mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-22 10:10:06 +00:00
Code Issues Releases Wiki Activity

fixup! Allow negative RRSIGs in the qpcache again

Browse Source
This commit is contained in:
Ondřej Surý 2025-08-21 17:47:29 +02:00
parent 7235a733e0
commit da3e409b21
No known key found for this signature in database
GPG Key ID: 2820F37E873DEA41
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/dns/qpcache.c
View File

@ -1629,10 +1629,11 @@ qpcache_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,
/*
* Certain DNSSEC types are not subject to CNAME matching
* (RFC4035, section 2.5 and RFC3007).
*
* We don't check for RRSIG, because we don't store RRSIG records
* directly.
*/
if (type == dns_rdatatype_key || type == dns_rdatatype_nsec ||
type == dns_rdatatype_rrsig)
{
if (type == dns_rdatatype_key || type == dns_rdatatype_nsec) {
cname_ok = false;
}
@ -1650,7 +1651,7 @@ qpcache_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,
found = NULL;
foundsig = NULL;
typepair = DNS_TYPEPAIR(type);
sigpair = !dns_rdatatype_issig(type) ? DNS_SIGTYPEPAIR(type) : 0;
sigpair = DNS_SIGTYPEPAIR(type);
nsheader = NULL;
nsecheader = NULL;
nssig = NULL;