From: Grigorii Demidov <grigorii.demidov@nic.cz>
Date: Wed, 19 Apr 2017 11:17:45 +0000 (+0200)
Subject: dnssec/nsec: fix wildcard_match_check() to allow processing of *. wildcard
X-Git-Tag: v1.2.6~4^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a36b705aba556b1a20bf7ca0a234a3ae37df60e0;p=thirdparty%2Fknot-resolver.git

dnssec/nsec: fix wildcard_match_check() to allow processing of *. wildcard
---

diff --git a/lib/dnssec/nsec.c b/lib/dnssec/nsec.c
index 1f598c4b9..cff0ab431 100644
--- a/lib/dnssec/nsec.c
+++ b/lib/dnssec/nsec.c
@@ -299,7 +299,7 @@ static int wildcard_match_check(const knot_pkt_t *pkt, const knot_pktsection_t *
 		int wcard_labels = knot_dname_labels(rrset->owner, NULL);
 		int common_labels = knot_dname_matched_labels(rrset->owner, sname);
 		int rrsig_labels = coverign_rrsig_labels(rrset, sec);
-		if (wcard_labels <= 1 ||
+		if (wcard_labels < 1 ||
 		    common_labels != wcard_labels - 1 ||
 		    common_labels != rrsig_labels) {
 			continue;