From: W.C.A. Wijngaards Date: Tue, 19 Mar 2024 09:21:10 +0000 (+0100) Subject: - Fix localdata and rpz localdata to match CNAME only if no direct X-Git-Tag: release-1.20.0rc1~56 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=73bd5a19aa3ad026cbe8693dc11fd9762d1db052;p=thirdparty%2Funbound.git - Fix localdata and rpz localdata to match CNAME only if no direct type match is available. --- diff --git a/doc/Changelog b/doc/Changelog index 48106ac46..866abe211 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,8 @@ 19 March 2024: Wouter - Fix rpz so that rpz CNAME can apply after rpz CNAME. And fix that clientip and nsip can give a CNAME. + - Fix localdata and rpz localdata to match CNAME only if no direct + type match is available. 18 March 2024: Wouter - Fix that rpz CNAME content is limited to the max number of cnames. diff --git a/services/localzone.c b/services/localzone.c index 9c8e3c7ac..51056c8ff 100644 --- a/services/localzone.c +++ b/services/localzone.c @@ -330,14 +330,16 @@ get_rr_nameclass(const char* str, uint8_t** nm, uint16_t* dclass, static struct local_rrset* local_data_find_type(struct local_data* data, uint16_t type, int alias_ok) { - struct local_rrset* p; + struct local_rrset* p, *cname = NULL; type = htons(type); for(p = data->rrsets; p; p = p->next) { if(p->rrset->rk.type == type) return p; if(alias_ok && p->rrset->rk.type == htons(LDNS_RR_TYPE_CNAME)) - return p; + cname = p; } + if(alias_ok) + return cname; return NULL; } diff --git a/services/rpz.c b/services/rpz.c index 0bbb886f9..f036cc5fd 100644 --- a/services/rpz.c +++ b/services/rpz.c @@ -2073,14 +2073,16 @@ rpz_synthesize_nsip_localdata(struct rpz* r, struct module_qstate* ms, static struct local_rrset* local_data_find_type(struct local_data* data, uint16_t type, int alias_ok) { - struct local_rrset* p; + struct local_rrset* p, *cname = NULL; type = htons(type); for(p = data->rrsets; p; p = p->next) { if(p->rrset->rk.type == type) return p; if(alias_ok && p->rrset->rk.type == htons(LDNS_RR_TYPE_CNAME)) - return p; + cname = p; } + if(alias_ok) + return cname; return NULL; } diff --git a/testdata/local_cnameother.rpl b/testdata/local_cnameother.rpl new file mode 100644 index 000000000..d86ba4f9d --- /dev/null +++ b/testdata/local_cnameother.rpl @@ -0,0 +1,67 @@ +; config options +server: + local-zone: "a." static + local-data: "myd.a. NSEC myd2.a. CNAME NSEC" + local-data: "myd.a. CNAME myd.target.a." + + ; Switches the types first one then the other. + local-data: "myd2.a. CNAME myd2.target.a." + local-data: "myd2.a. NSEC myd3.a. CNAME NSEC" + +stub-zone: + name: "a" + stub-addr: 1.2.3.4 + +CONFIG_END +SCENARIO_BEGIN Test local data queries with CNAME and other data. + +RANGE_BEGIN 0 1000 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.refuse.top. IN A +SECTION ANSWER +www.refuse.top. IN A 5.5.5.5 +ENTRY_END +RANGE_END + +; local data query for type next to CNAME, the specific type should +; be preferred over the CNAME. +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +myd.a. IN NSEC +ENTRY_END + +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA +SECTION QUESTION +myd.a. IN NSEC +SECTION ANSWER +myd.a. NSEC myd2.a. CNAME NSEC +ENTRY_END + +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +myd2.a. IN NSEC +ENTRY_END + +STEP 40 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA +SECTION QUESTION +myd2.a. IN NSEC +SECTION ANSWER +myd2.a. NSEC myd3.a. CNAME NSEC +ENTRY_END + +SCENARIO_END