interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix dnssec validation of direct CNAME queries 

Thanks Simson L. Garfinkel.
This commit is contained in:
Willem Toorop 2015-09-08 10:52:04 +02:00
parent 560f168460
commit 46ea366f5f
2 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -1,5 +1,7 @@
* 2015-09-??: Version 0.3.3 * 2015-09-??: Version 0.3.3
* Fix clearing upstream events on shutdown * Fix clearing upstream events on shutdown
* Fix dnssec validation of direct CNAME queries.
Thanks Simson L. Garfinkel.
* 2015-09-04: Version 0.3.2 * 2015-09-04: Version 0.3.2
* Fix returned upstreams list by getdns_context_get_api_information() * Fix returned upstreams list by getdns_context_get_api_information()

9
src/dnssec.c
View File

@ -1065,8 +1065,17 @@ static void add_question2val_chain(struct mem_funcs *mf,
q_rrset.name = _getdns_rdf_if_or_as_decompressed( q_rrset.name = _getdns_rdf_if_or_as_decompressed(
rdf, cname_spc, &cname_len); rdf, cname_spc, &cname_len);
} }
/* If the qtype was a CNAME, and we got one, we'r done.
* We asked for it directly, so no redirection applies.
* Otherwise we have to check the refered to name/qtype.
*/
if (qtype == GETDNS_RRTYPE_CNAME && q_rrset.name != qname)
return;
q_rrset.rr_type = qtype; q_rrset.rr_type = qtype;
if (!(rr = rrtype_iter_init(&rr_spc, &q_rrset))) { if (!(rr = rrtype_iter_init(&rr_spc, &q_rrset))) {
/* No answer for the question. Add a head for this rrset /* No answer for the question. Add a head for this rrset
* anyway, to validate proof of non-existance, or to find * anyway, to validate proof of non-existance, or to find
* proof that the packet is insecure. * proof that the packet is insecure.