]>
Commit | Line | Data |
---|---|---|
f62ac322 MF |
1 | From 6de81f1250fd323c9155de065d5a9dc200a6f20b Mon Sep 17 00:00:00 2001 |
2 | From: Simon Kelley <simon@thekelleys.org.uk> | |
3 | Date: Wed, 9 Sep 2015 22:51:13 +0100 | |
4 | Subject: [PATCH] Handle signed dangling CNAME replies to DS queries. | |
5 | ||
6 | --- | |
7 | src/dnssec.c | 7 ++----- | |
8 | 1 file changed, 2 insertions(+), 5 deletions(-) | |
9 | ||
10 | diff --git a/src/dnssec.c b/src/dnssec.c | |
11 | index 4deda24..67ce486 100644 | |
12 | --- a/src/dnssec.c | |
13 | +++ b/src/dnssec.c | |
14 | @@ -1232,11 +1232,8 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char | |
15 | ||
16 | /* If we return STAT_NO_SIG, name contains the name of the DS query */ | |
17 | if (val == STAT_NO_SIG) | |
18 | - { | |
19 | - *keyname = 0; | |
20 | - return val; | |
21 | - } | |
22 | - | |
23 | + return val; | |
24 | + | |
25 | /* If the key needed to validate the DS is on the same domain as the DS, we'll | |
26 | loop getting nowhere. Stop that now. This can happen of the DS answer comes | |
27 | from the DS's zone, and not the parent zone. */ | |
28 | -- | |
29 | 1.7.10.4 | |
30 |