From: Willem Toorop Date: Tue, 19 Nov 2013 13:36:58 +0000 (+0100) Subject: bugfix #530 Don't sign and verify duplicate RRs X-Git-Tag: release-1.6.17rc1~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=75955dd2378e631978d0e7ff01f7c5dde5f17c48;p=thirdparty%2Fldns.git bugfix #530 Don't sign and verify duplicate RRs Thanks Jelte Jansen --- diff --git a/Changelog b/Changelog index dc635f2d..68dba6a8 100644 --- a/Changelog +++ b/Changelog @@ -36,10 +36,6 @@ * ldns-verify-zone NSEC3 checking from quadratic to linear performance. Thanks NIC MX (nicmexico.mx) * ldns-dane setup new ssl session for each new connect to prevent hangs - * Parsing from and to wire and presentation format for draft rr types - must be explicitely enabled with the --enable-draft-rrtypes option - to conifigure. This applies to: NINFO, RKEY, CDS, EUI48, EUI64, URI - and TA * Bump version to 1.7.0 * The version of shared library now has similar scheme as libunbound. ldns 1.7.0 will have shared library version (SONAME) 2.0.0 @@ -53,9 +49,10 @@ * Optimize TSIG digest function name comparison (Thanks Marc Buijsman) * Compare names case insensitive with ldns_pkt_rr_list_by_name and ldns_pkt_rr_list_by_name_and_type (thanks Johannes Naab) - * Replace --enable-draft-rrtypes with a seperate --enable for each - draft RR type: --enable-rrtype-ninfo, --enable-rrtype-rkey, - --enable-rrtype-cds, --enable-rrtype-uri and --enable-rrtype-ta + * A separate --enable for each draft RR type: --enable-rrtype-ninfo, + --enable-rrtype-rkey, --enable-rrtype-cds, --enable-rrtype-uri and + --enable-rrtype-ta + * bugfix #530: Don't sign and verify duplicate RRs (Thanks Jelte Jansen) 1.6.16 2012-11-13 * Fix Makefile to build pyldns with BSD make diff --git a/dnssec_zone.c b/dnssec_zone.c index 3d9558bf..60d62eae 100644 --- a/dnssec_zone.c +++ b/dnssec_zone.c @@ -54,10 +54,8 @@ ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr) /* this could be done more efficiently; name and type should already be equal */ - cmp = ldns_rr_compare(rrs->rr, - rr); - /* should we error on equal? */ - if (cmp <= 0) { + cmp = ldns_rr_compare(rrs->rr, rr); + if (cmp < 0) { if (rrs->next) { return ldns_dnssec_rrs_add_rr(rrs->next, rr); } else { @@ -74,6 +72,7 @@ ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr) rrs->rr = rr; rrs->next = new_rrs; } + /* Silently ignore equal rr's */ return LDNS_STATUS_OK; } diff --git a/ldns/dnssec_zone.h b/ldns/dnssec_zone.h index 42947355..b794f942 100644 --- a/ldns/dnssec_zone.h +++ b/ldns/dnssec_zone.h @@ -126,7 +126,8 @@ void ldns_dnssec_rrs_free(ldns_dnssec_rrs *rrs); void ldns_dnssec_rrs_deep_free(ldns_dnssec_rrs *rrs); /** - * Adds an RR to the list of RRs. The list will remain ordered + * Adds an RR to the list of RRs. The list will remain ordered. + * If an equal RR already exists, this RR will not be added. * * \param[in] rrs the list to add to * \param[in] rr the RR to add diff --git a/rr.c b/rr.c index 01aad321..cfee170e 100644 --- a/rr.c +++ b/rr.c @@ -2139,7 +2139,7 @@ static ldns_rr_descriptor rdata_field_descriptors[] = { {LDNS_RR_TYPE_NINFO, "NINFO", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 }, #else {LDNS_RR_TYPE_NULL, "TYPE56", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -#fi +#endif #ifdef RRTYPE_RKEY /* 57 */ {LDNS_RR_TYPE_RKEY, "RKEY", 4, 4, type_key_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },