--- bind-9.3.6-P1/lib/dns/validator.c.rh555118 2010-01-18 15:35:17.587785286 +0100
+++ bind-9.3.6-P1/lib/dns/validator.c 2010-01-18 15:37:33.335285482 +0100
@@ -2544,20 +2544,22 @@ proveunsecure(dns_validator_t *val, isc_
if (val->havedlvsep)
dns_name_copy(dns_fixedname_name(&val->dlvsep), secroot, NULL);
else {
+ unsigned int labels;
dns_name_copy(val->event->name, secroot, NULL);
+
/*
* If this is a response to a DS query, we need to look in
* the parent zone for the trust anchor.
*/
- if (val->event->type == dns_rdatatype_ds &&
- dns_name_countlabels(secroot) > 1U)
- dns_name_split(secroot, 1, NULL, secroot);
+ labels = dns_name_countlabels(secroot);
+ if (val->event->type == dns_rdatatype_ds && labels > 1U)
+ dns_name_getlabelsequence(secroot, 1, labels - 1,
+ secroot);
+
result = dns_keytable_finddeepestmatch(val->keytable,
secroot, secroot);
if (result == ISC_R_NOTFOUND) {
- validator_log(val, ISC_LOG_DEBUG(3),
- "not beneath secure root");
if (val->mustbesecure) {
validator_log(val, ISC_LOG_WARNING,
"must be secure failure");
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
fc4f4d32ce4b1a90e7e68ed631842990
>
files
>
58
