizeof(rr->loc.size), state);
              siphash24_compress(&rr->loc.horiz_pre, sizeof(rr->loc.horiz_pre), state);
              siphash24_compress(&rr->loc.vert_pre, sizeof(rr->loc.vert_pre), state);
              siphash24_compress(&rr->loc.latitude, sizeof(rr->loc.latitude), state);
              siphash24_compress(&rr->loc.longitude, sizeof(rr->loc.longitude), state);
              siphash24_compress(&rr->loc.altitude, sizeof(rr->loc.altitude), state);
              break;

      case DNS_TYPE_SSHFP:
              siphash24_compress(&rr->sshfp.algorithm, sizeof(rr->sshfp.algorithm), state);
              siphash24_compress(&rr->sshfp.fptype, sizeof(rr->sshfp.fptype), state);
              siphash24_compress(rr->sshfp.fingerprint, rr->sshfp.fingerprint_size, state);
              break;

      case DNS_TYPE_DNSKEY:
              siphash24_compress(&rr->dnskey.flags, sizeof(rr->dnskey.flags), state);
              siphash24_compress(&rr->dnskey.protocol, sizeof(rr->dnskey.protocol), state);
              siphash24_compress(&rr->dnskey.algorithm, sizeof(rr->dnskey.algorithm), state);
              siphash24_compress(rr->dnskey.key, rr->dnskey.key_size, state);
              break;

      case DNS_TYPE_RRSIG:
              siphash24_compress(&rr->rrsig.type_covered, sizeof(rr->rrsig.type_covered), state);
              siphash24_compress(&rr->rrsig.algorithm, sizeof(rr->rrsig.algorithm), state);
              siphash24_compress(&rr->rrsig.labels, sizeof(rr->rrsig.labels), state);
              siphash24_compress(&rr->rrsig.original_ttl, sizeof(rr->rrsig.original_ttl), state);
              siphash24_compress(&rr->rrsig.expiration, sizeof(rr->rrsig.expiration), state);
              siphash24_compress(&rr->rrsig.inception, sizeof(rr->rrsig.inception), state);
              siphash24_compress(&rr->rrsig.key_tag, sizeof(rr->rrsig.key_tag), state);
              dns_name_hash_func(rr->rrsig.signer, state);
              siphash24_compress(rr->rrsig.signature, rr->rrsig.signature_size, state);
              break;

      case DNS_TYPE_NSEC:
              dns_name_hash_func(rr->nsec.next_domain_name, state);
              /* FIXME: we leave out the type bitmap here. Hash
               * would be better if we'd take it into account
               * too. */
              break;

      case DNS_TYPE_DS:
              siphash24_compress(&rr->ds.key_tag, sizeof(rr->ds.key_tag), state);
              siphash24_compress(&rr->ds.algorithm, sizeof(rr->ds.algorithm), state);
              siphash24_compress(&rr->ds.digest_type, sizeof(rr->ds.digest_type), state);
              siphash24_compress(rr->ds.digest, rr->ds.digest_size, state);
              break;

      case DNS_TYPE_NSEC3:
              siphash24_compress(&rr->nsec3.algorithm, sizeof(rr->nsec3.algorithm), state);
              siphash24_compress(&rr->nsec3.flags, sizeof(rr->nsec3.flags), state);
              siphash24_compress(&rr->nsec3.iterations, sizeof(rr->nsec3.iterations), state);
              siphash24_compress(rr->nsec3.salt, rr->nsec3.salt_size, state);
              siphash24_compress(rr->nsec3.next_hashed_name, rr->nsec3.next_hashed_name_size, state);
              /* FIXME: We leave the bitmaps out */
              break;

      case DNS_TYPE_TLSA:
              siphash24_compress(&rr->tlsa.cert_usage, sizeof(rr->tlsa.cert_usage), state);
              siphash24_compress(&rr->tlsa.selector, sizeof(rr->tlsa.selector), state);
              siphash24_compress(&rr->tlsa.matching_type, sizeof(rr->tlsa.matching_type), state);
              siphash24_compress(rr->tlsa.data, rr->tlsa.data_size, state);
              break;

      case DNS_TYPE_CAA:
              siphash24_compress(&rr->caa.flags, sizeof(rr->caa.flags), state);
              string_hash_func(rr->caa.tag, state);
              siphash24_compress(rr->caa.value, rr->caa.value_size, state);
              break;

      case DNS_TYPE_OPENPGPKEY:
      default:
              siphash24_compress(rr->generic.data, rr->generic.data_size, state);
              break;
      }
1505}

