- Fix bug where canonical_compare of RRSIG did not downcase the

author Wouter Wijngaards <wouter@nlnetlabs.nl>

Tue, 17 Jan 2012 09:06:18 +0000 (09:06 +0000)

committer Wouter Wijngaards <wouter@nlnetlabs.nl>

Tue, 17 Jan 2012 09:06:18 +0000 (09:06 +0000)
author Wouter Wijngaards <wouter@nlnetlabs.nl>
Tue, 17 Jan 2012 09:06:18 +0000 (09:06 +0000)
committer Wouter Wijngaards <wouter@nlnetlabs.nl>
Tue, 17 Jan 2012 09:06:18 +0000 (09:06 +0000)
diff --git a/doc/Changelog b/doc/Changelog

index 2b65c3d4974a44f363560568d633d54242d045a0..aaacc52197ddf3ce895d5ebe6a359bd9a74f120e 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,8 @@
+17 January 2012: Wouter
+       - Fix bug where canonical_compare of RRSIG did not downcase the
+         signer-name.  This is mostly harmless because RRSIGs do not have
+         to be sorted in canonical order, usually.
+
  12 January 2012: Wouter
         - bug#428: add ub_version() call to libunbound.  API version increase,
           with (binary) backwards compatibility for the previous version.
diff --git a/validator/val_sigcrypt.c b/validator/val_sigcrypt.c

index f6c6e331bc8087cf2c5c00fe0edca46bdbfc33ac..436b5e844877c558bab46a1f4cb2ee304efabbdc 100644 (file)
--- a/validator/val_sigcrypt.c
+++ b/validator/val_sigcrypt.c
@@ -899,6 +899,8 @@ canonical_compare(struct ub_packed_rrset_key* rrset, size_t i, size_t j)
                 case LDNS_RR_TYPE_KX:
                 case LDNS_RR_TYPE_MX:
                 case LDNS_RR_TYPE_SIG:
+               /* RRSIG signer name has to be downcased */
+               case LDNS_RR_TYPE_RRSIG:
                 case LDNS_RR_TYPE_PX:
                 case LDNS_RR_TYPE_NAPTR:
                 case LDNS_RR_TYPE_SRV:
@@ -910,7 +912,6 @@ canonical_compare(struct ub_packed_rrset_key* rrset, size_t i, size_t j)
  
                 case LDNS_RR_TYPE_HINFO: /* no longer downcased */
                 case LDNS_RR_TYPE_NSEC: 
-               case LDNS_RR_TYPE_RRSIG:
         default:
                 /* For unknown RR types, or types not listed above,
                  * no canonicalization is needed, do binary compare */
@@ -1050,6 +1051,7 @@ canonicalize_rdata(ldns_buffer* buf, struct ub_packed_rrset_key* rrset,
                         query_dname_tolower(datstart);
                         return;
                 case LDNS_RR_TYPE_SIG:
+               /* downcase the RRSIG, compat with BIND (kept it from SIG) */
                 case LDNS_RR_TYPE_RRSIG:
                         /* skip fixed part */
                         if(len < 2+18+1)
@@ -1095,7 +1097,7 @@ canonicalize_rdata(ldns_buffer* buf, struct ub_packed_rrset_key* rrset,
                         query_dname_tolower(datstart);
                         return;
  
-               /* do not canonicalize NSEC rdata name, compat with bug
+               /* do not canonicalize NSEC rdata name, compat with 
                  * from bind 9.4 signer, where it does not do so */
                 case LDNS_RR_TYPE_NSEC: /* type starts with the name */
                 case LDNS_RR_TYPE_HINFO: /* not downcased */
author	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Tue, 17 Jan 2012 09:06:18 +0000 (09:06 +0000)
committer	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Tue, 17 Jan 2012 09:06:18 +0000 (09:06 +0000)
doc/Changelog		patch \| blob \| blame \| history
validator/val_sigcrypt.c		patch \| blob \| blame \| history