From 542e0c84d1518a1515e03194dd25299b2652778c Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 18 Jan 2016 22:33:23 +0100
Subject: resolved: never consider following a CNAME/DNAME chain for a
 CNAME/DNAME lookup

Let's avoid thinking that a CNAME/DNAME chain traversal could be a good idea if QTYPE is already CNAME/DNAME.

(Also, let's bail out early when trying to see if some RR is a suitable CNAME/DNAME for some other RR).
---
 src/resolve/resolved-dns-query.c    | 2 +-
 src/resolve/resolved-dns-question.c | 9 ++++++++-
 src/resolve/resolved-dns-question.h | 2 +-
 3 files changed, 10 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c
index 2938238f27..1b7083d7dc 100644
--- a/src/resolve/resolved-dns-query.c
+++ b/src/resolve/resolved-dns-query.c
@@ -1268,7 +1268,7 @@ int dns_query_process_cname(DnsQuery *q) {
                 if (r > 0)
                         return DNS_QUERY_MATCH; /* The answer matches directly, no need to follow cnames */
 
-                r = dns_question_matches_cname(question, rr, DNS_SEARCH_DOMAIN_NAME(q->answer_search_domain));
+                r = dns_question_matches_cname_or_dname(question, rr, DNS_SEARCH_DOMAIN_NAME(q->answer_search_domain));
                 if (r < 0)
                         return r;
                 if (r > 0 && !cname)
diff --git a/src/resolve/resolved-dns-question.c b/src/resolve/resolved-dns-question.c
index fb5637779c..1e41a9aa3c 100644
--- a/src/resolve/resolved-dns-question.c
+++ b/src/resolve/resolved-dns-question.c
@@ -108,7 +108,7 @@ int dns_question_matches_rr(DnsQuestion *q, DnsResourceRecord *rr, const char *s
         return 0;
 }
 
-int dns_question_matches_cname(DnsQuestion *q, DnsResourceRecord *rr, const char *search_domain) {
+int dns_question_matches_cname_or_dname(DnsQuestion *q, DnsResourceRecord *rr, const char *search_domain) {
         unsigned i;
         int r;
 
@@ -117,7 +117,14 @@ int dns_question_matches_cname(DnsQuestion *q, DnsResourceRecord *rr, const char
         if (!q)
                 return 0;
 
+        if (!IN_SET(rr->key->type, DNS_TYPE_CNAME, DNS_TYPE_DNAME))
+                return 0;
+
         for (i = 0; i < q->n_keys; i++) {
+                /* For a {C,D}NAME record we can never find a matching {C,D}NAME record */
+                if (!dns_type_may_redirect(q->keys[i]->type))
+                        return 0;
+
                 r = dns_resource_key_match_cname_or_dname(q->keys[i], rr->key, search_domain);
                 if (r != 0)
                         return r;
diff --git a/src/resolve/resolved-dns-question.h b/src/resolve/resolved-dns-question.h
index 7ca9224e6f..98e1f0e366 100644
--- a/src/resolve/resolved-dns-question.h
+++ b/src/resolve/resolved-dns-question.h
@@ -45,7 +45,7 @@ int dns_question_new_service(DnsQuestion **ret, const char *service, const char
 int dns_question_add(DnsQuestion *q, DnsResourceKey *key);
 
 int dns_question_matches_rr(DnsQuestion *q, DnsResourceRecord *rr, const char *search_domain);
-int dns_question_matches_cname(DnsQuestion *q, DnsResourceRecord *rr, const char* search_domain);
+int dns_question_matches_cname_or_dname(DnsQuestion *q, DnsResourceRecord *rr, const char* search_domain);
 int dns_question_is_valid_for_query(DnsQuestion *q);
 int dns_question_contains(DnsQuestion *a, const DnsResourceKey *k);
 int dns_question_is_equal(DnsQuestion *a, DnsQuestion *b);
-- 
cgit v1.2.3-54-g00ecf