From: Willem Toorop <willem@nlnetlabs.nl>
Date: Tue, 1 Oct 2013 08:10:31 +0000 (+0200)
Subject: Fix ldns_nsec_covers_name for apex only zones
X-Git-Tag: release-1.6.17rc1~26
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=29329f285fec9e591cadcc7f4dc000374c3217cd;p=thirdparty%2Fldns.git

Fix ldns_nsec_covers_name for apex only zones
---

diff --git a/Changelog b/Changelog
index 2821668e..503aad5c 100644
--- a/Changelog
+++ b/Changelog
@@ -46,6 +46,7 @@
 	* bugfix #521: drill trace continue on empty non-terminals with NSEC3
 	* bugfix #525: Fix documentation of ldns_resolver_set_retry
 	* Remove unused LDNS_RDF_TYPE_TSIG and associated functions.
+	* Fix ldns_nsec_covers_name for zones with an apex only. Thanks Miek.
 
 1.6.16	2012-11-13
 	* Fix Makefile to build pyldns with BSD make
diff --git a/dnssec.c b/dnssec.c
index 97dde647..f2142987 100644
--- a/dnssec.c
+++ b/dnssec.c
@@ -1499,9 +1499,11 @@ ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name)
 	if(ldns_dname_compare(nsec_owner, nsec_next) > 0) {
 		result = (ldns_dname_compare(nsec_owner, name) <= 0 ||
 				ldns_dname_compare(name, nsec_next) < 0);
-	} else {
+	} else if(ldns_dname_compare(nsec_owner, nsec_next) < 0) {
 		result = (ldns_dname_compare(nsec_owner, name) <= 0 &&
 		          ldns_dname_compare(name, nsec_next) < 0);
+	} else {
+		result = true;
 	}
 
 	ldns_rdf_deep_free(nsec_next);