nsec3 cover problems (#804)

* nsec3 cover fix * nsec3 cover fix test * nsec3 covered empty intervals * nsec3 another condition * nsec3 empty interval wildcard test * nsec3 empty interval comment
2018-11-13 23:30:58 +00:00 · 2018-11-13 23:30:58 +00:00 · 043a442757
parent 7064f7248f
commit 043a442757
2 changed files with 16 additions and 2 deletions
--- a/nsecx.go
+++ b/nsecx.go
@ -63,8 +63,10 @@ func (rr *NSEC3) Cover(name string) bool {
 	}

 	nextHash := rr.NextDomain
-	if ownerHash == nextHash { // empty interval
-		return false
+
+	// if empty interval found, try cover wildcard hashes so nameHash shouldn't match with ownerHash
+	if ownerHash == nextHash && nameHash != ownerHash { // empty interval
+		return true
 	}
 	if ownerHash > nextHash { // end of zone
 		if nameHash > ownerHash { // covered since there is nothing after ownerHash
--- a/nsecx_test.go
+++ b/nsecx_test.go
@ -112,6 +112,18 @@ func TestNsec3(t *testing.T) {
 			name:   "asd.com.",
 			covers: false,
 		},
+		{ // empty interval wildcard
+			rr: &NSEC3{
+				Hdr:        RR_Header{Name: "2n1tb3vairuobl6rkdvii42n9tfmialp.com."},
+				Hash:       1,
+				Flags:      1,
+				Iterations: 5,
+				Salt:       "F10E9F7EA83FC8F3",
+				NextDomain: "2N1TB3VAIRUOBL6RKDVII42N9TFMIALP",
+			},
+			name:   "*.asd.com.",
+			covers: true,
+		},
 		{ // name hash is before owner hash, not covered
 			rr: &NSEC3{
 				Hdr:        RR_Header{Name: "3V62ULR0NRE83V0RJA2VJGTLIF9V6RAB.com."},