- Fix that rpz CNAME content is limited to the max number of cnames.

diff --git a/doc/Changelog b/doc/Changelog
index 69d80fda34162d69d9dc8892c60d48534e210c34..6f413e7a0633e28e16a0a6253aba413e21a62116 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+18 March 2024: Wouter
+       - Fix that rpz CNAME content is limited to the max number of cnames.
+
 15 March 2024: Yorgos
        - Merge #1030: Persist the openssl and expat directories for repeated
          Windows builds.

diff --git a/iterator/iterator.c b/iterator/iterator.c
index e35d8e34a9aa9eba8c93f30553b314ad84772656..ad67a32412e2806df1652cc416f46c58eb78aa3e 100644 (file)
--- a/iterator/iterator.c
+++ b/iterator/iterator.c
@@ -1453,10 +1453,12 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
                                /* apply rpz qname triggers after cname */
                                struct dns_msg* forged_response =
                                        rpz_callback_from_iterator_cname(qstate, iq);
+                               int count = 0;
                                while(forged_response && reply_find_rrset_section_an(
                                        forged_response->rep, iq->qchase.qname,
                                        iq->qchase.qname_len, LDNS_RR_TYPE_CNAME,
-                                       iq->qchase.qclass)) {
+                                       iq->qchase.qclass) &&
+                                       count++ < ie->max_query_restarts) {
                                        /* another cname to follow */
                                        if(!handle_cname_response(qstate, iq, forged_response,
                                                &sname, &slen)) {
@@ -2751,10 +2753,12 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
                /* apply rpz triggers at query time */
                struct dns_msg* forged_response_after_cname;
                struct dns_msg* forged_response = rpz_callback_from_iterator_module(qstate, iq);
+               int count = 0;
                while(forged_response && reply_find_rrset_section_an(
                        forged_response->rep, iq->qchase.qname,
                        iq->qchase.qname_len, LDNS_RR_TYPE_CNAME,
-                       iq->qchase.qclass)) {
+                       iq->qchase.qclass) &&
+                       count++ < ie->max_query_restarts) {
                        /* another cname to follow */
                        if(!handle_cname_response(qstate, iq, forged_response,
                                &sname, &snamelen)) {
@@ -3382,10 +3386,12 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
                        /* apply rpz qname triggers after cname */
                        struct dns_msg* forged_response =
                                rpz_callback_from_iterator_cname(qstate, iq);
+                       int count = 0;
                        while(forged_response && reply_find_rrset_section_an(
                                forged_response->rep, iq->qchase.qname,
                                iq->qchase.qname_len, LDNS_RR_TYPE_CNAME,
-                               iq->qchase.qclass)) {
+                               iq->qchase.qclass) &&
+                               count++ < ie->max_query_restarts) {
                                /* another cname to follow */
                                if(!handle_cname_response(qstate, iq, forged_response,
                                        &sname, &snamelen)) {