From: W.C.A. Wijngaards Date: Tue, 16 Jun 2026 07:36:33 +0000 (+0200) Subject: - Fix that when SVCB records cannot be written out, and X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=159384c2a90ed3a043fb65aee809d2b6fcb39ec3;p=thirdparty%2Funbound.git - Fix that when SVCB records cannot be written out, and are written in unknown format, that the zone read allows such unknown format SVCB records. Thanks to Qifan Zhang, Palo Alto Networks, for the report. --- diff --git a/doc/Changelog b/doc/Changelog index 9c1f80762..56e8d4dcd 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -4,6 +4,10 @@ Failed loads clear the zone data, so there is no partial zone. Thanks to Qifan Zhang, Palo Alto Networks, for the report. + - Fix that when SVCB records cannot be written out, and + are written in unknown format, that the zone read allows + such unknown format SVCB records. Thanks to Qifan Zhang, + Palo Alto Networks, for the report. 15 June 2026: Wouter - Fix to add `max-transfer-size` and `max-transfer-time` that diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 50a71d397..d2c44980c 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -842,7 +842,8 @@ rrinternal_parse_rdata(sldns_buffer* strbuf, char* token, size_t token_len, sldns_write_uint16(rr+dname_len+8, (uint16_t)(rr_cur_len-dname_len-10)); *rr_len = rr_cur_len; /* SVCB/HTTPS handling */ - if (rr_type == LDNS_RR_TYPE_SVCB || rr_type == LDNS_RR_TYPE_HTTPS) { + if ((rr_type == LDNS_RR_TYPE_SVCB || rr_type == LDNS_RR_TYPE_HTTPS) + && !was_unknown_rr_format) { size_t rdata_len = rr_cur_len - dname_len - 10; uint8_t *rdata = rr+dname_len + 10;