diff options
| author | Tom Gundersen <teg@jklm.no> | 2016-01-25 20:28:38 +0100 | 
|---|---|---|
| committer | Tom Gundersen <teg@jklm.no> | 2016-01-25 20:28:38 +0100 | 
| commit | f49ce89edf37a20abed923782dd8176d6c0e7166 (patch) | |
| tree | 5174563e958ef5be22eebd7d9b848d37e724a911 /src/resolve/resolved-dns-packet.c | |
| parent | 164228707d7785a27316e2f28be7068044127016 (diff) | |
| parent | 6c1e69f9456d022f14dd00737126cfa4d9cca10c (diff) | |
Merge pull request #2392 from poettering/dnssec18
eightteenth dnssec patch
Diffstat (limited to 'src/resolve/resolved-dns-packet.c')
| -rw-r--r-- | src/resolve/resolved-dns-packet.c | 19 | 
1 files changed, 12 insertions, 7 deletions
| diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c index 9a5223ef01..032e719595 100644 --- a/src/resolve/resolved-dns-packet.c +++ b/src/resolve/resolved-dns-packet.c @@ -2094,7 +2094,7 @@ int dns_packet_extract(DnsPacket *p) {          n = DNS_PACKET_RRCOUNT(p);          if (n > 0) { -                DnsResourceRecord *previous = NULL; +                _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *previous = NULL;                  bool bad_opt = false;                  answer = dns_answer_new(n); @@ -2150,12 +2150,12 @@ int dns_packet_extract(DnsPacket *p) {                                  }                                  if (has_rfc6975) { -                                        /* OPT RR contains RFC6975 algorithm data, then this is indication that the -                                         * server just copied the OPT it got from us (which contained that data) back -                                         * into the reply. If so, then it doesn't properly support EDNS, as RFC6975 -                                         * makes it very clear that the algorithm data should only be contained in -                                         * questions, never in replies. Crappy Belkin copy the OPT data for example, -                                         * hence let's detect this so that we downgrade early. */ +                                        /* If the OPT RR contains RFC6975 algorithm data, then this is indication that +                                         * the server just copied the OPT it got from us (which contained that data) +                                         * back into the reply. If so, then it doesn't properly support EDNS, as +                                         * RFC6975 makes it very clear that the algorithm data should only be contained +                                         * in questions, never in replies. Crappy Belkin routers copy the OPT data for +                                         * example, hence let's detect this so that we downgrade early. */                                          log_debug("OPT RR contained RFC6975 data, ignoring.");                                          bad_opt = true;                                          continue; @@ -2174,6 +2174,11 @@ int dns_packet_extract(DnsPacket *p) {                                  if (r < 0)                                          goto finish;                          } + +                        /* Remember this RR, so that we potentically can merge it's ->key object with the next RR. Note +                         * that we only do this if we actually decided to keep the RR around. */ +                        dns_resource_record_unref(previous); +                        previous = dns_resource_record_ref(rr);                  }                  if (bad_opt) | 
