Merge branch '4314-dns_ncache_current-fails-to-set-covered-correctly' into 'main'

Resolve "dns_ncache_current fails to set covered correctly" Closes #4314 See merge request isc-projects/bind9!8300
2026-05-28 04:34:54 -04:00 · 2023-09-18 05:42:05 +00:00 · 2023-09-18 05:42:05 +00:00 · c2b6f4357d
commit c2b6f4357d
parent b0b0aac505 80298ade33
3 changed files with 15 additions and 1 deletions
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+6250.	[bug]		The wrong covered value was being set by
+			dns_ncache_current for RRSIG records in the returned
+			rdataset structure. This resulted in TYPE0 being
+			reported as the covered value of the RRSIG when dumping
+			the cache contents. [GL #4314]
+
 6249.	[cleanup]	Reduce the number of reserved UDP dispatches
 			to the number of loops, replace the round-robin
 			mechanism in dns_dispatchset_t with dispatches
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@ -377,6 +377,14 @@ if [ -x "${DELV}" ] ; then
   status=$((status+ret))
 fi

+echo_i "checking RRSIG covered type in negative cache entry ($n)"
+ret=0
+rndc_dumpdb ns4
+grep -F '; example. RRSIG NSEC ...' ns4/named_dump.db.test$n > /dev/null || ret=1
+n=$((n+1))
+test "$ret" -eq 0 || echo_i "failed"
+status=$((status+ret))
+
 echo_i "checking negative validation NXDOMAIN NSEC3 ($n)"
 ret=0
 dig_with_opts +noauth q.nsec3.example. \
--- a/lib/dns/ncache.c
+++ b/lib/dns/ncache.c
@ -722,7 +722,7 @@ dns_ncache_current(dns_rdataset_t *ncacherdataset, dns_name_t *found,
 		raw += 2;
 		sigregion.base = raw;
 		dns_rdata_reset(&rdata);
-		dns_rdata_fromregion(&rdata, rdataset->rdclass, rdataset->type,
+		dns_rdata_fromregion(&rdata, ncacherdataset->rdclass, type,
 				     &sigregion);
 		(void)dns_rdata_tostruct(&rdata, &rrsig, NULL);
 		covers = rrsig.covered;