diff options
author | dougb <dougb@FreeBSD.org> | 2005-03-17 08:04:02 +0000 |
---|---|---|
committer | dougb <dougb@FreeBSD.org> | 2005-03-17 08:04:02 +0000 |
commit | 6c00746d362144ea66eb0e93ad2dca75df176135 (patch) | |
tree | 56538def4af42f6875185c84274a942bf33b5d24 /contrib/bind9/lib/dns/validator.c | |
parent | 46172d5768cf5570203b7b39866b786fec8be024 (diff) | |
download | FreeBSD-src-6c00746d362144ea66eb0e93ad2dca75df176135.zip FreeBSD-src-6c00746d362144ea66eb0e93ad2dca75df176135.tar.gz |
Vendor import of BIND 9.3.1
Diffstat (limited to 'contrib/bind9/lib/dns/validator.c')
-rw-r--r-- | contrib/bind9/lib/dns/validator.c | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/contrib/bind9/lib/dns/validator.c b/contrib/bind9/lib/dns/validator.c index c55c893..069b9c2 100644 --- a/contrib/bind9/lib/dns/validator.c +++ b/contrib/bind9/lib/dns/validator.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: validator.c,v 1.91.2.5.8.12 2004/06/11 01:17:36 marka Exp $ */ +/* $Id: validator.c,v 1.91.2.5.8.15 2005/02/09 05:13:02 marka Exp $ */ #include <config.h> @@ -497,6 +497,8 @@ nsecnoexistnodata(dns_validator_t *val, dns_name_t* name, dns_name_t *nsecname, REQUIRE(exists != NULL); REQUIRE(data != NULL); + REQUIRE(nsecset != NULL && + nsecset->type == dns_rdatatype_nsec); result = dns_rdataset_first(nsecset); if (result != ISC_R_SUCCESS) { @@ -661,7 +663,7 @@ authvalidated(isc_task_t *task, isc_event_t *event) { if (rdataset->trust == dns_trust_secure) val->seensig = ISC_TRUE; - if (val->nsecset != NULL && + if (rdataset->type == dns_rdatatype_nsec && rdataset->trust == dns_trust_secure && ((val->attributes & VALATTR_NEEDNODATA) != 0 || (val->attributes & VALATTR_NEEDNOQNAME) != 0) && @@ -2354,8 +2356,18 @@ proveunsecure(dns_validator_t *val, isc_boolean_t resume) { } if (result == ISC_R_NOTFOUND) { - if (!val->havedlvsep) + if (!val->havedlvsep) { + validator_log(val, ISC_LOG_DEBUG(3), + "not beneath secure root / DLV"); + if (val->mustbesecure) { + validator_log(val, ISC_LOG_WARNING, + "must be secure failure"); + result = DNS_R_MUSTBESECURE; + goto out; + } + val->event->rdataset->trust = dns_trust_answer; return (ISC_R_SUCCESS); + } dns_name_copy(dns_fixedname_name(&val->dlvsep), dns_fixedname_name(&secroot), NULL); } else if (result != ISC_R_SUCCESS) |