]>
Commit | Line | Data |
---|---|---|
c3b4c861 MF |
1 | From ce5732e84fc46d7f99c152f736cfb4ef5ec98a01 Mon Sep 17 00:00:00 2001 |
2 | From: Simon Kelley <simon@thekelleys.org.uk> | |
3 | Date: Sun, 20 Dec 2015 21:39:19 +0000 | |
4 | Subject: [PATCH] NSEC3 check: RFC5155 para 8.2 | |
5 | ||
6 | --- | |
7 | src/dnssec.c | 8 ++++++-- | |
8 | 1 file changed, 6 insertions(+), 2 deletions(-) | |
9 | ||
10 | diff --git a/src/dnssec.c b/src/dnssec.c | |
11 | index 9fa64b6..486e422 100644 | |
12 | --- a/src/dnssec.c | |
13 | +++ b/src/dnssec.c | |
14 | @@ -1704,7 +1704,7 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns | |
15 | for (i = 0; i < nsec_count; i++) | |
16 | { | |
17 | unsigned char *nsec3p = nsecs[i]; | |
18 | - int this_iter; | |
19 | + int this_iter, flags; | |
20 | ||
21 | nsecs[i] = NULL; /* Speculative, will be restored if OK. */ | |
22 | ||
23 | @@ -1716,8 +1716,12 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns | |
24 | if (*p++ != algo) | |
25 | continue; | |
26 | ||
27 | - p++; /* flags */ | |
28 | + flags = *p++; /* flags */ | |
29 | ||
30 | + /* 5155 8.2 */ | |
31 | + if (flags != 0 && flags != 1) | |
32 | + continue; | |
33 | + | |
34 | GETSHORT(this_iter, p); | |
35 | if (this_iter != iterations) | |
36 | continue; | |
37 | -- | |
38 | 1.7.10.4 | |
39 |