1507static int dns_resource_record_compare_func(const void *a, const void *b) {
      const DnsResourceRecord *x = a, *y = b;
      int ret;

      ret = dns_resource_key_compare_func(x->key, y->key);
      if (ret != 0)
              return ret;

      if (dns_resource_record_equal(x, y))
              return 0;

      /* This is a bit dirty, we don't implement proper ordering, but
       * the hashtable doesn't need ordering anyway, hence we don't
       * care. */
      return x < y ? -1 : 1;
1522}

1524const struct hash_ops dns_resource_record_hash_ops = {
      .hash = dns_resource_record_hash_func,
      .compare = dns_resource_record_compare_func,
1527};

1529DnsResourceRecord *dns_resource_record_copy(DnsResourceRecord *rr) {
      _cleanup_(dns_resource_record_unrefp)__attribute__((cleanup(dns_resource_record_unrefp))) DnsResourceRecord *copy = NULL((void*)0);
      DnsResourceRecord *t;

      assert(rr)do { if ((__builtin_expect(!!(!(rr)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("rr"), "../src/resolve/resolved-dns-rr.c"
, 1533, __PRETTY_FUNCTION__); } while (0);

      copy = dns_resource_record_new(rr->key);
      if (!copy)
              return NULL((void*)0);

      copy->ttl = rr->ttl;
      copy->expiry = rr->expiry;
      copy->n_skip_labels_signer = rr->n_skip_labels_signer;
      copy->n_skip_labels_source = rr->n_skip_labels_source;
      copy->unparseable = rr->unparseable;

      switch (rr->unparseable ? _DNS_TYPE_INVALID : rr->key->type) {

      case DNS_TYPE_SRV:
              copy->srv.priority = rr->srv.priority;
              copy->srv.weight = rr->srv.weight;
              copy->srv.port = rr->srv.port;
              copy->srv.name = strdup(rr->srv.name);
              if (!copy->srv.name)
                      return NULL((void*)0);
              break;

      case DNS_TYPE_PTR:
      case DNS_TYPE_NS:
      case DNS_TYPE_CNAME:
      case DNS_TYPE_DNAME:
              copy->ptr.name = strdup(rr->ptr.name);
              if (!copy->ptr.name)
                      return NULL((void*)0);
              break;

      case DNS_TYPE_HINFO:
              copy->hinfo.cpu = strdup(rr->hinfo.cpu);
              if (!copy->hinfo.cpu)
                      return NULL((void*)0);

              copy->hinfo.os = strdup(rr->hinfo.os);
              if (!copy->hinfo.os)
                      return NULL((void*)0);
              break;

      case DNS_TYPE_TXT:
      case DNS_TYPE_SPF:
              copy->txt.items = dns_txt_item_copy(rr->txt.items);
              if (!copy->txt.items)
                      return NULL((void*)0);
              break;

      case DNS_TYPE_A:
              copy->a = rr->a;
              break;

      case DNS_TYPE_AAAA:
              copy->aaaa = rr->aaaa;
              break;

      case DNS_TYPE_SOA:
              copy->soa.mname = strdup(rr->soa.mname);
              if (!copy->soa.mname)
                      return NULL((void*)0);
              copy->soa.rname = strdup(rr->soa.rname);
              if (!copy->soa.rname)
                      return NULL((void*)0);
              copy->soa.serial = rr->soa.serial;
              copy->soa.refresh = rr->soa.refresh;
              copy->soa.retry = rr->soa.retry;
              copy->soa.expire = rr->soa.expire;
              copy->soa.minimum = rr->soa.minimum;
              break;

      case DNS_TYPE_MX:
              copy->mx.priority = rr->mx.priority;
              copy->mx.exchange = strdup(rr->mx.exchange);
              if (!copy->mx.exchange)
                      return NULL((void*)0);
              break;

      case DNS_TYPE_LOC:
              copy->loc = rr->loc;
              break;

      case DNS_TYPE_SSHFP:
              copy->sshfp.algorithm = rr->sshfp.algorithm;
              copy->sshfp.fptype = rr->sshfp.fptype;
              copy->sshfp.fingerprint = memdup(rr->sshfp.fingerprint, rr->sshfp.fingerprint_size);
              if (!copy->sshfp.fingerprint)
                      return NULL((void*)0);
              copy->sshfp.fingerprint_size = rr->sshfp.fingerprint_size;
              break;

