From: Wouter Wijngaards <wouter@NLnetLabs.nl>
Date: Thu, 8 Apr 2010 13:05:09 +0000 (+0000)
Subject: Fix signatures over wildcards.
X-Git-Tag: release-1.6.5~42
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ef481d15cb56f138162ac4534412b0dc20b87c6b;p=thirdparty%2Fldns.git

Fix signatures over wildcards.
ldns_dname_is_wildcard exported.
---

diff --git a/Changelog b/Changelog
index 68572292..a9e81b15 100644
--- a/Changelog
+++ b/Changelog
@@ -20,6 +20,8 @@
 	  OpenSSL 1.0.0 is necessary (or use --disable-gost).
 	* Fixed comment in rbtree.h about being first member and data ptr.
 	* Fixed possibly leak in case of out of memory in ldns_native2rdf...
+	* ldns_dname_is_wildcard added.
+	* Fixed: signatures over wildcards had the wrong labelcount.
 
 1.6.4	2010-01-20
 	* Imported pyldns contribution by Zdenek Vasicek and Karel Slany.
diff --git a/dname.c b/dname.c
index ae094da3..5b96fcdf 100644
--- a/dname.c
+++ b/dname.c
@@ -416,7 +416,7 @@ ldns_dname_compare(const ldns_rdf *dname1, const ldns_rdf *dname2)
 	return result;
 }
 
-static int
+int
 ldns_dname_is_wildcard(const ldns_rdf* dname)
 {
 	return ( ldns_dname_label_count(dname) > 0 &&
diff --git a/dnssec_sign.c b/dnssec_sign.c
index a940d0d5..e6e63acf 100644
--- a/dnssec_sign.c
+++ b/dnssec_sign.c
@@ -31,6 +31,9 @@ ldns_create_empty_rrsig(ldns_rr_list *rrset,
 
 	label_count = ldns_dname_label_count(ldns_rr_owner(ldns_rr_list_rr(rrset,
 	                                                   0)));
+        /* RFC4035 2.2: not counting the leftmost label if it is a wildcard */
+        if(ldns_dname_is_wildcard(ldns_rr_owner(ldns_rr_list_rr(rrset, 0))))
+                label_count --; 
 	
 	current_sig = ldns_rr_new_frm_type(LDNS_RR_TYPE_RRSIG);
 	
diff --git a/ldns/dname.h b/ldns/dname.h
index b144b4c7..78560961 100644
--- a/ldns/dname.h
+++ b/ldns/dname.h
@@ -183,4 +183,11 @@ bool ldns_dname_str_absolute(const char *dname_str);
  */
 ldns_rdf * ldns_dname_label(const ldns_rdf *rdf, uint8_t labelpos);
 
+/**
+ * Check if dname is a wildcard, starts with *.
+ * \param[in] dname: the rdf to look in
+ * \return true if a wildcard, false if not.
+ */
+int ldns_dname_is_wildcard(const ldns_rdf* dname);
+
 #endif	/* LDNS_DNAME_H */
diff --git a/ldns_symbols.def b/ldns_symbols.def
index 4daa195f..6673f2e0 100644
--- a/ldns_symbols.def
+++ b/ldns_symbols.def
@@ -47,6 +47,7 @@ ldns_dname_compare
 ldns_dname_compare_v
 ldns_dname_interval
 ldns_dname_is_subdomain
+ldns_dname_is_wildcard
 ldns_dname_label
 ldns_dname_label_count
 ldns_dname_left_chop