From 0f7091e624fdba6c0bf281f2a9a23cd3e9ca93fb Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 18 Jan 2016 20:21:55 +0100
Subject: resolved: be slightly stricter when validating DnsQuestion

Also verify whether the DNS RR types are actually suitable for a question.
---
 src/resolve/resolved-dns-question.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

(limited to 'src/resolve/resolved-dns-question.c')

diff --git a/src/resolve/resolved-dns-question.c b/src/resolve/resolved-dns-question.c
index a8225e2e94..d3a6c14ed1 100644
--- a/src/resolve/resolved-dns-question.c
+++ b/src/resolve/resolved-dns-question.c
@@ -21,6 +21,7 @@
 
 #include "alloc-util.h"
 #include "dns-domain.h"
+#include "dns-type.h"
 #include "resolved-dns-question.h"
 
 DnsQuestion *dns_question_new(unsigned n) {
@@ -144,12 +145,17 @@ int dns_question_is_valid_for_query(DnsQuestion *q) {
                 return 0;
 
         /* Check that all keys in this question bear the same name */
-        for (i = 1; i < q->n_keys; i++) {
+        for (i = 0; i < q->n_keys; i++) {
                 assert(q->keys[i]);
 
-                r = dns_name_equal(DNS_RESOURCE_KEY_NAME(q->keys[i]), name);
-                if (r <= 0)
-                        return r;
+                if (i > 0) {
+                        r = dns_name_equal(DNS_RESOURCE_KEY_NAME(q->keys[i]), name);
+                        if (r <= 0)
+                                return r;
+                }
+
+                if (!dns_type_is_valid_query(q->keys[i]->type))
+                        return 0;
         }
 
         return 1;
-- 
cgit v1.2.3-54-g00ecf