mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-10-28 20:25:25 +03:00
resolved: packet - refuse empty type bitmaps
The NSEC type itself must at least be in the bitmap, so NSEC records with empty bitmaps must be bogus.
This commit is contained in:
parent
2ad613addb
commit
bfcc67093d
@ -1666,8 +1666,12 @@ int dns_packet_read_rr(DnsPacket *p, DnsResourceRecord **ret, size_t *start) {
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
/* NSEC RRs with empty bitmpas makes no sense, but the RFC does not explicitly forbid them
|
/* The types bitmap must contain at least the NSEC record itself, so an empty bitmap means
|
||||||
so we allow it */
|
something went wrong */
|
||||||
|
if (bitmap_isclear(rr->nsec.types)) {
|
||||||
|
r = -EBADMSG;
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user