From: Jelte Jansen <jeltejan@NLnetLabs.nl>
Date: Tue, 1 Aug 2006 11:40:23 +0000 (+0000)
Subject: canonicalize before calling nsec_covers()
X-Git-Tag: release-1.2.0~203
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2e1830aada40f277381c19edc03a45fea2cec512;p=thirdparty%2Fldns.git

canonicalize before calling nsec_covers()
---

diff --git a/dnssec.c b/dnssec.c
index bbb2b2f4..4a6fe5b0 100644
--- a/dnssec.c
+++ b/dnssec.c
@@ -1179,7 +1179,7 @@ ldns_nsec_bitmap_covers_type(const ldns_rdf *nsec_bitmap, ldns_rr_type type)
 }
 
 bool
-ldns_nsec_covers_name(const ldns_rr *nsec, ldns_rdf *name)
+ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name)
 {
 	ldns_rdf *nsec_owner = ldns_rr_owner(nsec);
 	ldns_rdf *nsec_next = ldns_rr_rdf(nsec, 0);
diff --git a/drill/chasetrace.c b/drill/chasetrace.c
index 5d200c72..4d4a7010 100644
--- a/drill/chasetrace.c
+++ b/drill/chasetrace.c
@@ -240,6 +240,8 @@ do_chase(ldns_resolver *res, ldns_rdf *name, ldns_rr_type type, ldns_rr_class c,
 	ldns_lookup_table *lt;
 	const ldns_rr_descriptor *descriptor;
 	
+	ldns_dname2canonical(name);
+	
 	pkt = ldns_pkt_clone(pkt_o);
 	if (!name) {
 		mesg("No name to chase");
@@ -438,6 +440,8 @@ do_chase(ldns_resolver *res, ldns_rdf *name, ldns_rr_type type, ldns_rr_class c,
 		nsecs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_NSEC, LDNS_SECTION_ANY_NOQUESTION);
 		result = LDNS_STATUS_CRYPTO_NO_RRSIG;
 		
+		ldns_rr_list2canonical(nsecs);
+		
 		for (nsec_i = 0; nsec_i < ldns_rr_list_rr_count(nsecs); nsec_i++) {
 			/* there are four options:
 			 * - name equals ownername and is covered by the type bitmap
diff --git a/ldns/dnssec.h b/ldns/dnssec.h
index 3a1be9ff..91eaedc9 100644
--- a/ldns/dnssec.h
+++ b/ldns/dnssec.h
@@ -195,11 +195,15 @@ bool ldns_nsec_bitmap_covers_type(const ldns_rdf *nsec_bitmap, ldns_rr_type type
 
 /**
  * Checks coverage of NSEC RR name span
+ * Remember that nsec and name must both be in canonical form (ie use
+ * \ref ldns_rr2canonical and \ref ldns_dname2canonical prior to calling this
+ * function)
+ *
  * \param[in] nsec The NSEC RR to check
  * \param[in] name The owner dname to check
  * \return true if the NSEC RR covers the owner name
  */
-bool ldns_nsec_covers_name(const ldns_rr *nsec, ldns_rdf *name);
+bool ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name);
 
 /**
  * verify a packet 
diff --git a/packet.c b/packet.c
index c70124fb..b3541799 100644
--- a/packet.c
+++ b/packet.c
@@ -232,7 +232,7 @@ void
 ldns_pkt_set_edns_do(ldns_pkt *packet, bool value)
 {
 	if (value) {
-		packet->_edns_z = packet->_edns_z & LDNS_EDNS_MASK_DO_BIT;
+		packet->_edns_z = packet->_edns_z | LDNS_EDNS_MASK_DO_BIT;
 	} else {
 		packet->_edns_z = packet->_edns_z & !LDNS_EDNS_MASK_DO_BIT;
 	}