From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Mon, 30 Nov 2020 16:06:02 +0000 (+0100)
Subject: rec: Actually discard invalid RRSIGs with too high labels count
X-Git-Tag: rec-4.5.0-alpha1~101^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F9789%2Fhead;p=thirdparty%2Fpdns.git

rec: Actually discard invalid RRSIGs with too high labels count
---

diff --git a/pdns/validate.cc b/pdns/validate.cc
index dc1e4c4dce..154d49f274 100644
--- a/pdns/validate.cc
+++ b/pdns/validate.cc
@@ -789,6 +789,7 @@ vState validateWithKeySet(time_t now, const DNSName& name, const sortedRecords_t
     unsigned int labelCount = name.countLabels();
     if (signature->d_labels > labelCount) {
       LOG(name<<": Discarding invalid RRSIG whose label count is "<<signature->d_labels<<" while the RRset owner name has only "<<labelCount<<endl);
+      continue;
     }
 
     auto keysMatchingTag = getByTag(keys, signature->d_tag, signature->d_algorithm);