Commit 32b2cdf2 authored by Brian Wellington's avatar Brian Wellington
Browse files

427. [bug] Avoid going into an infinite loop when the validator

                        gets a negative response to a key query where the
                        records are signed by the missing key.
parent b42a7e9d
427. [bug] Avoid going into an infinite loop when the validator
gets a negative response to a key query where the
records are signed by the missing key.
426. [bug] Attempting to generate an oversized RSA key could
cause dnssec-keygen to dump core.
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: validator.c,v 1.76 2000/08/26 01:36:58 bwelling Exp $ */
/* $Id: validator.c,v 1.77 2000/09/07 19:46:51 bwelling Exp $ */
#include <config.h>
......@@ -1103,6 +1103,22 @@ nxtvalidate(dns_validator_t *val, isc_boolean_t resume) {
if (sigrdataset == NULL)
continue;
val->seensig = ISC_TRUE;
if (val->event->type == dns_rdatatype_key &&
dns_name_equal(name, val->event->name))
{
dns_rdata_t nxt;
if (rdataset->type != dns_rdatatype_nxt)
continue;
result = dns_rdataset_first(rdataset);
INSIST(result == ISC_R_SUCCESS);
dns_rdata_init(&nxt);
dns_rdataset_current(rdataset, &nxt);
if (dns_nxt_typepresent(&nxt,
dns_rdatatype_soa))
continue;
}
val->authvalidator = NULL;
val->currentset = rdataset;
result = dns_validator_create(val->view, name,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment