From: Chris Hofstaedtler <chris.hofstaedtler@deduktiva.com>
Date: Sat, 15 May 2021 22:10:59 +0000 (+0200)
Subject: getAuth: abort if backend returned wrong SOA for cached domain
X-Git-Tag: auth-4.5.0-alpha1~7^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c4387ecd816ed9b16e471a9df5f1138d96f51716;p=thirdparty%2Fpdns.git

getAuth: abort if backend returned wrong SOA for cached domain
---

diff --git a/pdns/ueberbackend.cc b/pdns/ueberbackend.cc
index 9dd1bcc6c6..d234e689b9 100644
--- a/pdns/ueberbackend.cc
+++ b/pdns/ueberbackend.cc
@@ -366,6 +366,9 @@ bool UeberBackend::getAuth(const DNSName &target, const QType& qtype, SOAData* s
           g_log << Logger::Info << "Backend returned no SOA for domain '" << shorter.toLogString() << "', which it reported as existing " << endl;
           return false;
         }
+        if (zr.dr.d_name != shorter) {
+          throw PDNSException("getAuth() returned an SOA for the wrong zone. Zone '"+zr.dr.d_name.toLogString()+"' is not equal to looked up zone '"+shorter.toLogString()+"'");
+        }
         sd->qname = zr.dr.d_name;
         fillSOAData(zr, *sd);
         // leave database handle in a consistent state