From: Ralph Dolmans Date: Tue, 22 Nov 2016 10:10:48 +0000 (+0000) Subject: - Make access-control-tag-data RDATA absolute. This makes the RDATA origin X-Git-Tag: release-1.6.0rc1~27 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3e5cf4da0b975110ee7236284a31a0001baa3864;p=thirdparty%2Funbound.git - Make access-control-tag-data RDATA absolute. This makes the RDATA origin consistent between local-data and access-control-tag-data. - Fix NSEC ENT wildcard check. Matching wildcard does not have to be a subdomain of the NSEC owner. git-svn-id: file:///svn/unbound/trunk@3930 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index 75497bcc0..9c730c330 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,9 @@ +22 Novenber 2016: Ralph + - Make access-control-tag-data RDATA absolute. This makes the RDATA + origin consistent between local-data and access-control-tag-data. + - Fix NSEC ENT wildcard check. Matching wildcard does not have to be a + subdomain of the NSEC owner. + 22 November 2016: Wouter - iana portlist update. - Fix unit tests for DS hash processing for fake-dsa test option. diff --git a/services/localzone.c b/services/localzone.c index 8b12b663c..f0516f5ae 100644 --- a/services/localzone.c +++ b/services/localzone.c @@ -1233,7 +1233,7 @@ find_tag_datas(struct query_info* qinfo, struct config_strlist* list, /* does this element match the type? */ snprintf(buf, sizeof(buf), ". %s", p->str); res = sldns_str2wire_rr_buf(buf, rr, &len, NULL, 3600, - zname, zlen, NULL, 0); + NULL, 0, NULL, 0); if(res != 0) /* parse errors are already checked before, in * acllist check_data, skip this for robustness */ diff --git a/validator/val_nsec.c b/validator/val_nsec.c index f104a347c..1e4f440ff 100644 --- a/validator/val_nsec.c +++ b/validator/val_nsec.c @@ -343,7 +343,7 @@ int nsec_proves_nodata(struct ub_packed_rrset_key* nsec, } else { /* See if the next owner name covers a wildcard * empty non-terminal. */ - while (dname_strict_subdomain_c(nm, nsec->rk.dname)) { + while (dname_canonical_compare(nsec->rk.dname, nm) < 0) { /* wildcard does not apply if qname below * the name that exists under the '*' */ if (dname_subdomain_c(qinfo->qname, nm))