Fix update forwarding bug

The wrong tls configuration was picked here. It should be of the
primary that is selected by forward->which, not zone->curprimary.

This bug may cause BIND to select the wrong primary when retrieving
the TLS settings, or cause a crash in case the wrongly selected primary
has no TLS settings.

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 2b5f860713223db75729f01221f31943009613d1..83f5aac850f7c0991aa6e1bd96813540067ab9a0 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -18354,7 +18354,7 @@ sendtoprimary(dns_forward_t *forward) {
            zone->primarytlsnames[forward->which] != NULL)
        {
                dns_view_t *view = dns_zone_getview(zone);
-               dns_name_t *tlsname = zone->primarytlsnames[zone->curprimary];
+               dns_name_t *tlsname = zone->primarytlsnames[forward->which];
 
                result = dns_view_gettransport(view, DNS_TRANSPORT_TLS, tlsname,
                                               &forward->transport);