New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rec: Make sure that the ECS scope from the auth is < to the source #6605

Merged
merged 2 commits into from May 16, 2018

Conversation

Projects
None yet
2 participants
@rgacogne
Member

rgacogne commented May 14, 2018

Short description

Don't accept an ECS scope more specific than the source we sent, if the authoritative server has gone mad.

  • Before:
secure.booking.com. 53 IN CNAME secure.c.booking.com. ; (Insecure) auth=1 127.0.0.1/128
  • After:
secure.booking.com. 29 IN CNAME secure.c.booking.com. ; (Insecure) auth=1 127.0.0.1/32

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)

rgacogne added some commits Dec 14, 2017

@zeha

zeha approved these changes May 15, 2018

I've quickly tested this; code also LGTM.

@rgacogne rgacogne merged commit a3983f4 into PowerDNS:master May 16, 2018

4 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
lgtm analysis: C/C++ No alert changes
Details
lgtm analysis: JavaScript No alert changes
Details
lgtm analysis: Python No alert changes
Details

@rgacogne rgacogne deleted the rgacogne:rec-cap-ecs-scope branch May 16, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment