diff options
| author | Lennart Poettering <lennart@poettering.net> | 2015-12-21 21:06:29 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2015-12-26 19:09:10 +0100 |
| commit | db5b0e92b3c23e6f360bd0f44a655b35921a6c98 (patch) | |
| tree | fd0e65c2ffbb98361882c76bbbabd6408ec91a2d /src/shared | |
| parent | 13b78323bad1e41e0474b833da2a0b72aab56f09 (diff) | |
resolved: tighten search for NSEC3 RRs a bit
Be stricter when searching suitable NSEC3 RRs for proof: generalize the
check we use to find suitable NSEC3 RRs, in nsec3_is_good(), and add
additional checks, such as checking whether all NSEC3 RRs use the same
parameters, have the same suffix and so on.
Diffstat (limited to 'src/shared')
| -rw-r--r-- | src/shared/dns-domain.c | 18 | ||||
| -rw-r--r-- | src/shared/dns-domain.h | 2 |
2 files changed, 20 insertions, 0 deletions
diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c index f3dbf60395..f44e80c9db 100644 --- a/src/shared/dns-domain.c +++ b/src/shared/dns-domain.c @@ -1215,3 +1215,21 @@ int dns_name_count_labels(const char *name) { return (int) n; } + +int dns_name_equal_skip(const char *a, unsigned n_labels, const char *b) { + int r; + + assert(a); + assert(b); + + while (n_labels > 0) { + + r = dns_name_parent(&a); + if (r <= 0) + return r; + + n_labels --; + } + + return dns_name_equal(a, b); +} diff --git a/src/shared/dns-domain.h b/src/shared/dns-domain.h index 7b509729fb..dd8ae3ac98 100644 --- a/src/shared/dns-domain.h +++ b/src/shared/dns-domain.h @@ -102,3 +102,5 @@ int dns_service_split(const char *joined, char **name, char **type, char **domai int dns_name_suffix(const char *name, unsigned n_labels, const char **ret); int dns_name_count_labels(const char *name); + +int dns_name_equal_skip(const char *a, unsigned n_labels, const char *b); |