Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

DNSSEC: Handle non-root trust anchors, and check we have a root trust anchor.

Browse Source
This commit is contained in:
Simon Kelley
2016-01-12 11:28:58 +00:00
parent 5757371d43
commit a63b8b89e6
2 changed files with 28 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/dnssec.c
View File

@@ -1873,10 +1873,27 @@ static int prove_non_existence(struct dns_header *header, size_t plen, char *key
*/
static int zone_status(char *name, int class, char *keyname, time_t now)
{
int name_start = strlen(name);
int name_start = strlen(name); /* for when TA is root */
struct crec *crecp;
char *p;
/* First, work towards the root, looking for a trust anchor.
This can either be one configured, or one previously cached.
We can assume, if we don't find one first, that there is
a trust anchor at the root. */
for (p = name; p; p = strchr(p, '.'))
{
if (*p == '.')
p++;
if (cache_find_by_name(NULL, p, now, F_DS))
{
name_start = p - name;
break;
}
}
/* Now work away from the trust anchor */
while (1)
{
strcpy(keyname, &name[name_start]);