From 306eda38092bbb853ba72d7d955c57aa0fd63246 Mon Sep 17 00:00:00 2001 From: Wouter Wijngaards Date: Fri, 20 Jul 2007 06:17:45 +0000 Subject: [PATCH] check of CNAME chain in replies from cache. git-svn-id: file:///svn/unbound/trunk@441 be551aaa-1e26-0410-a405-d3ace91eadb9 --- daemon/worker.c | 19 +++++++++++++++++++ doc/Changelog | 3 +++ 2 files changed, 22 insertions(+) diff --git a/daemon/worker.c b/daemon/worker.c index 1dd6cdb5d..32ad955bf 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -225,6 +225,25 @@ worker_handle_control_cmd(struct comm_point* c, void* arg, int error, /** check cname chain in cache reply */ static int check_cache_chain(struct reply_info* rep) { + /* check only answer section rrs for matching cname chain. + * the cache may return changed rdata, but owner names are untouched.*/ + size_t i; + uint8_t* sname = rep->rrsets[0]->rk.dname; + size_t snamelen = rep->rrsets[0]->rk.dname_len; + for(i=0; ian_numrrsets; i++) { + uint16_t t = ntohs(rep->rrsets[i]->rk.type); + if(t == LDNS_RR_TYPE_DNAME) + continue; /* skip dnames; note TTL 0 not cached */ + /* verify that owner matches current sname */ + if(query_dname_compare(sname, rep->rrsets[i]->rk.dname) != 0){ + /* cname chain broken */ + return 0; + } + /* if this is a cname; move on */ + if(t == LDNS_RR_TYPE_CNAME) { + get_cname_target(rep->rrsets[i], &sname, &snamelen); + } + } return 1; } diff --git a/doc/Changelog b/doc/Changelog index 18e7dada7..4cf0fd813 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +20 July 2007: Wouter + - Check CNAME chain before returning cache entry with CNAMEs. + 19 July 2007: Wouter - shuffle NS selection when getting nameserver target addresses. - fixup of deadlock warnings, yield cpu in checklock code so that -- 2.47.2