Skip to content

D
Dnsmasq
Commit ce5732e8 authored by Simon Kelley's avatar Simon Kelley
Browse files
Options

NSEC3 check: RFC5155 para 8.2

parent a86fdf43
Hide whitespace changes
Inline Side-by-side
Showing with 6 additions and 2 deletions
src/dnssec.c
View file @ ce5732e8
...@@ -1704,7 +1704,7 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns ...@@ -1704,7 +1704,7 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns
for (i = 0; i < nsec_count; i++) for (i = 0; i < nsec_count; i++)
{ {
unsigned char *nsec3p = nsecs[i]; unsigned char *nsec3p = nsecs[i];
int this_iter; int this_iter, flags;
nsecs[i] = NULL; /* Speculative, will be restored if OK. */ nsecs[i] = NULL; /* Speculative, will be restored if OK. */
...@@ -1716,8 +1716,12 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns ...@@ -1716,8 +1716,12 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns
if (*p++ != algo) if (*p++ != algo)
continue; continue;
p++; /* flags */ flags = *p++; /* flags */
/* 5155 8.2 */
if (flags != 0 && flags != 1)
continue;
GETSHORT(this_iter, p); GETSHORT(this_iter, p);
if (this_iter != iterations) if (this_iter != iterations)
continue; continue;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment