From: Marek Vavruša <marek.vavrusa@nic.cz>
Date: Sun, 4 Oct 2015 19:23:59 +0000 (+0200)
Subject: lib/iterate: do not follow CNAME when queried for it
X-Git-Tag: v1.0.0-beta1~22
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=de70d70e60265ddb4e97d8fba21792fa3fe32252;p=thirdparty%2Fknot-resolver.git

lib/iterate: do not follow CNAME when queried for it
---

diff --git a/lib/layer/iterate.c b/lib/layer/iterate.c
index 3e08b4933..464a2a0ea 100644
--- a/lib/layer/iterate.c
+++ b/lib/layer/iterate.c
@@ -113,8 +113,8 @@ static void follow_cname_chain(const knot_dname_t **cname, const knot_rrset_t *r
 {
 	if (rr->type == KNOT_RRTYPE_CNAME) {
 		*cname = knot_cname_name(&rr->rrs);
-	} else {
-		/* Terminate CNAME chain. */
+	} else if (rr->type != KNOT_RRTYPE_RRSIG) {
+		/* Terminate CNAME chain (if not RRSIG). */
 		*cname = cur->sname;
 	}
 }
@@ -352,10 +352,13 @@ static int process_answer(knot_pkt_t *pkt, struct kr_request *req)
 
 	/* Process answer type */
 	const knot_pktsection_t *an = knot_pkt_section(pkt, KNOT_ANSWER);
+	bool follow_chain = (query->stype != KNOT_RRTYPE_CNAME);
 	const knot_dname_t *cname = query->sname;
 	for (unsigned i = 0; i < an->count; ++i) {
+		/* @todo construct a CNAME chain closure and accept all names from that set */ 
 		const knot_rrset_t *rr = knot_pkt_rr(an, i);
-		if (!knot_dname_is_equal(rr->owner, cname)) {
+		if (!knot_dname_is_equal(rr->owner, query->sname) &&
+			!(follow_chain && knot_dname_is_equal(rr->owner, cname))) {
 			continue;
 		}
 		unsigned hint = 0;
@@ -366,10 +369,12 @@ static int process_answer(knot_pkt_t *pkt, struct kr_request *req)
 		if (state == KNOT_STATE_FAIL) {
 			return state;
 		}
-		follow_cname_chain(&cname, rr, query);
-		/* Trust only CNAME targets in current cut. */
-		if (!knot_dname_in(query->zone_cut.name, cname)) {
-			break;
+		/* Follow chain only within current cut. */
+		if (follow_chain) {
+			follow_cname_chain(&cname, rr, query);
+			if (!knot_dname_in(query->zone_cut.name, cname)) {
+				follow_chain = false; 
+			}
 		}
 	}
 
diff --git a/lib/layer/rrcache.c b/lib/layer/rrcache.c
index ea474f5fd..dde29829e 100644
--- a/lib/layer/rrcache.c
+++ b/lib/layer/rrcache.c
@@ -253,11 +253,11 @@ static int stash_answer(struct kr_query *qry, knot_pkt_t *pkt, map_t *stash, mm_
 		kr_rrmap_add(stash, rr, pool);
 		/* Follow CNAME chain in current cut. */
 		if (rr->type == KNOT_RRTYPE_CNAME) {
-			cname = knot_cname_name(&rr->rrs);
-			if (!knot_dname_in(qry->zone_cut.name, cname)) {
-				break;
+			const knot_dname_t *next_cname = knot_cname_name(&rr->rrs);
+			if (knot_dname_in(qry->zone_cut.name, next_cname)) {
+				cname = next_cname;
 			}
-		} else {
+		} else if (rr->type != KNOT_RRTYPE_RRSIG) {
 			cname = qry->sname;
 		}
 	}