From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Tue, 13 Dec 2011 12:37:47 +0000 (+0000)
Subject: - Fix to constrain signer_name to be a parent of the lookupname.
X-Git-Tag: release-1.4.14~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e0fd0ef80c047558198464f40ff2af8c7963ca1d;p=thirdparty%2Funbound.git

- Fix to constrain signer_name to be a parent of the lookupname.


git-svn-id: file:///svn/unbound/trunk@2571 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/doc/Changelog b/doc/Changelog
index 7802c7b91..6d28676cc 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -2,6 +2,7 @@
 	- iana portlist updated.
 	- svn tag 1.4.14rc1
 	- fix infra cache comparison.
+	- Fix to constrain signer_name to be a parent of the lookupname.
 
 5 December 2011: Wouter
 	- Fix getaddrinfowithincludes on windows with fedora16 mingw32-gcc.
diff --git a/validator/validator.c b/validator/validator.c
index 6c25fa6b3..0ac593d82 100644
--- a/validator/validator.c
+++ b/validator/validator.c
@@ -1266,6 +1266,12 @@ processInit(struct module_qstate* qstate, struct val_qstate* vq,
 	/* Determine the signer/lookup name */
 	val_find_signer(subtype, &vq->qchase, vq->orig_msg->rep, 
 		vq->rrset_skip, &vq->signer_name, &vq->signer_len);
+	if(vq->signer_name != NULL &&
+		!dname_subdomain_c(lookup_name, vq->signer_name)) {
+		log_nametypeclass(VERB_ALGO, "this signer name is not a parent "
+			"of lookupname, omitted", vq->signer_name, 0, 0);
+		vq->signer_name = NULL;
+	}
 	if(vq->signer_name == NULL) {
 		log_nametypeclass(VERB_ALGO, "no signer, using", lookup_name,
 			0, 0);