      case DNS_TYPE_DNSKEY:
              copy->dnskey.flags = rr->dnskey.flags;
              copy->dnskey.protocol = rr->dnskey.protocol;
              copy->dnskey.algorithm = rr->dnskey.algorithm;
              copy->dnskey.key = memdup(rr->dnskey.key, rr->dnskey.key_size);
              if (!copy->dnskey.key)
                      return NULL((void*)0);
              copy->dnskey.key_size = rr->dnskey.key_size;
              break;

      case DNS_TYPE_RRSIG:
              copy->rrsig.type_covered = rr->rrsig.type_covered;
              copy->rrsig.algorithm = rr->rrsig.algorithm;
              copy->rrsig.labels = rr->rrsig.labels;
              copy->rrsig.original_ttl = rr->rrsig.original_ttl;
              copy->rrsig.expiration = rr->rrsig.expiration;
              copy->rrsig.inception = rr->rrsig.inception;
              copy->rrsig.key_tag = rr->rrsig.key_tag;
              copy->rrsig.signer = strdup(rr->rrsig.signer);
              if (!copy->rrsig.signer)
                      return NULL((void*)0);
              copy->rrsig.signature = memdup(rr->rrsig.signature, rr->rrsig.signature_size);
              if (!copy->rrsig.signature)
                      return NULL((void*)0);
              copy->rrsig.signature_size = rr->rrsig.signature_size;
              break;

      case DNS_TYPE_NSEC:
              copy->nsec.next_domain_name = strdup(rr->nsec.next_domain_name);
              if (!copy->nsec.next_domain_name)
                      return NULL((void*)0);
              copy->nsec.types = bitmap_copy(rr->nsec.types);
              if (!copy->nsec.types)
                      return NULL((void*)0);
              break;

      case DNS_TYPE_DS:
              copy->ds.key_tag = rr->ds.key_tag;
              copy->ds.algorithm = rr->ds.algorithm;
              copy->ds.digest_type = rr->ds.digest_type;
              copy->ds.digest = memdup(rr->ds.digest, rr->ds.digest_size);
              if (!copy->ds.digest)
                      return NULL((void*)0);
              copy->ds.digest_size = rr->ds.digest_size;
              break;

      case DNS_TYPE_NSEC3:
              copy->nsec3.algorithm = rr->nsec3.algorithm;
              copy->nsec3.flags = rr->nsec3.flags;
              copy->nsec3.iterations = rr->nsec3.iterations;
              copy->nsec3.salt = memdup(rr->nsec3.salt, rr->nsec3.salt_size);
              if (!copy->nsec3.salt)
                      return NULL((void*)0);
              copy->nsec3.salt_size = rr->nsec3.salt_size;
              copy->nsec3.next_hashed_name = memdup(rr->nsec3.next_hashed_name, rr->nsec3.next_hashed_name_size);
              if (!copy->nsec3.next_hashed_name_size)
                      return NULL((void*)0);
              copy->nsec3.next_hashed_name_size = rr->nsec3.next_hashed_name_size;
              copy->nsec3.types = bitmap_copy(rr->nsec3.types);
              if (!copy->nsec3.types)
                      return NULL((void*)0);
              break;

      case DNS_TYPE_TLSA:
              copy->tlsa.cert_usage = rr->tlsa.cert_usage;
              copy->tlsa.selector = rr->tlsa.selector;
              copy->tlsa.matching_type = rr->tlsa.matching_type;
              copy->tlsa.data = memdup(rr->tlsa.data, rr->tlsa.data_size);
              if (!copy->tlsa.data)
                      return NULL((void*)0);
              copy->tlsa.data_size = rr->tlsa.data_size;
              break;

      case DNS_TYPE_CAA:
              copy->caa.flags = rr->caa.flags;
              copy->caa.tag = strdup(rr->caa.tag);
              if (!copy->caa.tag)
                      return NULL((void*)0);
              copy->caa.value = memdup(rr->caa.value, rr->caa.value_size);
              if (!copy->caa.value)
                      return NULL((void*)0);
              copy->caa.value_size = rr->caa.value_size;
              break;

      case DNS_TYPE_OPT:
      default:
              copy->generic.data = memdup(rr->generic.data, rr->generic.data_size);
              if (!copy->generic.data)
                      return NULL((void*)0);
              copy->generic.data_size = rr->generic.data_size;
              break;
      }

