diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 62d6d0c..343dc06 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -4757,7 +4757,7 @@ static isc_result_t
answer_response(fetchctx_t *fctx) {
isc_result_t result;
dns_message_t *message;
- dns_name_t *name, *dname = NULL, *qname, *dqname, tname, *ns_name;
+ dns_name_t *name, *dname = NULL, *qname, tname, *ns_name;
dns_name_t *cname = NULL;
dns_rdataset_t *rdataset, *ns_rdataset;
isc_boolean_t done, external, chaining, aa, found, want_chaining;
@@ -4765,7 +4765,7 @@ answer_response(fetchctx_t *fctx) {
isc_boolean_t wanted_chaining;
unsigned int aflag;
dns_rdatatype_t type;
- dns_fixedname_t fdname, fqname, fqdname;
+ dns_fixedname_t fdname, fqname;
FCTXTRACE("answer_response");
@@ -4787,12 +4787,11 @@ answer_response(fetchctx_t *fctx) {
aa = ISC_TRUE;
else
aa = ISC_FALSE;
- dqname = qname = &fctx->name;
+ qname = &fctx->name;
type = fctx->type;
- dns_fixedname_init(&fqdname);
result = dns_message_firstname(message, DNS_SECTION_ANSWER);
while (!done && result == ISC_R_SUCCESS) {
- dns_namereln_t namereln, dnamereln;
+ dns_namereln_t namereln;
int order;
unsigned int nlabels;
@@ -4800,8 +4799,6 @@ answer_response(fetchctx_t *fctx) {
dns_message_currentname(message, DNS_SECTION_ANSWER, &name);
external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
namereln = dns_name_fullcompare(qname, name, &order, &nlabels);
- dnamereln = dns_name_fullcompare(dqname, name, &order,
- &nlabels);
if (namereln == dns_namereln_equal) {
wanted_chaining = ISC_FALSE;
for (rdataset = ISC_LIST_HEAD(name->list);
@@ -4988,7 +4985,20 @@ answer_response(fetchctx_t *fctx) {
return (DNS_R_FORMERR);
}
- if (dnamereln != dns_namereln_subdomain) {
+ /*
+ * If DNAME + synthetic CNAME then the
+ * namereln is dns_namereln_subdomain.
+ *
+ * If synthetic CNAME + DNAME then the
+ * namereln is dns_namereln_commonancestor
+ * and the number of label must match the
+ * DNAME. This order is not RFC compliant.
+ */
+
+ if (namereln != dns_namereln_subdomain &&
+ (namereln != dns_namereln_commonancestor ||
+ nlabels != dns_name_countlabels(name)))
+ {
return (DNS_R_FORMERR);
}
@@ -4996,7 +5006,7 @@ answer_response(fetchctx_t *fctx) {
if (rdataset->type == dns_rdatatype_dname) {
want_chaining = ISC_TRUE;
aflag = DNS_RDATASETATTR_ANSWER;
- result = dname_target(rdataset, dqname,
+ result = dname_target(rdataset, qname,
nlabels, &fdname);
if (result == ISC_R_NOSPACE) {
/*
@@ -5011,8 +5021,6 @@ answer_response(fetchctx_t *fctx) {
dnameset = rdataset;
dname = dns_fixedname_name(&fdname);
- dqname = dns_fixedname_name(&fqdname);
- dns_name_copy(dname, dqname, NULL);
} else {
/*
* We've found a signature that
@@ -5153,7 +5161,8 @@ answer_response(fetchctx_t *fctx) {
rdataset->trust =
dns_trust_additional;
- if (rdataset->type == dns_rdatatype_ns) {
+ if (rdataset->type == dns_rdatatype_ns)
+ {
ns_name = name;
ns_rdataset = rdataset;
}
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
media
>
main-src
>
by-pkgid
>
a0ef309aba3a78d3350b149f382e72aa
>
files
>
81
