check of CNAME chain in replies from cache.

git-svn-id: file:///svn/unbound/trunk@441 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/daemon/worker.c b/daemon/worker.c
index 1dd6cdb5dcb8a3ddcde7cfd8c692b580895c36a9..32ad955bf8908991a9b60ee41044292daa652b57 100644 (file)
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -225,6 +225,25 @@ worker_handle_control_cmd(struct comm_point* c, void* arg, int error,
 /** check cname chain in cache reply */
 static int
 check_cache_chain(struct reply_info* rep) {
+       /* check only answer section rrs for matching cname chain.
+        * the cache may return changed rdata, but owner names are untouched.*/
+       size_t i;
+       uint8_t* sname = rep->rrsets[0]->rk.dname;
+       size_t snamelen = rep->rrsets[0]->rk.dname_len;
+       for(i=0; i<rep->an_numrrsets; i++) {
+               uint16_t t = ntohs(rep->rrsets[i]->rk.type);
+               if(t == LDNS_RR_TYPE_DNAME)
+                       continue; /* skip dnames; note TTL 0 not cached */
+               /* verify that owner matches current sname */
+               if(query_dname_compare(sname, rep->rrsets[i]->rk.dname) != 0){
+                       /* cname chain broken */
+                       return 0;
+               }
+               /* if this is a cname; move on */
+               if(t == LDNS_RR_TYPE_CNAME) {
+                       get_cname_target(rep->rrsets[i], &sname, &snamelen);
+               }
+       }
        return 1;
 }
 

diff --git a/doc/Changelog b/doc/Changelog
index 18e7dada7fcef6837be33f3f1168e14b32854329..4cf0fd813b6d5195b51699c155f17125d2bd69c1 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+20 July 2007: Wouter
+       - Check CNAME chain before returning cache entry with CNAMEs.
+
 19 July 2007: Wouter
        - shuffle NS selection when getting nameserver target addresses.
        - fixup of deadlock warnings, yield cpu in checklock code so that