From: Wouter Wijngaards Date: Tue, 17 Jan 2012 09:06:18 +0000 (+0000) Subject: - Fix bug where canonical_compare of RRSIG did not downcase the X-Git-Tag: release-1.4.15rc1~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2e26ec2d01bd9212bd25122341215f91eb10f82d;p=thirdparty%2Funbound.git - Fix bug where canonical_compare of RRSIG did not downcase the signer-name. This is mostly harmless because RRSIGs do not have to be sorted in canonical order, usually. git-svn-id: file:///svn/unbound/trunk@2586 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index 2b65c3d49..aaacc5219 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,8 @@ +17 January 2012: Wouter + - Fix bug where canonical_compare of RRSIG did not downcase the + signer-name. This is mostly harmless because RRSIGs do not have + to be sorted in canonical order, usually. + 12 January 2012: Wouter - bug#428: add ub_version() call to libunbound. API version increase, with (binary) backwards compatibility for the previous version. diff --git a/validator/val_sigcrypt.c b/validator/val_sigcrypt.c index f6c6e331b..436b5e844 100644 --- a/validator/val_sigcrypt.c +++ b/validator/val_sigcrypt.c @@ -899,6 +899,8 @@ canonical_compare(struct ub_packed_rrset_key* rrset, size_t i, size_t j) case LDNS_RR_TYPE_KX: case LDNS_RR_TYPE_MX: case LDNS_RR_TYPE_SIG: + /* RRSIG signer name has to be downcased */ + case LDNS_RR_TYPE_RRSIG: case LDNS_RR_TYPE_PX: case LDNS_RR_TYPE_NAPTR: case LDNS_RR_TYPE_SRV: @@ -910,7 +912,6 @@ canonical_compare(struct ub_packed_rrset_key* rrset, size_t i, size_t j) case LDNS_RR_TYPE_HINFO: /* no longer downcased */ case LDNS_RR_TYPE_NSEC: - case LDNS_RR_TYPE_RRSIG: default: /* For unknown RR types, or types not listed above, * no canonicalization is needed, do binary compare */ @@ -1050,6 +1051,7 @@ canonicalize_rdata(ldns_buffer* buf, struct ub_packed_rrset_key* rrset, query_dname_tolower(datstart); return; case LDNS_RR_TYPE_SIG: + /* downcase the RRSIG, compat with BIND (kept it from SIG) */ case LDNS_RR_TYPE_RRSIG: /* skip fixed part */ if(len < 2+18+1) @@ -1095,7 +1097,7 @@ canonicalize_rdata(ldns_buffer* buf, struct ub_packed_rrset_key* rrset, query_dname_tolower(datstart); return; - /* do not canonicalize NSEC rdata name, compat with bug + /* do not canonicalize NSEC rdata name, compat with * from bind 9.4 signer, where it does not do so */ case LDNS_RR_TYPE_NSEC: /* type starts with the name */ case LDNS_RR_TYPE_HINFO: /* not downcased */