New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rec: Make sure that the ECS scope from the auth is < to the source #6605

merged 2 commits into from May 16, 2018


None yet
2 participants

rgacogne commented May 14, 2018

Short description

Don't accept an ECS scope more specific than the source we sent, if the authoritative server has gone mad.

  • Before: 53 IN CNAME ; (Insecure) auth=1
  • After: 29 IN CNAME ; (Insecure) auth=1


I have:

  • read the document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)

rgacogne added some commits Dec 14, 2017


zeha approved these changes May 15, 2018

I've quickly tested this; code also LGTM.

@rgacogne rgacogne merged commit a3983f4 into PowerDNS:master May 16, 2018

4 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
lgtm analysis: C/C++ No alert changes
lgtm analysis: JavaScript No alert changes
lgtm analysis: Python No alert changes

@rgacogne rgacogne deleted the rgacogne:rec-cap-ecs-scope branch May 16, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment