packethandler: Compare TSIG key name using DNSName

author Aki Tuomi <cmouse@cmouse.fi>

Fri, 12 Jul 2019 09:34:45 +0000 (12:34 +0300)

committer Aki Tuomi <cmouse@cmouse.fi>

Mon, 15 Jul 2019 19:29:19 +0000 (22:29 +0300)
author Aki Tuomi <cmouse@cmouse.fi>
Fri, 12 Jul 2019 09:34:45 +0000 (12:34 +0300)
committer Aki Tuomi <cmouse@cmouse.fi>
Mon, 15 Jul 2019 19:29:19 +0000 (22:29 +0300)
diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc

index fc15f5aad314eff90fca552427419b9e3e071e79..0b60e81443d2b8f1f534556603e188fd561d2a30 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -873,8 +873,9 @@ int PacketHandler::processNotify(DNSPacket *p)
      }
      vector<string> meta;
      if (B.getDomainMetadata(p->qdomain,"AXFR-MASTER-TSIG",meta) && meta.size() > 0) {
-      if (!pdns_iequals(meta[0], p->getTSIGKeyname().toStringNoDot())) {
-        g_log<<Logger::Warning<<"Received secure NOTIFY for "<<p->qdomain<<" from "<<p->getRemote()<<": expected TSIG key '"<<meta[0]<<", got '"<<p->getTSIGKeyname()<<"' (Refused)"<<endl;
+      DNSName expected{meta[0]};
+      if (p->getTSIGKeyname() != expected) {
+        g_log<<Logger::Warning<<"Received secure NOTIFY for "<<p->qdomain<<" from "<<p->getRemote()<<": expected TSIG key '"<<expected<<"', got '"<<p->getTSIGKeyname()<<"' (Refused)"<<endl;
          return RCode::Refused;
        }
      }
author	Aki Tuomi <cmouse@cmouse.fi>
	Fri, 12 Jul 2019 09:34:45 +0000 (12:34 +0300)
committer	Aki Tuomi <cmouse@cmouse.fi>
	Mon, 15 Jul 2019 19:29:19 +0000 (22:29 +0300)