rpms / glibc

Clone
Source Code
GIT

Files

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-armhfp c7-beta c8 c8-beta c8s c8s-sig-hyperscale-intel c9 c9-beta
  1.   c7
  2.   SOURCES
  3.   glibc-rh1186620.patch
Blob Blame History Raw 
commit 3e3002ffead0526d088c353f97475400367087da
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Tue Feb 24 12:57:26 2015 +0530

    Skip logging for DNSSEC responses [BZ 14841]
    
    DNSSEC defines a number of response types that one me expect when the
    DO bit is set.  We don't process any of them, but since we do allow
    setting the DO bit, skip them without logging an error since it is
    only a nuisance.
    
    Tested on x86_64.
    
    	[BZ #14841]
    	* resolv/gethnamaddr.c (getanswer): Skip logging if
    	RES_USE_DNSSEC is set.
    	* resolv/nss_dns/dns-host.c (getanswer_r): Likewise.

diff --git glibc-2.17-c758a686/resolv/gethnamaddr.c glibc-2.17-c758a686/resolv/gethnamaddr.c
index a861a84..7fd0e49 100644
--- glibc-2.17-c758a686/resolv/gethnamaddr.c
+++ glibc-2.17-c758a686/resolv/gethnamaddr.c
@@ -331,23 +331,18 @@ getanswer (const querybuf *answer, int anslen, const char *qname, int qtype)
 			buflen -= n;
 			continue;
 		}
-		if ((type == T_SIG) || (type == T_KEY) || (type == T_NXT)) {
-			/* We don't support DNSSEC yet.  For now, ignore
-			 * the record and send a low priority message
-			 * to syslog.
-			 */
-			syslog(LOG_DEBUG|LOG_AUTH,
-	       "gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"",
-			       qname, p_class(C_IN), p_type(qtype),
-			       p_type(type));
-			cp += n;
-			continue;
-		}
 		if (type != qtype) {
-			syslog(LOG_NOTICE|LOG_AUTH,
+			/* Log a low priority message if we get an unexpected
+			 * record, but skip it if we are using DNSSEC since it
+			 * uses many different types in responses that do not
+			 * match QTYPE.
+			 */
+			if ((_res.options & RES_USE_DNSSEC) == 0) {
+				syslog(LOG_NOTICE|LOG_AUTH,
 	       "gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"",
-			       qname, p_class(C_IN), p_type(qtype),
-			       p_type(type));
+					qname, p_class(C_IN), p_type(qtype),
+					p_type(type));
+			}
 			cp += n;
 			continue;		/* XXX - had_error++ ? */
 		}
diff --git glibc-2.17-c758a686/resolv/nss_dns/dns-host.c glibc-2.17-c758a686/resolv/nss_dns/dns-host.c
index f715ab0..b16b0dd 100644
--- glibc-2.17-c758a686/resolv/nss_dns/dns-host.c
+++ glibc-2.17-c758a686/resolv/nss_dns/dns-host.c
@@ -820,26 +820,19 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
 	  linebuflen -= n;
 	  continue;
 	}
-      if (__builtin_expect (type == T_SIG, 0)
-	  || __builtin_expect (type == T_KEY, 0)
-	  || __builtin_expect (type == T_NXT, 0))
-	{
-	  /* We don't support DNSSEC yet.  For now, ignore the record
-	     and send a low priority message to syslog.  */
-	  syslog (LOG_DEBUG | LOG_AUTH,
-	       "gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"",
-		  qname, p_class (C_IN), p_type(qtype), p_type (type));
-	  cp += n;
-	  continue;
-	}
 
       if (type == T_A && qtype == T_AAAA && map)
 	have_to_map = 1;
       else if (__builtin_expect (type != qtype, 0))
 	{
-	  syslog (LOG_NOTICE | LOG_AUTH,
-	       "gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"",
-		  qname, p_class (C_IN), p_type (qtype), p_type (type));
+	  /* Log a low priority message if we get an unexpected record, but
+	     skip it if we are using DNSSEC since it uses many different types
+	     in responses that do not match QTYPE.  */
+	  if ((_res.options & RES_USE_DNSSEC) == 0)
+	    syslog (LOG_NOTICE | LOG_AUTH,
+		    "gethostby*.getanswer: asked for \"%s %s %s\", "
+		    "got type \"%s\"",
+		    qname, p_class (C_IN), p_type (qtype), p_type (type));
 	  cp += n;
 	  continue;			/* XXX - had_error++ ? */
 	}

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation