diff options
author | Lennart Poettering <lennart@poettering.net> | 2015-12-22 18:20:09 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2015-12-26 19:09:10 +0100 |
commit | d1c4ee32480cb997b673ca8396ca95c70be610f7 (patch) | |
tree | ee0b87656bef0a1b9bccf845d6b3928aa8ee9de1 | |
parent | 6b2f709364b3bb4277de3d6fa2e5b45ba3c12424 (diff) |
resolved: be stricter when searching for a DS RR for a DNSKEY RR
-rw-r--r-- | src/resolve/resolved-dns-dnssec.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c index 482ee4a0b3..f37f1d91be 100644 --- a/src/resolve/resolved-dns-dnssec.c +++ b/src/resolve/resolved-dns-dnssec.c @@ -831,6 +831,15 @@ int dnssec_verify_dnskey_search(DnsResourceRecord *dnskey, DnsAnswer *validated_ if (ds->key->type != DNS_TYPE_DS) continue; + if (ds->key->class != dnskey->key->class) + continue; + + r = dns_name_equal(DNS_RESOURCE_KEY_NAME(dnskey->key), DNS_RESOURCE_KEY_NAME(ds->key)); + if (r < 0) + return r; + if (r == 0) + continue; + r = dnssec_verify_dnskey(dnskey, ds); if (r < 0) return r; |