]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6b2f709)
resolved: be stricter when searching for a DS RR for a DNSKEY RR
authorLennart Poettering <lennart@poettering.net>
Tue, 22 Dec 2015 17:20:09 +0000 (18:20 +0100)
committerLennart Poettering <lennart@poettering.net>
Sat, 26 Dec 2015 18:09:10 +0000 (19:09 +0100)
src/resolve/resolved-dns-dnssec.c patch | blob | blame | history

diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c
index 482ee4a0b3b2f638f00fc4e283e64e3bc827e7fb..f37f1d91be9b286be39f844a2687a4347014fd74 100644 (file)
--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/resolve/resolved-dns-dnssec.c
@@ -831,6 +831,15 @@ int dnssec_verify_dnskey_search(DnsResourceRecord *dnskey, DnsAnswer *validated_
                 if (ds->key->type != DNS_TYPE_DS)
                         continue;
 
+                if (ds->key->class != dnskey->key->class)
+                        continue;
+
+                r = dns_name_equal(DNS_RESOURCE_KEY_NAME(dnskey->key), DNS_RESOURCE_KEY_NAME(ds->key));
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        continue;
+
                 r = dnssec_verify_dnskey(dnskey, ds);
                 if (r < 0)
                         return r;
Unnamed repository; edit this file 'description' to name the repository.