resolved: actually check authenticated flag of SOA transaction

msekletar · bluca · commit bb78da7f955c · 2023-12-24T10:01:00.000+01:00
Fixes #25676 (cherry picked from commit 3b4cc14) (cherry picked from commit 6da5ca9) (cherry picked from commit 0292727) (cherry picked from commit 5c149c7)
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
@@ -2817,7 +2817,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
                         if (r == 0)
                                 continue;
 
-                        return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
+                        return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
                 }
 
                 return true;
@@ -2844,7 +2844,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
                         /* We found the transaction that was supposed to find the SOA RR for us. It was
                          * successful, but found no RR for us. This means we are not at a zone cut. In this
                          * case, we require authentication if the SOA lookup was authenticated too. */
-                        return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
+                        return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
                 }
 
                 return true;

Original file line number	Diff line number	Diff line change
`@@ -2817,7 +2817,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction t, DnsResourceRecord `
`2817`	`2817`	`if (r == 0)`
`2818`	`2818`	`continue;`
`2819`	`2819`
`2820`		`- return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED);`
	`2820`	`+ return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED);`
`2821`	`2821`	`}`
`2822`	`2822`
`2823`	`2823`	`return true;`
`@@ -2844,7 +2844,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction t, DnsResourceRecord `
`2844`	`2844`	`/* We found the transaction that was supposed to find the SOA RR for us. It was`
`2845`	`2845`	`* successful, but found no RR for us. This means we are not at a zone cut. In this`
`2846`	`2846`	`* case, we require authentication if the SOA lookup was authenticated too. */`
`2847`		`- return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED);`
	`2847`	`+ return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED);`
`2848`	`2848`	`}`
`2849`	`2849`
`2850`	`2850`	`return true;`