mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 22:57:08 +00:00
- Fix 1416: qname-minimisation breaks TLSA lookups with CNAMEs.
git-svn-id: file:///svn/unbound/trunk@4322 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
parent
7a322130d6
commit
fe18bbcb1f
@ -1,5 +1,6 @@
|
||||
30 August 2017: Wouter
|
||||
- updated contrib/fastrpz.patch to apply with configparser changes.
|
||||
- Fix 1416: qname-minimisation breaks TLSA lookups with CNAMEs.
|
||||
|
||||
29 August 2017: Wouter
|
||||
- Fix #1414: fix segfault on parse failure and log_replies.
|
||||
|
@ -932,17 +932,24 @@ val_check_nonsecure(struct module_env* env, struct reply_info* rep)
|
||||
* Therefore the message is bogus.
|
||||
*/
|
||||
|
||||
/* check if authority consists of only an NS record
|
||||
/* check if authority has an NS record
|
||||
* which is bad, and there is an answer section with
|
||||
* data. In that case, delete NS and additional to
|
||||
* be lenient and make a minimal response */
|
||||
if(rep->an_numrrsets != 0 && rep->ns_numrrsets == 1 &&
|
||||
if(rep->an_numrrsets != 0 &&
|
||||
ntohs(rep->rrsets[i]->rk.type)
|
||||
== LDNS_RR_TYPE_NS) {
|
||||
verbose(VERB_ALGO, "truncate to minimal");
|
||||
rep->ns_numrrsets = 0;
|
||||
rep->ar_numrrsets = 0;
|
||||
rep->rrset_count = rep->an_numrrsets;
|
||||
rep->rrset_count = rep->an_numrrsets +
|
||||
rep->ns_numrrsets;
|
||||
/* remove this unneeded authority rrset */
|
||||
memmove(rep->rrsets+i, rep->rrsets+i+1,
|
||||
sizeof(struct ub_packed_rrset_key*)*
|
||||
(rep->rrset_count - i - 1));
|
||||
rep->ns_numrrsets--;
|
||||
rep->rrset_count--;
|
||||
i--;
|
||||
return;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user