Fix validation of queries with wildcard names (*.example).

git-svn-id: file:///svn/unbound/trunk@2070 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/validator/val_utils.c b/validator/val_utils.c
index ff2b0f675736ad7b791f04dd2a16df5fcc272dd0..298d39c11647da14b70830a3ff0f39a94e28fa34 100644 (file)
--- a/validator/val_utils.c
+++ b/validator/val_utils.c
@@ -558,7 +558,8 @@ val_rrset_wildcard(struct ub_packed_rrset_key* rrset, uint8_t** wc)
                entry.data;
        uint8_t labcount;
        int labdiff;
-       size_t i;
+       uint8_t* wn;
+       size_t i, wl;
        if(d->rrsig_count == 0) {
                return 1;
        }
@@ -573,10 +574,16 @@ val_rrset_wildcard(struct ub_packed_rrset_key* rrset, uint8_t** wc)
        /* if the RRSIG label count is shorter than the number of actual 
         * labels, then this rrset was synthesized from a wildcard.
         * Note that the RRSIG label count doesn't count the root label. */
-       labdiff = (dname_count_labels(rrset->rk.dname) - 1) - (int)labcount;
+       wn = rrset->rk.dname;
+       wl = rrset->rk.dname_len;
+       /* skip a leading wildcard label in the dname (RFC4035 2.2) */
+       if(dname_is_wild(wn)) {
+               wn += 2;
+               wl -= 2;
+       }
+       labdiff = (dname_count_labels(wn) - 1) - (int)labcount;
        if(labdiff > 0) {
-               size_t wl = rrset->rk.dname_len;
-               *wc = rrset->rk.dname;
+               *wc = wn;
                dname_remove_labels(wc, &wl, labdiff);
                return 1;
        }