From: Mark Andrews <marka@isc.org>
Date: Tue, 29 Sep 2020 03:25:44 +0000 (+1000)
Subject: Check that sig0 name is the root.
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=6ec335798a2de41d85a14219c74acb972e419b01;p=thirdparty%2Fbind9.git

Check that sig0 name is the root.

(cherry picked from commit 5b5f1ba0b2c424425cd7f713ec8f979a127d4f52)
---

diff --git a/lib/dns/message.c b/lib/dns/message.c
index 6fee6b15590..7d9ee5f9d80 100644
--- a/lib/dns/message.c
+++ b/lib/dns/message.c
@@ -1491,7 +1491,8 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
 			covers = dns_rdata_covers(rdata);
 			if (covers == 0) {
 				if (sectionid != DNS_SECTION_ADDITIONAL ||
-				    count != msg->counts[sectionid] - 1)
+				    count != msg->counts[sectionid] - 1 ||
+				    !dns_name_equal(name, dns_rootname))
 				{
 					DO_ERROR(DNS_R_BADSIG0);
 				} else {