Commit 9f1bca36 authored by Mark Andrews's avatar Mark Andrews

1546. [bug] We were rejecting valid secure CNAME to negative

                        answers.
reviewed: explorer
parent 9991accf
1546. [bug] We were rejecting valid secure CNAME to negative
answers.
1545. [bug] It was possible to leak memory if named was unable to
bind to the specified transfer source and TSIG was
being used. [RT #10120]
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: resolver.c,v 1.272 2003/10/26 21:33:47 marka Exp $ */
/* $Id: resolver.c,v 1.273 2004/01/05 05:42:16 marka Exp $ */
#include <config.h>
......@@ -4356,21 +4356,20 @@ answer_response(fetchctx_t *fctx) {
* We could add an "else" clause here and
* log that we're ignoring this rdataset.
*/
/*
* If wanted_chaining is true, we've done
* some chaining as the result of processing
* this node, and thus we need to set
* chaining to true.
*
* We don't set chaining inside of the
* rdataset loop because doing that would
* cause us to ignore the signatures of
* CNAMEs.
*/
if (wanted_chaining)
chaining = ISC_TRUE;
}
/*
* If wanted_chaining is true, we've done
* some chaining as the result of processing
* this node, and thus we need to set
* chaining to true.
*
* We don't set chaining inside of the
* rdataset loop because doing that would
* cause us to ignore the signatures of
* CNAMEs.
*/
if (wanted_chaining)
chaining = ISC_TRUE;
} else {
/*
* Look for a DNAME (or its SIG). Anything else is
......@@ -4508,7 +4507,7 @@ answer_response(fetchctx_t *fctx) {
/*
* Did chaining end before we got the final answer?
*/
if (want_chaining) {
if (chaining) {
/*
* Yes. This may be a negative reply, so hand off
* authority section processing to the noanswer code.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment