From 7e103217c684b7e0012f3ffb44fb9cc5518a25b7 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Wed, 1 Nov 2017 16:47:28 +0100 Subject: [PATCH] unsigned RRs in authority section with BIND when +CD flag is used --- src/dnssec.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/dnssec.c b/src/dnssec.c index 57664c39..a4de8b1c 100644 --- a/src/dnssec.c +++ b/src/dnssec.c @@ -802,11 +802,14 @@ static void add_pkt2val_chain(struct mem_funcs *mf, if (is_synthesized_cname(rrset)) continue; + if (!(rrsig = _getdns_rrsig_iter_init(&rrsig_spc, rrset)) + && _getdns_rr_iter_section(&i->rr_i) != SECTION_ANSWER) + continue; /* No sigs in authority section is okayish */ + if (!(head = add_rrset2val_chain(mf, chain_p, rrset, netreq))) continue; - for ( rrsig = _getdns_rrsig_iter_init(&rrsig_spc, rrset), n_rrsigs = 0 - ; rrsig + for ( n_rrsigs = 0; rrsig ; rrsig = _getdns_rrsig_iter_next(rrsig), n_rrsigs++) { /* Signature, so lookup DS/DNSKEY at signer's name */