upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

wildcard DNAME detect

Browse source 
git-svn-id: file:///svn/unbound/trunk@585 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2007-09-04 12:57:40 +00:00
parent 0e11cd160d
commit d45774fe03
2 changed files with 7 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
doc/Changelog
View file

@ -7,6 +7,7 @@
- neater testbound tpkg output.
- DNAMEs no longer match their apex when synthesized from the cache.
- find correct signer name for DNAME responses.
- wildcarded DNAME test and fixup code to detect.
3 September 2007: Wouter
- Fixed error in iterator that would cause assertion failure in

13
validator/validator.c
View file

@ -335,7 +335,7 @@ validate_msg_signatures(struct module_env* env, struct val_env* ve,
* message is BAD. */
if(sec != sec_status_secure) {
log_nametypeclass(VERB_DETAIL, "validator: response "
"has failed ANSWER rrset: ", s->rk.dname,
"has failed ANSWER rrset:", s->rk.dname,
ntohs(s->rk.type), ntohs(s->rk.rrset_class));
chase_reply->security = sec_status_bogus;
return 0;
@ -358,7 +358,7 @@ validate_msg_signatures(struct module_env* env, struct val_env* ve,
* we have a bad message. */
if(sec != sec_status_secure) {
log_nametypeclass(VERB_DETAIL, "validator: response "
"has failed AUTHORITY rrset: ", s->rk.dname,
"has failed AUTHORITY rrset:", s->rk.dname,
ntohs(s->rk.type), ntohs(s->rk.rrset_class));
chase_reply->security = sec_status_bogus;
return 0;
@ -408,7 +408,7 @@ validate_positive_response(struct query_info* qchase,
* made in the authority section. */
if(!val_rrset_wildcard(s, &wc)) {
log_nametypeclass(VERB_DETAIL, "Positive response has "
"inconsistent wildcard sigs: ", s->rk.dname,
"inconsistent wildcard sigs:", s->rk.dname,
ntohs(s->rk.type), ntohs(s->rk.rrset_class));
chase_reply->security = sec_status_bogus;
return;
@ -697,7 +697,7 @@ validate_cname_response(struct query_info* qchase,
* made in the authority section. */
if(!val_rrset_wildcard(s, &wc)) {
log_nametypeclass(VERB_DETAIL, "Cname response has "
"inconsistent wildcard sigs: ", s->rk.dname,
"inconsistent wildcard sigs:", s->rk.dname,
ntohs(s->rk.type), ntohs(s->rk.rrset_class));
chase_reply->security = sec_status_bogus;
return;
@ -707,10 +707,9 @@ validate_cname_response(struct query_info* qchase,
* Do not follow a wildcarded DNAME because
* its synthesized CNAME expansion is underdefined */
if(qchase->qtype != LDNS_RR_TYPE_DNAME &&
ntohs(s->rk.type) == LDNS_RR_TYPE_DNAME &&
dname_is_wild(s->rk.dname)) {
ntohs(s->rk.type) == LDNS_RR_TYPE_DNAME && wc) {
log_nametypeclass(VERB_DETAIL, "cannot validate a "
"wildcarded DNAME: ", s->rk.dname,
"wildcarded DNAME:", s->rk.dname,
ntohs(s->rk.type), ntohs(s->rk.rrset_class));
chase_reply->security = sec_status_bogus;
return;