From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Fri, 6 Jul 2012 13:56:44 +0000 (+0000)
Subject: - Fix validation of qtype DS queries that result in no data for
X-Git-Tag: release-1.4.18rc1~11
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d4f49a7a401584faaf852e9f29b1ed86a74d9688;p=thirdparty%2Funbound.git

- Fix validation of qtype DS queries that result in no data for
  non-optout NSEC3 zones.


git-svn-id: file:///svn/unbound/trunk@2712 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/doc/Changelog b/doc/Changelog
index 58e6e7608..ebd85e350 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+6 July 2012: Wouter
+	- Fix validation of qtype DS queries that result in no data for
+	  non-optout NSEC3 zones.
+
 4 July 2012: Wouter
 	- compile libunbound with libnss on Suse, passes regression tests.
 
diff --git a/validator/val_nsec3.c b/validator/val_nsec3.c
index 419bbc51d..2a2cfcf9b 100644
--- a/validator/val_nsec3.c
+++ b/validator/val_nsec3.c
@@ -1171,8 +1171,8 @@ nsec3_do_prove_nodata(struct module_env* env, struct nsec3_filter* flt,
 		 * If not type DS: matching nsec3 must not be a delegation.
 		 */
 		if(qinfo->qtype == LDNS_RR_TYPE_DS && qinfo->qname_len != 1 
-			&& nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA &&
-			!dname_is_root(qinfo->qname))) {
+			&& nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA) &&
+			!dname_is_root(qinfo->qname)) {
 			verbose(VERB_ALGO, "proveNodata: apex NSEC3 "
 				"abused for no DS proof, bogus");
 			return sec_status_bogus;