diff options
| author | Lennart Poettering <lennart@poettering.net> | 2015-12-02 20:53:10 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2015-12-02 22:50:11 +0100 |
| commit | f91dc2400dc33e9a0745ecaaef7489af116dca38 (patch) | |
| tree | ef3d5aa7d6a623a4360f62cf14b096327f730396 /src/resolve/resolved-dns-rr.c | |
| parent | e30ec345ace45bfdd6e82fff60682ccf2942b238 (diff) | |
resolved: store DNSKEY fields flags+protocol as-is
When verifying signatures we need to be able to verify the original
data we got for an RR set, and that means we cannot simply drop flags
bits or consider RRs invalid too eagerly. Hence, instead of parsing the
DNSKEY flags store them as-is. Similar, accept the protocol field as it
is, and don't consider it a parsing error if it is not 3.
Of course, this means that the DNSKEY handling code later on needs to
check explicit for protocol != 3.
Diffstat (limited to 'src/resolve/resolved-dns-rr.c')
| -rw-r--r-- | src/resolve/resolved-dns-rr.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/resolve/resolved-dns-rr.c b/src/resolve/resolved-dns-rr.c index 4a1abb0cdc..09fe9725a2 100644 --- a/src/resolve/resolved-dns-rr.c +++ b/src/resolve/resolved-dns-rr.c @@ -576,8 +576,8 @@ int dns_resource_record_equal(const DnsResourceRecord *a, const DnsResourceRecor memcmp(a->sshfp.fingerprint, b->sshfp.fingerprint, a->sshfp.fingerprint_size) == 0; case DNS_TYPE_DNSKEY: - return a->dnskey.zone_key_flag == b->dnskey.zone_key_flag && - a->dnskey.sep_flag == b->dnskey.sep_flag && + return a->dnskey.flags == b->dnskey.flags && + a->dnskey.protocol == b->dnskey.protocol && a->dnskey.algorithm == b->dnskey.algorithm && a->dnskey.key_size == b->dnskey.key_size && memcmp(a->dnskey.key, b->dnskey.key, a->dnskey.key_size) == 0; @@ -883,9 +883,10 @@ int dns_resource_record_to_string(const DnsResourceRecord *rr, char **ret) { if (!t) return -ENOMEM; - r = asprintf(&s, "%s %u 3 %.*s%.*u %s", + r = asprintf(&s, "%s %u %u %.*s%.*u %s", k, - dnskey_to_flags(rr), + rr->dnskey.flags, + rr->dnskey.protocol, alg ? -1 : 0, alg, alg ? 0 : 1, alg ? 0u : (unsigned) rr->dnskey.algorithm, t); |