From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <824997a9f2cda909d1c0a19e4e6aa377@rei2.9hal>
Date: Wed, 29 Aug 2012 18:16:03 +0200
From: cinap_lenrek@gmx.de
To: 9fans@9fans.net
In-Reply-To: <29b5e5de98bbf11a690b6831b3cf0ea6@kw.quanstro.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Subject: Re: [9fans] dns poisoning
Topicbox-Message-UUID: b3953416-ead7-11e9-9d60-3106f5b1d025

you are right!

baddelegation() is checking for that, but it was not effective because it
bailed out before even entering that for loop because of:

	if(t == nil)
		t = lookupinfo("dom");
	if(t == nil)
		return 0;	<- delegation loop will not be checked :(

the following patch makes it work:

dblookup.c:799,806 - /sys/src/cmd/ndb/dblookup.c:799,804

  	if(t == nil)
  		t = lookupinfo("dom");
- 	if(t == nil)
- 		return 0;

  	for(; rp; rp = rp->next){
  		if(rp->type != Tns)
dblookup.c:816,821 - /sys/src/cmd/ndb/dblookup.c:814,822
  			return 1;
  		}

+ 		if(t == nil)
+ 			continue;
+
  		/* see if delegating to us what we don't own */
  		for(nt = t; nt != nil; nt = nt->entry)
  			if(rp->host && cistrcmp(rp->host->name, nt->val) == 0)
--
cinap