aboutsummaryrefslogtreecommitdiff
path: root/contrib/bind9/lib/dns/validator.c
diff options
context:
space:
mode:
authorSimon L. B. Nielsen <simon@FreeBSD.org>2010-01-06 21:45:30 +0000
committerSimon L. B. Nielsen <simon@FreeBSD.org>2010-01-06 21:45:30 +0000
commit1a707c0e67da562b02571106a36b14538caa6783 (patch)
tree5180e9822bf73978372743230c6a3624f07db14d /contrib/bind9/lib/dns/validator.c
parent3bcabf8f98591dc2c38dcb7eaf591d9954d296db (diff)
Fix BIND named(8) cache poisoning with DNSSEC validation.releng/6.3
[SA-10:01] Fix ntpd mode 7 denial of service. [SA-10:02] Fix ZFS ZIL playback with insecure permissions. [SA-10:03] Various FreeBSD 8.0-RELEASE improvements. [EN-10:01] Security: FreeBSD-SA-10:01.bind Security: FreeBSD-SA-10:02.ntpd Security: FreeBSD-SA-10:03.zfs Errata: FreeBSD-EN-10:01.freebsd Approved by: so (simon)
Notes
Notes: svn path=/releng/6.3/; revision=201679
Diffstat (limited to 'contrib/bind9/lib/dns/validator.c')
-rw-r--r--contrib/bind9/lib/dns/validator.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/contrib/bind9/lib/dns/validator.c b/contrib/bind9/lib/dns/validator.c
index 571ad791e7b6..4b40a8fa46be 100644
--- a/contrib/bind9/lib/dns/validator.c
+++ b/contrib/bind9/lib/dns/validator.c
@@ -235,7 +235,7 @@ auth_nonpending(dns_message_t *message) {
rdataset != NULL;
rdataset = ISC_LIST_NEXT(rdataset, link))
{
- if (rdataset->trust == dns_trust_pending)
+ if (DNS_TRUST_PENDING(rdataset->trust))
rdataset->trust = dns_trust_authauthority;
}
}
@@ -1146,7 +1146,7 @@ get_key(dns_validator_t *val, dns_rdata_rrsig_t *siginfo) {
* We have an rrset for the given keyname.
*/
val->keyset = &val->frdataset;
- if (val->frdataset.trust == dns_trust_pending &&
+ if (DNS_TRUST_PENDING(val->frdataset.trust) &&
dns_rdataset_isassociated(&val->fsigrdataset))
{
/*
@@ -1161,7 +1161,7 @@ get_key(dns_validator_t *val, dns_rdata_rrsig_t *siginfo) {
if (result != ISC_R_SUCCESS)
return (result);
return (DNS_R_WAIT);
- } else if (val->frdataset.trust == dns_trust_pending) {
+ } else if (DNS_TRUST_PENDING(val->frdataset.trust)) {
/*
* Having a pending key with no signature means that
* something is broken.
@@ -1723,7 +1723,7 @@ validatezonekey(dns_validator_t *val) {
* We have DS records.
*/
val->dsset = &val->frdataset;
- if (val->frdataset.trust == dns_trust_pending &&
+ if (DNS_TRUST_PENDING(val->frdataset.trust) &&
dns_rdataset_isassociated(&val->fsigrdataset))
{
result = create_validator(val,
@@ -1736,7 +1736,7 @@ validatezonekey(dns_validator_t *val) {
if (result != ISC_R_SUCCESS)
return (result);
return (DNS_R_WAIT);
- } else if (val->frdataset.trust == dns_trust_pending) {
+ } else if (DNS_TRUST_PENDING(val->frdataset.trust)) {
/*
* There should never be an unsigned DS.
*/
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-11 20:52:24 +0000