From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Fri, 17 Apr 2015 15:58:19 +0000 (+0200)
Subject: Improve robustness of root-nx-trust
X-Git-Tag: dnsdist-1.0.0-alpha1~248^2~98^2~11^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F2435%2Fhead;p=thirdparty%2Fpdns.git

Improve robustness of root-nx-trust

Query names with embedded dots or 00's in labels will no longer make the
recursor (possibly) forget existing TLDs.
---

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index 25083d4071..65908af370 100644
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -684,15 +684,14 @@ bool SyncRes::doCNAMECacheCheck(const string &qname, const QType &qtype, vector<
 // accepts . terminated names, www.powerdns.com. -> com.
 static const string getLastLabel(const std::string& qname)
 {
-  if(qname.empty())
+  if(qname.empty() || qname == ".")
     return qname;
-  string ret=qname.substr(0, qname.length()-1); // strip .
 
-  string::size_type pos = ret.rfind('.');
-  if(pos != string::npos) {
-    ret = ret.substr(pos+1) + ".";
-  }
-  return ret;
+  labelparts_t parts;
+  labeltokUnescape(parts, qname);
+  int offset = (parts.end()-1)->first;
+
+  return qname.substr(offset, qname.size()-offset);
 }
 
 bool SyncRes::doCacheCheck(const string &qname, const QType &qtype, vector<DNSResourceRecord>&ret, int depth, int &res)