      t = TAKE_PTR(copy)({ typeof(copy) _ptr_ = (copy); (copy) = ((void*)0); _ptr_; }
);

      return t;
1720}

1722int dns_resource_record_clamp_ttl(DnsResourceRecord **rr, uint32_t max_ttl) {
      DnsResourceRecord *old_rr, *new_rr;
      uint32_t new_ttl;

      assert(rr)do { if ((__builtin_expect(!!(!(rr)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("rr"), "../src/resolve/resolved-dns-rr.c"
, 1726, __PRETTY_FUNCTION__); } while (0);
      old_rr = *rr;

      if (old_rr->key->type == DNS_TYPE_OPT)
              return -EINVAL22;

      new_ttl = MIN(old_rr->ttl, max_ttl)__extension__ ({ const typeof((old_rr->ttl)) __unique_prefix_A17
 = ((old_rr->ttl)); const typeof((max_ttl)) __unique_prefix_B18
 = ((max_ttl)); __unique_prefix_A17 < __unique_prefix_B18 ?
 __unique_prefix_A17 : __unique_prefix_B18; });
      if (new_ttl == old_rr->ttl)
              return 0;

      if (old_rr->n_ref == 1) {
              /* Patch in place */
              old_rr->ttl = new_ttl;
              return 1;
      }

      new_rr = dns_resource_record_copy(old_rr);
      if (!new_rr)
              return -ENOMEM12;

      new_rr->ttl = new_ttl;

      dns_resource_record_unref(*rr);
      *rr = new_rr;

      return 1;
1752}

1754DnsTxtItem *dns_txt_item_free_all(DnsTxtItem *i) {
      DnsTxtItem *n;

      if (!i)
              return NULL((void*)0);

      n = i->items_next;

      free(i);
      return dns_txt_item_free_all(n);
1764}

1766bool_Bool dns_txt_item_equal(DnsTxtItem *a, DnsTxtItem *b) {

      if (a == b)
              return true1;

      if (!a != !b)
              return false0;

      if (!a)
              return true1;

      if (a->length != b->length)
              return false0;

      if (memcmp(a->data, b->data, a->length) != 0)
              return false0;

      return dns_txt_item_equal(a->items_next, b->items_next);
1784}

1786DnsTxtItem *dns_txt_item_copy(DnsTxtItem *first) {
      DnsTxtItem *i, *copy = NULL((void*)0), *end = NULL((void*)0);

      LIST_FOREACH(items, i, first)for ((i) = (first); (i); (i) = (i)->items_next) {
              DnsTxtItem *j;

              j = memdup(i, offsetof(DnsTxtItem, data)__builtin_offsetof(DnsTxtItem, data) + i->length + 1);
              if (!j) {
                      dns_txt_item_free_all(copy);
                      return NULL((void*)0);
              }

              LIST_INSERT_AFTER(items, copy, end, j)do { typeof(*(copy)) **_head = &(copy), *_a = (end), *_b =
 (j); do { if ((__builtin_expect(!!(!(_b)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("_b"), "../src/resolve/resolved-dns-rr.c"
, 1798, __PRETTY_FUNCTION__); } while (0); if (!_a) { if ((_b
->items_next = *_head)) _b->items_next->items_prev =
 _b; _b->items_prev = ((void*)0); *_head = _b; } else { if
 ((_b->items_next = _a->items_next)) _b->items_next->
items_prev = _b; _b->items_prev = _a; _a->items_next = _b
; } } while (0);
              end = j;
      }

      return copy;
1803}

1805int dns_txt_item_new_empty(DnsTxtItem **ret) {
      DnsTxtItem *i;

      /* RFC 6763, section 6.1 suggests to treat
       * empty TXT RRs as equivalent to a TXT record
       * with a single empty string. */

      i = malloc0(offsetof(DnsTxtItem, data) + 1)(calloc(1, (__builtin_offsetof(DnsTxtItem, data) + 1))); /* for safety reasons we add an extra NUL byte */
      if (!i)
              return -ENOMEM12;

