Commit 9eec2d8f authored by Mark Andrews's avatar Mark Andrews

be more selective about CNAME, expect DNAME

parent 7c9a748b
Pipeline #9424 passed with stages
in 1 minute and 12 seconds
......@@ -2264,7 +2264,7 @@ process(struct workitem *item, unsigned char *buf, int buflen, int port) {
int tsig_not_last = 0, tsig_bad_class = 0, tsig_bad_ttl = 0;
int tsig_wrong_key = 0, tsig_wrong_alg = 0, tsig_bad_time = 0;
int tsig_bad_other_len = 0, tsig_bad_sig = 0, tsig_bad_fudge = 0;
int n;
int n, cname = 0, dname = 0, rrsig = 0, found = 0;
char addrbuf[64];
int ednsvers = 0;
int ok = 1;
......@@ -2422,6 +2422,27 @@ process(struct workitem *item, unsigned char *buf, int buflen, int port) {
cp += 2;
if ((eom - cp) < rdlen)
goto err;
if (item->type == 0) {
/*
* RRSIG due to DNSSEC?
*/
if (opts[item->test].type != ns_t_rrsig &&
opts[item->test].type != ns_t_any &&
(opts[item->test].flags & 0x8000) != 0 &&
type == ns_t_rrsig)
rrsig++;
if (opts[item->test].type != ns_t_cname &&
opts[item->test].type != ns_t_any &&
type == ns_t_cname)
cname++;
if (opts[item->test].type != ns_t_dname &&
opts[item->test].type != ns_t_any &&
type == ns_t_dname)
dname++;
if (opts[item->test].type == type ||
opts[item->test].type == ns_t_any)
found++;
}
/* Don't follow CNAME for A and AAAA lookups. */
if ((item->type == ns_t_a ||
item->type == ns_t_aaaa) &&
......@@ -2931,6 +2952,10 @@ process(struct workitem *item, unsigned char *buf, int buflen, int port) {
buflen > (opts[item->test].udpsize ? opts[item->test].udpsize : 512))
addtag(item, "toobig"), ok = 0;
if (cname + rrsig + found + dname != ancount) {
addtag(item, "extra"), ok = 0;
}
/* Only record seenrrsig if the test is "do". */
if (seenrrsig && strcmp(opts[item->test].name, "do") == 0)
item->summary->seenrrsig = 1;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment