A TSIG record's class should be ANY, not that of the question

1999-07-26 17:00:34 +00:00
parent f3b5ca5aae
commit 991322a2ab
1 changed files with 3 additions and 0 deletions
--- a/lib/dns/message.c
+++ b/lib/dns/message.c
@@ -928,6 +928,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
 		 * section, bail.
 		 */
 		if (msg->opcode != dns_opcode_update
+		    && rdtype != dns_rdatatype_tsig
 		    && msg->rdclass != rdclass)
 			return (DNS_R_FORMERR);

@@ -938,6 +939,8 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
 		if (rdtype == dns_rdatatype_tsig) {
 			if (sectionid != DNS_SECTION_ADDITIONAL)
 				return (DNS_R_FORMERR);
+			if (rdclass != dns_rdataclass_any)
+				return (DNS_R_FORMERR);
 			section = &msg->sections[DNS_SECTION_TSIG];
 		}