Commit 3638f234 authored by Karel Slaný's avatar Karel Slaný

lib/zonecut: kr_zonecut_set() does not reset TA and DNSKEY

The trust anchor and keys are not changed in order not to disrupt packet
validation.
parent 0b12cb32
......@@ -540,7 +540,11 @@ static int validate_section(struct kr_query *qry, knot_pkt_t *answer,
}
}
/* Validate RRSet. */
ret = kr_rrset_validate(sec, covered, qry->zone_cut.key, qry->zone_cut.name, qry->timestamp.tv_sec);
/* Can't use qry->zone_cut.name directly, as this name can
* change when updating cut information before validation.
*/
const knot_dname_t *zone_name = qry->zone_cut.key ? qry->zone_cut.key->owner : NULL;
ret = kr_rrset_validate(sec, covered, qry->zone_cut.key, zone_name, qry->timestamp.tv_sec);
if (ret != 0) {
break;
}
......
......@@ -105,8 +105,13 @@ void kr_zonecut_set(struct kr_zonecut *cut, const knot_dname_t *name)
if (!cut || !name) {
return;
}
knot_rrset_t *key, *ta;
key = cut->key; cut->key = NULL;
ta = cut->trust_anchor; cut->trust_anchor = NULL;
kr_zonecut_deinit(cut);
kr_zonecut_init(cut, name, cut->pool);
cut->key = key;
cut->trust_anchor = ta;
}
static int copy_addr_set(const char *k, void *v, void *baton)
......
......@@ -51,7 +51,7 @@ void kr_zonecut_deinit(struct kr_zonecut *cut);
/**
* Reset zone cut to given name and clear address list.
* @note This clears the address list even if the name doesn't change.
* @note This clears the address list even if the name doesn't change. TA and DNSKEY don't change.
* @param cut zone cut to be set
* @param name new zone cut name
*/
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment