]> git.ipfire.org Git - thirdparty/knot-resolver.git/commitdiff
projects / thirdparty / knot-resolver.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c6da411)
layer\iterate: when proccessing delegations, check if qname is at\below new authority
authorGrigorii Demidov <grigorii.demidov@nic.cz>
Wed, 8 Mar 2017 10:14:00 +0000 (11:14 +0100)
committerGrigorii Demidov <grigorii.demidov@nic.cz>
Wed, 8 Mar 2017 10:14:00 +0000 (11:14 +0100)
lib/layer/iterate.c patch | blob | blame | history

diff --git a/lib/layer/iterate.c b/lib/layer/iterate.c
index ac1c21f645001afb5772813e6218de00c22a3aec..21c393c9c1a7783cde26ea6d48c94bf49b25e2e9 100644 (file)
--- a/lib/layer/iterate.c
+++ b/lib/layer/iterate.c
@@ -209,8 +209,10 @@ static int update_cut(knot_pkt_t *pkt, const knot_rrset_t *rr,
        int state = KR_STATE_CONSUME;
 
        /* New authority MUST be at/below the authority of the current cut;
+        * also qname must be below new authority;
         * otherwise it's a possible cache injection attempt. */
-       if (!knot_dname_in(current_cut, rr->owner)) {
+       if (!knot_dname_in(current_cut, rr->owner) ||
+           !knot_dname_in(rr->owner, qry->sname)) {
                VERBOSE_MSG("<= authority: ns outside bailiwick\n");
 #ifdef STRICT_MODE
                return KR_STATE_FAIL;
Mirror of https://gitlab.nic.cz/knot/knot-resolver.git