summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWillem Toorop <willem@nlnetlabs.nl>2013-11-19 14:36:58 +0100
committerWillem Toorop <willem@nlnetlabs.nl>2013-11-19 14:36:58 +0100
commit75955dd2378e631978d0e7ff01f7c5dde5f17c48 (patch)
tree114da6e79b65f9874ba0501e1abe223831826244
parentca999545a54bd859db317fb82310240824bb56a6 (diff)
downloadldns-75955dd2378e631978d0e7ff01f7c5dde5f17c48.tar.gz
bugfix #530 Don't sign and verify duplicate RRs
Thanks Jelte Jansen
-rw-r--r--Changelog11
-rw-r--r--dnssec_zone.c7
-rw-r--r--ldns/dnssec_zone.h3
-rw-r--r--rr.c2
4 files changed, 10 insertions, 13 deletions
diff --git a/Changelog b/Changelog
index dc635f2d..68dba6a8 100644
--- a/Changelog
+++ b/Changelog
@@ -36,10 +36,6 @@
* ldns-verify-zone NSEC3 checking from quadratic to linear performance.
Thanks NIC MX (nicmexico.mx)
* ldns-dane setup new ssl session for each new connect to prevent hangs
- * Parsing from and to wire and presentation format for draft rr types
- must be explicitely enabled with the --enable-draft-rrtypes option
- to conifigure. This applies to: NINFO, RKEY, CDS, EUI48, EUI64, URI
- and TA
* Bump version to 1.7.0
* The version of shared library now has similar scheme as libunbound.
ldns 1.7.0 will have shared library version (SONAME) 2.0.0
@@ -53,9 +49,10 @@
* Optimize TSIG digest function name comparison (Thanks Marc Buijsman)
* Compare names case insensitive with ldns_pkt_rr_list_by_name and
ldns_pkt_rr_list_by_name_and_type (thanks Johannes Naab)
- * Replace --enable-draft-rrtypes with a seperate --enable for each
- draft RR type: --enable-rrtype-ninfo, --enable-rrtype-rkey,
- --enable-rrtype-cds, --enable-rrtype-uri and --enable-rrtype-ta
+ * A separate --enable for each draft RR type: --enable-rrtype-ninfo,
+ --enable-rrtype-rkey, --enable-rrtype-cds, --enable-rrtype-uri and
+ --enable-rrtype-ta
+ * bugfix #530: Don't sign and verify duplicate RRs (Thanks Jelte Jansen)
1.6.16 2012-11-13
* Fix Makefile to build pyldns with BSD make
diff --git a/dnssec_zone.c b/dnssec_zone.c
index 3d9558bf..60d62eae 100644
--- a/dnssec_zone.c
+++ b/dnssec_zone.c
@@ -54,10 +54,8 @@ ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr)
/* this could be done more efficiently; name and type should already
be equal */
- cmp = ldns_rr_compare(rrs->rr,
- rr);
- /* should we error on equal? */
- if (cmp <= 0) {
+ cmp = ldns_rr_compare(rrs->rr, rr);
+ if (cmp < 0) {
if (rrs->next) {
return ldns_dnssec_rrs_add_rr(rrs->next, rr);
} else {
@@ -74,6 +72,7 @@ ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr)
rrs->rr = rr;
rrs->next = new_rrs;
}
+ /* Silently ignore equal rr's */
return LDNS_STATUS_OK;
}
diff --git a/ldns/dnssec_zone.h b/ldns/dnssec_zone.h
index 42947355..b794f942 100644
--- a/ldns/dnssec_zone.h
+++ b/ldns/dnssec_zone.h
@@ -126,7 +126,8 @@ void ldns_dnssec_rrs_free(ldns_dnssec_rrs *rrs);
void ldns_dnssec_rrs_deep_free(ldns_dnssec_rrs *rrs);
/**
- * Adds an RR to the list of RRs. The list will remain ordered
+ * Adds an RR to the list of RRs. The list will remain ordered.
+ * If an equal RR already exists, this RR will not be added.
*
* \param[in] rrs the list to add to
* \param[in] rr the RR to add
diff --git a/rr.c b/rr.c
index 01aad321..cfee170e 100644
--- a/rr.c
+++ b/rr.c
@@ -2139,7 +2139,7 @@ static ldns_rr_descriptor rdata_field_descriptors[] = {
{LDNS_RR_TYPE_NINFO, "NINFO", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 },
#else
{LDNS_RR_TYPE_NULL, "TYPE56", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
-#fi
+#endif
#ifdef RRTYPE_RKEY
/* 57 */
{LDNS_RR_TYPE_RKEY, "RKEY", 4, 4, type_key_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },