| 5088 |
|
dns_fixedname_t fixed; |
| 5089 |
|
dns_hash_t hash; |
| 5090 |
|
dns_name_t name; |
| 5091 |
< |
int order; |
| 5092 |
< |
unsigned int count; |
| 5091 |
> |
unsigned int skip = 0, labels; |
| 5092 |
|
dns_rdata_nsec3_t nsec3; |
| 5093 |
|
dns_rdata_t rdata = DNS_RDATA_INIT; |
| 5094 |
|
isc_boolean_t optout; |
| 5101 |
|
|
| 5102 |
|
dns_name_init(&name, NULL); |
| 5103 |
|
dns_name_clone(qname, &name); |
| 5104 |
+ |
labels = dns_name_countlabels(&name); |
| 5105 |
|
|
| 5106 |
|
/* |
| 5107 |
|
* Map unknown algorithm to known value. |
| 5133 |
|
dns_rdata_reset(&rdata); |
| 5134 |
|
optout = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0); |
| 5135 |
|
if (found != NULL && optout && |
| 5136 |
< |
dns_name_fullcompare(&name, dns_db_origin(db), &order, |
| 5137 |
< |
&count) == dns_namereln_subdomain) { |
| 5136 |
> |
dns_name_issubdomain(&name, dns_db_origin(db))) |
| 5137 |
> |
{ |
| 5138 |
|
dns_rdataset_disassociate(rdataset); |
| 5139 |
|
if (dns_rdataset_isassociated(sigrdataset)) |
| 5140 |
|
dns_rdataset_disassociate(sigrdataset); |
| 5141 |
< |
count = dns_name_countlabels(&name) - 1; |
| 5142 |
< |
dns_name_getlabelsequence(&name, 1, count, &name); |
| 5141 |
> |
skip++; |
| 5142 |
> |
dns_name_getlabelsequence(qname, skip, labels - skip, |
| 5143 |
> |
&name); |
| 5144 |
|
ns_client_log(client, DNS_LOGCATEGORY_DNSSEC, |
| 5145 |
|
NS_LOGMODULE_QUERY, ISC_LOG_DEBUG(3), |
| 5146 |
|
"looking for closest provable encloser"); |
| 5158 |
|
ns_client_log(client, DNS_LOGCATEGORY_DNSSEC, |
| 5159 |
|
NS_LOGMODULE_QUERY, ISC_LOG_WARNING, |
| 5160 |
|
"expected covering NSEC3, got an exact match"); |
| 5161 |
< |
if (found != NULL) |
| 5161 |
> |
if (found == qname) { |
| 5162 |
> |
if (skip != 0U) |
| 5163 |
> |
dns_name_getlabelsequence(qname, skip, labels - skip, |
| 5164 |
> |
found); |
| 5165 |
> |
} else if (found != NULL) |
| 5166 |
|
dns_name_copy(&name, found, NULL); |
| 5167 |
|
return; |
| 5168 |
|
} |
