Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Process RRSIGs also in authority and additional sections.

Browse Source
This commit is contained in:
Giovanni Bajo
2012-04-28 12:22:41 +02:00
committed by Simon Kelley
parent e83297d0f6
commit 23c2176681
1 changed files with 24 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/dnssec.c
View File

@@ -435,17 +435,18 @@ int dnssec_validate(struct dns_header *header, size_t pktlen)
{
unsigned char *p, *reply;
char *owner = daemon->namebuff;
int i, qtype, qclass, rdlen;
int i, s, qtype, qclass, rdlen;
unsigned long ttl;
int slen[3] = { ntohs(header->ancount), ntohs(header->nscount), ntohs(header->arcount) };
if (header->ancount == 0)
if (slen[0] + slen[1] + slen[2] == 0)
return 0;
if (!(reply = p = skip_questions(header, pktlen)))
return 0;
/* First, process DNSKEY/DS records and add them to the cache. */
cache_start_insert();
for (i = 0; i < ntohs(header->ancount); i++)
for (i = 0; i < slen[0]; i++)
{
if (!extract_name(header, pktlen, &p, owner, 1, 10))
return 0;
@@ -471,7 +472,10 @@ int dnssec_validate(struct dns_header *header, size_t pktlen)
We want to do this in a separate step because we want the cache
to be already populated with DNSKEYs before parsing signatures. */
p = reply;
for (i = 0; i < ntohs(header->ancount); i++)
for (s = 0; s < 3; ++s)
{
reply = p;
for (i = 0; i < slen[s]; i++)
{
if (!extract_name(header, pktlen, &p, owner, 1, 10))
return 0;
@@ -487,10 +491,11 @@ int dnssec_validate(struct dns_header *header, size_t pktlen)
There is a memory vs CPU conflict here; should we validate everything
to save memory and thus waste CPU, or better first acquire all information
(wasting memory) and then doing the minimum CPU computations required? */
dnssec_parserrsig(header, pktlen, reply, ntohs(header->ancount), owner, qclass, rdlen, p);
dnssec_parserrsig(header, pktlen, reply, slen[s], owner, qclass, rdlen, p);
}
p += rdlen;
}
}
return 1;
}