      *ret = i;

      return 0;
1819}

1821static const char* const dnssec_algorithm_table[_DNSSEC_ALGORITHM_MAX_DEFINED] = {
      /* Mnemonics as listed on https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */
      [DNSSEC_ALGORITHM_RSAMD5]             = "RSAMD5",
      [DNSSEC_ALGORITHM_DH]                 = "DH",
      [DNSSEC_ALGORITHM_DSA]                = "DSA",
      [DNSSEC_ALGORITHM_ECC]                = "ECC",
      [DNSSEC_ALGORITHM_RSASHA1]            = "RSASHA1",
      [DNSSEC_ALGORITHM_DSA_NSEC3_SHA1]     = "DSA-NSEC3-SHA1",
      [DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1] = "RSASHA1-NSEC3-SHA1",
      [DNSSEC_ALGORITHM_RSASHA256]          = "RSASHA256",
      [DNSSEC_ALGORITHM_RSASHA512]          = "RSASHA512",
      [DNSSEC_ALGORITHM_ECC_GOST]           = "ECC-GOST",
      [DNSSEC_ALGORITHM_ECDSAP256SHA256]    = "ECDSAP256SHA256",
      [DNSSEC_ALGORITHM_ECDSAP384SHA384]    = "ECDSAP384SHA384",
      [DNSSEC_ALGORITHM_ED25519]            = "ED25519",
      [DNSSEC_ALGORITHM_ED448]              = "ED448",
      [DNSSEC_ALGORITHM_INDIRECT]           = "INDIRECT",
      [DNSSEC_ALGORITHM_PRIVATEDNS]         = "PRIVATEDNS",
      [DNSSEC_ALGORITHM_PRIVATEOID]         = "PRIVATEOID",
1840};
1841DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(dnssec_algorithm, int, 255)int dnssec_algorithm_to_string_alloc(int i, char **str) { char
 *s; if (i < 0 || i > 255) return -34; if (i < (int)
 __extension__ (__builtin_choose_expr( !__builtin_types_compatible_p
(typeof(dnssec_algorithm_table), typeof(&*(dnssec_algorithm_table
))), sizeof(dnssec_algorithm_table)/sizeof((dnssec_algorithm_table
)[0]), ((void)0)))) { s = strdup(dnssec_algorithm_table[i]); if
 (!s) return -12; } else { if (asprintf(&s, "%i", i) <
 0) return -12; } *str = s; return 0; } int dnssec_algorithm_from_string
(const char *s) { int i; unsigned u = 0; if (!s) return (int)
 -1; for (i = 0; i < (int) __extension__ (__builtin_choose_expr
( !__builtin_types_compatible_p(typeof(dnssec_algorithm_table
), typeof(&*(dnssec_algorithm_table))), sizeof(dnssec_algorithm_table
)/sizeof((dnssec_algorithm_table)[0]), ((void)0))); i++) if (
streq_ptr(dnssec_algorithm_table[i], s)) return i; if (safe_atou
(s, &u) >= 0 && u <= 255) return (int) u; return
 (int) -1; };

1843static const char* const dnssec_digest_table[_DNSSEC_DIGEST_MAX_DEFINED] = {
      /* Names as listed on https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
      [DNSSEC_DIGEST_SHA1] = "SHA-1",
      [DNSSEC_DIGEST_SHA256] = "SHA-256",
      [DNSSEC_DIGEST_GOST_R_34_11_94] = "GOST_R_34.11-94",
      [DNSSEC_DIGEST_SHA384] = "SHA-384",
1849};
1850DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(dnssec_digest, int, 255)int dnssec_digest_to_string_alloc(int i, char **str) { char *
s; if (i < 0 || i > 255) return -34; if (i < (int) __extension__
 (__builtin_choose_expr( !__builtin_types_compatible_p(typeof
(dnssec_digest_table), typeof(&*(dnssec_digest_table))), sizeof
(dnssec_digest_table)/sizeof((dnssec_digest_table)[0]), ((void
)0)))) { s = strdup(dnssec_digest_table[i]); if (!s) return -
12; } else { if (asprintf(&s, "%i", i) < 0) return -12
; } *str = s; return 0; } int dnssec_digest_from_string(const
 char *s) { int i; unsigned u = 0; if (!s) return (int) -1; for
 (i = 0; i < (int) __extension__ (__builtin_choose_expr( !
__builtin_types_compatible_p(typeof(dnssec_digest_table), typeof
(&*(dnssec_digest_table))), sizeof(dnssec_digest_table)/sizeof
((dnssec_digest_table)[0]), ((void)0))); i++) if (streq_ptr(dnssec_digest_table
[i], s)) return i; if (safe_atou(s, &u) >= 0 &&
 u <= 255) return (int) u; return (int) -1; };