diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2014-11-20 20:17:32 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2014-11-29 17:46:49 +0000 |
| commit | 734076a52c94c290826224e524f49be07d4476e1 (patch) | |
| tree | fb5f013f268ef5b02292748924e47fdd7cd7057d /src | |
| parent | a05f6ed694b44ab7d703c3607930344bbcde2901 (diff) | |
When following a CNAME chain, if any lookup is insecure the whole must be too
Diffstat (limited to 'src')
| -rw-r--r-- | src/src/dns.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/src/src/dns.c b/src/src/dns.c index ac52e5621..542354db3 100644 --- a/src/src/dns.c +++ b/src/src/dns.c @@ -455,6 +455,14 @@ return h->ad ? TRUE : FALSE; #endif } +static void +dns_set_insecure(dns_answer * dnsa) +{ +HEADER * h = (HEADER *)dnsa->answer; +h->ad = 0; +} + + @@ -752,7 +760,8 @@ int dns_lookup(dns_answer *dnsa, uschar *name, int type, uschar **fully_qualified_name) { int i; -uschar *orig_name = name; +const uschar *orig_name = name; +BOOL secure_so_far = TRUE; /* Loop to follow CNAME chains so far, but no further... */ @@ -825,6 +834,9 @@ for (i = 0; i < 10; i++) if (datalen < 0) return DNS_FAIL; name = data; + if (!dns_is_secure(dnsa)) + secure_so_far = FALSE; + DEBUG(D_dns) debug_printf("CNAME found: change to %s\n", name); } /* Loop back to do another lookup */ |