bug 289

diff --git a/dnssec.c b/dnssec.c
index ab6d2d7276c01a0fe0cd04d92ac9052a970e760a..c39985f92a87cf851ec0295c477aa2fe717c2f2a 100644 (file)
--- a/dnssec.c
+++ b/dnssec.c
@@ -166,6 +166,9 @@ ldns_dnssec_nsec3_closest_encloser(ldns_rdf *qname,
                        flag = true;
                } else if (exact_match_found && flag) {
                        result = ldns_rdf_clone(sname);
+                       /* RFC 5155: 8.3. 2.** "The proof is complete" */
+                       ldns_rdf_deep_free(hashed_sname);
+                       goto done;
                } else if (exact_match_found && !flag) {
                        /* error! */
                        ldns_rdf_deep_free(hashed_sname);

diff --git a/dnssec_verify.c b/dnssec_verify.c
index 9b50d45f244f1d63dbab9be7555bad7ec854e123..c7cd268861a8f850337eae41eea349a4a4cb625f 100644 (file)
--- a/dnssec_verify.c
+++ b/dnssec_verify.c
@@ -1411,7 +1411,7 @@ ldns_dnssec_verify_denial_nsec3(ldns_rr *rr,
        ldns_status result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED;
 
        rrsigs = rrsigs;
-       
+
        zone_name = ldns_dname_left_chop(ldns_rr_owner(ldns_rr_list_rr(nsecs,0)));
 
        /* section 8.4 */
@@ -1425,7 +1425,7 @@ ldns_dnssec_verify_denial_nsec3(ldns_rr *rr,
                (void) ldns_dname_cat(wildcard, closest_encloser);
 
                for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) {
-                       hashed_wildcard_name = 
+                       hashed_wildcard_name =
                                ldns_nsec3_hash_name_frm_nsec3(ldns_rr_list_rr(nsecs, 0),
                                                                                 wildcard
                                                                                 );