]> git.ipfire.org Git - ipfire-2.x.git/blob - src/patches/dnsmasq/029-NSEC3_check_RFC5155_para_8_2.patch
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
bird: New package
[ipfire-2.x.git] / src / patches / dnsmasq / 029-NSEC3_check_RFC5155_para_8_2.patch
1 From ce5732e84fc46d7f99c152f736cfb4ef5ec98a01 Mon Sep 17 00:00:00 2001
2 From: Simon Kelley <simon@thekelleys.org.uk>
3 Date: Sun, 20 Dec 2015 21:39:19 +0000
4 Subject: [PATCH] NSEC3 check: RFC5155 para 8.2
5
6 ---
7 src/dnssec.c | 8 ++++++--
8 1 file changed, 6 insertions(+), 2 deletions(-)
9
10 diff --git a/src/dnssec.c b/src/dnssec.c
11 index 9fa64b6..486e422 100644
12 --- a/src/dnssec.c
13 +++ b/src/dnssec.c
14 @@ -1704,7 +1704,7 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns
15 for (i = 0; i < nsec_count; i++)
16 {
17 unsigned char *nsec3p = nsecs[i];
18 - int this_iter;
19 + int this_iter, flags;
20
21 nsecs[i] = NULL; /* Speculative, will be restored if OK. */
22
23 @@ -1716,8 +1716,12 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns
24 if (*p++ != algo)
25 continue;
26
27 - p++; /* flags */
28 + flags = *p++; /* flags */
29
30 + /* 5155 8.2 */
31 + if (flags != 0 && flags != 1)
32 + continue;
33 +
34 GETSHORT(this_iter, p);
35 if (this_iter != iterations)
36 continue;
37 --
38 1.7.10.4
39
IPFire 2.x development tree