RPZ: filter correctly by name

Closes #4086

diff --git a/pdns/filterpo.cc b/pdns/filterpo.cc
index d2434d2f60e5f2d54b85236dca8c345406a9c0b9..55037f85b2fba84a02ffad300ff682eeae6d22fd 100644 (file)
--- a/pdns/filterpo.cc
+++ b/pdns/filterpo.cc
@@ -32,30 +32,30 @@ bool findNamedPolicy(const map<DNSName, DNSFilterEngine::Policy>& polmap, const
 {
   DNSName s(qname);
 
-    /* for www.powerdns.com, we need to check:
-         www.powerdns.com.
-           *.powerdns.com.
-             powerdns.com.
-                   *.com.
-                      com.
-                       *.
-                        .       */
+  /* for www.powerdns.com, we need to check:
+     www.powerdns.com.
+       *.powerdns.com.
+                *.com.
+                    *.
+   */
  
   bool first=true;
+  map<DNSName, DNSFilterEngine::Policy>::const_iterator iter;
   do {
-    auto iter = polmap.find(s);
-    if(iter != polmap.end()) {
-      pol=iter->second;
-      return true;
-    }
-    if(!first) {
-      iter = polmap.find(DNSName("*")+s);
+    if(first) {
+      iter = polmap.find(s);
       if(iter != polmap.end()) {
-       pol=iter->second;
-       return true;
+        pol=iter->second;
+        return true;
       }
     }
     first=false;
+
+    iter = polmap.find(DNSName("*")+s);
+    if(iter != polmap.end()) {
+      pol=iter->second;
+      return true;
+    }
   } while(s.chopOff());
   return false;
 }