projects / ipfire-2.x.git / blame
| Commit | Line | Data |
|---|---|---|
| c3b4c861 MF |
1 | From ce5732e84fc46d7f99c152f736cfb4ef5ec98a01 Mon Sep 17 00:00:00 2001 |
| 2 | From: Simon Kelley <simon@thekelleys.org.uk> | |
| 3 | Date: Sun, 20 Dec 2015 21:39:19 +0000 | |
| 4 | Subject: [PATCH] NSEC3 check: RFC5155 para 8.2 | |
| 5 | ||
| 6 | --- | |
| 7 | src/dnssec.c | 8 ++++++-- | |
| 8 | 1 file changed, 6 insertions(+), 2 deletions(-) | |
| 9 | ||
| 10 | diff --git a/src/dnssec.c b/src/dnssec.c | |
| 11 | index 9fa64b6..486e422 100644 | |
| 12 | --- a/src/dnssec.c | |
| 13 | +++ b/src/dnssec.c | |
| 14 | @@ -1704,7 +1704,7 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns | |
| 15 | for (i = 0; i < nsec_count; i++) | |
| 16 | { | |
| 17 | unsigned char *nsec3p = nsecs[i]; | |
| 18 | - int this_iter; | |
| 19 | + int this_iter, flags; | |
| 20 | ||
| 21 | nsecs[i] = NULL; /* Speculative, will be restored if OK. */ | |
| 22 | ||
| 23 | @@ -1716,8 +1716,12 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns | |
| 24 | if (*p++ != algo) | |
| 25 | continue; | |
| 26 | ||
| 27 | - p++; /* flags */ | |
| 28 | + flags = *p++; /* flags */ | |
| 29 | ||
| 30 | + /* 5155 8.2 */ | |
| 31 | + if (flags != 0 && flags != 1) | |
| 32 | + continue; | |
| 33 | + | |
| 34 | GETSHORT(this_iter, p); | |
| 35 | if (this_iter != iterations) | |
| 36 | continue; | |
| 37 | -- | |
| 38 | 1.7.10.4 | |
| 39 |