Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Postpone RRSIG processing after all DNSKEY/DS have been parsed.

Browse Source
This commit is contained in:
Giovanni Bajo
2012-04-25 18:13:41 +02:00
committed by Simon Kelley
parent e6c2a670fe
commit 4137b84e4e
1 changed files with 20 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/dnssec.c
View File

@@ -382,7 +382,22 @@ int dnssec_validate(struct dns_header *header, size_t pktlen)
printf("DNSKEY found\n");
dnssec_parsekey(header, pktlen, owner, ttl, rdlen, p);
}
else if (qtype == T_RRSIG)
p += rdlen;
}
/* After we have parsed DNSKEY/DS records, start looking for RRSIGs.
We want to do this in a separate step because we want the cache
to be already populated with DNSKEYs before parsing signatures. */
p = reply;
for (i = 0; i < ntohs(header->ancount); i++)
{
if (!extract_name(header, pktlen, &p, owner, 1, 10))
return 0;
GETSHORT(qtype, p);
GETSHORT(qclass, p);
GETLONG(ttl, p);
GETSHORT(rdlen, p);
if (qtype == T_RRSIG)
{
printf("RRSIG found\n");
/* TODO: missing logic. We should only validate RRSIGs for which we
@@ -394,5 +409,6 @@ int dnssec_validate(struct dns_header *header, size_t pktlen)
}
p += rdlen;
}
return 1;
}