- Fix that when SVCB records cannot be written out, and

  are written in unknown format, that the zone read allows
  such unknown format SVCB records. Thanks to Qifan Zhang,
  Palo Alto Networks, for the report.

diff --git a/doc/Changelog b/doc/Changelog
index 9c1f8076246c61b8288639e7e13890a59e2c0f04..56e8d4dcdd51c402c9835a7ab50272ba7a558592 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -4,6 +4,10 @@
          Failed loads clear the zone data, so there is no partial
          zone. Thanks to Qifan Zhang, Palo Alto Networks, for
          the report.
+       - Fix that when SVCB records cannot be written out, and
+         are written in unknown format, that the zone read allows
+         such unknown format SVCB records. Thanks to Qifan Zhang,
+         Palo Alto Networks, for the report.
 
 15 June 2026: Wouter
        - Fix to add `max-transfer-size` and `max-transfer-time` that

diff --git a/sldns/str2wire.c b/sldns/str2wire.c
index 50a71d39798711db531f827d0b55593ad848201a..d2c44980c4e5925a3dc2ba028ebf75636d12071e 100644 (file)
--- a/sldns/str2wire.c
+++ b/sldns/str2wire.c
@@ -842,7 +842,8 @@ rrinternal_parse_rdata(sldns_buffer* strbuf, char* token, size_t token_len,
        sldns_write_uint16(rr+dname_len+8, (uint16_t)(rr_cur_len-dname_len-10));
        *rr_len = rr_cur_len;
        /* SVCB/HTTPS handling  */
-       if (rr_type == LDNS_RR_TYPE_SVCB || rr_type == LDNS_RR_TYPE_HTTPS) {
+       if ((rr_type == LDNS_RR_TYPE_SVCB || rr_type == LDNS_RR_TYPE_HTTPS)
+               && !was_unknown_rr_format) {
                size_t rdata_len = rr_cur_len - dname_len - 10;
                uint8_t *rdata = rr+dname_len + 10;