323. [bug] dns_rbt_findname() did not ignore empty rbt nodes.
Because of this, servers authoritative for a parent
and grandchild zone but not authoritative for the
intervening child zone did not correctly issue
referrals to the servers of the child zone.
+ 323. [bug] dns_rbt_findname() did not ignore empty rbt nodes.
+ Because of this, servers authoritative for a parent
+ and grandchild zone but not authoritative for the
+ intervening child zone did not correctly issue
+ referrals to the servers of the child zone.
+
322. [bug] Queries for KEY RRs are now sent to the parent
server before the authoritative one, making
DNSSEC insecurity proofs work in many cases
* SOFTWARE.
*/
-/* $Id: rbt.h,v 1.40 2000/06/22 21:55:55 tale Exp $ */
+/* $Id: rbt.h,v 1.40.2.1 2000/07/10 23:54:35 gson Exp $ */
#ifndef DNS_RBT_H
#define DNS_RBT_H 1
* Find the node for 'name'.
*
* Notes:
- * It is _not_ required that the node associated with 'name' has a
- * non-NULL data pointer for an exact match. A partial match must
- * have associated data, unless the DNS_RBTFIND_EMPTYDATA option is set.
+ * A node that has no data is considered not to exist for this function,
+ * unless the DNS_RBTFIND_EMPTYDATA option is set. This applies to both
+ * exact matches and partial matches.
*
* If the chain parameter is non-NULL, then the path through the tree
* to the DNSSEC predecessor of the searched for name is maintained,
* how the various elements of the chain are set. This was done to
* ensure that the chain's state was sane, and to prevent problems that
* occurred when running the predecessor location code under conditions
- * it was not designed for. It is clear *where* the chain should point
- * when DNS_RBTFIND_NOEXACT is set, so if you end up using a chain
+ * it was not designed for. It is not clear *where* the chain should
+ * point when DNS_RBTFIND_NOEXACT is set, so if you end up using a chain
* with this option because you want a particular node, let us know
* where you want the chain pointed, so this can be made more firm.
*
- * A node that has no data is considered not to exist for this function,
- * unless the DNS_RBTFIND_EMPTYDATA option is set.
- *
* Requires:
* rbt is a valid rbt manager.
* dns_name_isabsolute(name) == TRUE.
* SOFTWARE.
*/
-/* $Id: rbt.c,v 1.83 2000/06/19 22:55:42 tale Exp $ */
+/* $Id: rbt.c,v 1.83.2.1 2000/07/10 23:54:33 gson Exp $ */
/* Principal Authors: DCL */
}
}
- if (current != NULL && (options & DNS_RBTFIND_NOEXACT) == 0) {
+ /*
+ * If current is not NULL, NOEXACT is not disallowing exact matches,
+ * and either the node has data or an empty node is ok, return
+ * ISC_R_SUCCESS to indicate an exact match.
+ */
+ if (current != NULL && (options & DNS_RBTFIND_NOEXACT) == 0 &&
+ (DATA(current) != NULL ||
+ (options & DNS_RBTFIND_EMPTYDATA) != 0)) {
/*
* Found an exact match.
*/
if (current != NULL) {
/*
- * There was an exact match but DNS_RBTFIND_NOEXACT
- * was set. A policy decision was made to set the
+ * There was an exact match but either
+ * DNS_RBTFIND_NOEXACT was set, or
+ * DNS_RBTFIND_EMPTYDATA was set and the node had no
+ * data. A policy decision was made to set the
* chain to the exact match, but this is subject
* to change if it becomes apparent that something
* else would be more useful. It is important that
* this case is handled here, because the predecessor
* setting code below assumes the match was not exact.
*/
- INSIST((options & DNS_RBTFIND_NOEXACT) != 0);
+ INSIST(((options & DNS_RBTFIND_NOEXACT) != 0) ||
+ ((options & DNS_RBTFIND_EMPTYDATA) == 0 &&
+ DATA(current) == NULL));
chain->end = current;
} else if ((options & DNS_RBTFIND_NOPREDECESSOR) != 0) {
result = dns_rbt_findnode(rbt, name, foundname, &node, NULL,
options, NULL, NULL);
- if (node != NULL && DATA(node) != NULL)
+ if (node != NULL &&
+ (DATA(node) != NULL || (options & DNS_RBTFIND_EMPTYDATA) != 0))
*data = DATA(node);
else
result = ISC_R_NOTFOUND;
projects / thirdparty / bind9.git / commitdiff
