diff options
Diffstat (limited to 'lib/dns/validator.c')
| -rw-r--r-- | lib/dns/validator.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/lib/dns/validator.c b/lib/dns/validator.c index 46a74919c825..ce49daf2eb10 100644 --- a/lib/dns/validator.c +++ b/lib/dns/validator.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: validator.c,v 1.164.12.9.8.1 2009/11/18 23:58:04 marka Exp $ */ +/* $Id: validator.c,v 1.164.12.9.8.2 2009/12/31 20:29:21 each Exp $ */ #include <config.h> @@ -3242,20 +3242,20 @@ proveunsecure(dns_validator_t *val, isc_boolean_t have_ds, isc_boolean_t resume) if (val->havedlvsep) dns_name_copy(dns_fixedname_name(&val->dlvsep), secroot, NULL); else { + unsigned int labels; dns_name_copy(val->event->name, secroot, NULL); /* * If this is a response to a DS query, we need to look in * the parent zone for the trust anchor. */ - if (val->event->type == dns_rdatatype_ds && - dns_name_countlabels(secroot) > 1U) - dns_name_split(secroot, 1, NULL, secroot); + + labels = dns_name_countlabels(secroot); + if (val->event->type == dns_rdatatype_ds && labels > 1U) + dns_name_getlabelsequence(secroot, 1, labels - 1, + secroot); result = dns_keytable_finddeepestmatch(val->keytable, secroot, secroot); - if (result == ISC_R_NOTFOUND) { - validator_log(val, ISC_LOG_DEBUG(3), - "not beneath secure root"); if (val->mustbesecure) { validator_log(val, ISC_LOG_WARNING, "must be secure failure"); |