From: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Date: Tue, 13 Feb 2024 12:57:56 +0000 (+0100)
Subject: Merge commit '882903f2fa800c4cb6f5e225b728e2887bb7b9ae'
X-Git-Tag: release-1.19.3rc1~10
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9a00877af9849ab22e0659c5fd06dd992f74c3c3;p=thirdparty%2Funbound.git

Merge commit '882903f2fa800c4cb6f5e225b728e2887bb7b9ae'
---

9a00877af9849ab22e0659c5fd06dd992f74c3c3
diff --cc validator/val_sigcrypt.c
index f169c64fb,f4b866366..7c2b9d7e6
--- a/validator/val_sigcrypt.c
+++ b/validator/val_sigcrypt.c
@@@ -714,9 -737,18 +737,17 @@@ dnskey_verify_rrset(struct module_env* 
  		if(sec == sec_status_secure)
  			return sec;
  		numchecked ++;
+ 		numverified ++;
  		if(sec == sec_status_indeterminate)
  			numindeterminate ++;
+ 		if(numverified > MAX_VALIDATE_RRSIGS) {
+ 			verbose(VERB_QUERY, "rrset failed to verify, too many RRSIG validations");
+ 			*reason = "too many RRSIG validations";
+ 			if(reason_bogus)
+ 				*reason_bogus = LDNS_EDE_DNSSEC_BOGUS;
+ 			return sec_status_bogus;
+ 		}
  	}
 -	verbose(VERB_ALGO, "rrset failed to verify: all signatures are bogus");
  	if(!numchecked) {
  		*reason = "signature for expected key and algorithm missing";
  		if(reason_bogus)