From a36b705aba556b1a20bf7ca0a234a3ae37df60e0 Mon Sep 17 00:00:00 2001 From: Grigorii Demidov Date: Wed, 19 Apr 2017 13:17:45 +0200 Subject: [PATCH] dnssec/nsec: fix wildcard_match_check() to allow processing of *. wildcard --- lib/dnssec/nsec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/dnssec/nsec.c b/lib/dnssec/nsec.c index 1f598c4b9..cff0ab431 100644 --- a/lib/dnssec/nsec.c +++ b/lib/dnssec/nsec.c @@ -299,7 +299,7 @@ static int wildcard_match_check(const knot_pkt_t *pkt, const knot_pktsection_t * int wcard_labels = knot_dname_labels(rrset->owner, NULL); int common_labels = knot_dname_matched_labels(rrset->owner, sname); int rrsig_labels = coverign_rrsig_labels(rrset, sec); - if (wcard_labels <= 1 || + if (wcard_labels < 1 || common_labels != wcard_labels - 1 || common_labels != rrsig_labels) { continue; -- 2.47.2