Commit a2f941e1 authored by Ondřej Surý's avatar Ondřej Surý Committed by Ondřej Surý

Merge branch 'fix-auth-qname' into 'master'

layer\iterate: when processing delegations, check if qname is at\below new authority

See merge request !229
parent 43329419
......@@ -209,8 +209,10 @@ static int update_cut(knot_pkt_t *pkt, const knot_rrset_t *rr,
int state = KR_STATE_CONSUME;
/* New authority MUST be at/below the authority of the current cut;
* also qname must be below new authority;
* otherwise it's a possible cache injection attempt. */
if (!knot_dname_in(current_cut, rr->owner)) {
if (!knot_dname_in(current_cut, rr->owner) ||
!knot_dname_in(rr->owner, qry->sname)) {
VERBOSE_MSG("<= authority: ns outside bailiwick\n");
#ifdef STRICT_MODE
return KR_STATE_FAIL;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment