Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

NSEC3 check: RFC5155 para 8.2

Browse Source
This commit is contained in:
Simon Kelley
2015-12-20 21:39:19 +00:00
parent a86fdf437e
commit ce5732e84f
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/dnssec.c
View File

@@ -1704,7 +1704,7 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns
for (i = 0; i < nsec_count; i++) for (i = 0; i < nsec_count; i++)
{ {
unsigned char *nsec3p = nsecs[i]; unsigned char *nsec3p = nsecs[i];
int this_iter; int this_iter, flags;
nsecs[i] = NULL; /* Speculative, will be restored if OK. */ nsecs[i] = NULL; /* Speculative, will be restored if OK. */
@@ -1716,7 +1716,11 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns
if (*p++ != algo) if (*p++ != algo)
continue; continue;
p++; /* flags */ flags = *p++; /* flags */
/* 5155 8.2 */
if (flags != 0 && flags != 1)
continue;
GETSHORT(this_iter, p); GETSHORT(this_iter, p);
if (this_iter != iterations) if (this_iter != iterations)