From 1ac5fa17b0700a0756733ed0d010b1fa86663146 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Thu, 17 May 2012 16:31:59 -0700 Subject: [PATCH] fix check_data() usage 3328. [bug] Fixed inconsistent data checking in dst_parse.c. [RT #29401] --- CHANGES | 7 +++++++ lib/dns/dst_parse.c | 35 ++++++++++++++++++++++++----------- 2 files changed, 31 insertions(+), 11 deletions(-) diff --git a/CHANGES b/CHANGES index b0c5033989..46cf85c94c 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,14 @@ they fail to validate, we try again in lower case. [RT #27451] +<<<<<<< HEAD --- 9.6-ESV-R7 released --- +======= +3328. [bug] Fixed inconsistent data checking in dst_parse.c. + [RT #29401] + + --- 9.7.6 released --- +>>>>>>> fdfd260... fix check_data() usage 3318. [tuning] Reduce the amount of work performed while holding a bucket lock when finshed with a fetch context. diff --git a/lib/dns/dst_parse.c b/lib/dns/dst_parse.c index 5c2cf9333e..e0db5fe973 100644 --- a/lib/dns/dst_parse.c +++ b/lib/dns/dst_parse.c @@ -248,10 +248,14 @@ check_data(const dst_private_t *priv, const unsigned int alg, switch (alg) { case DST_ALG_RSAMD5: case DST_ALG_RSASHA1: + case DST_ALG_NSEC3RSASHA1: + case DST_ALG_RSASHA256: + case DST_ALG_RSASHA512: return (check_rsa(priv)); case DST_ALG_DH: return (check_dh(priv)); case DST_ALG_DSA: + case DST_ALG_NSEC3DSA: return (check_dsa(priv)); case DST_ALG_HMACMD5: return (check_hmac_md5(priv, old)); @@ -289,7 +293,7 @@ int dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex, isc_mem_t *mctx, dst_private_t *priv) { - int n = 0, major, minor; + int n = 0, major, minor, check; isc_buffer_t b; isc_token_t token; unsigned char *data = NULL; @@ -416,8 +420,14 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex, done: priv->nelements = n; - if (check_data(priv, alg, ISC_TRUE) < 0) + check = check_data(priv, alg, ISC_TRUE); + if (check < 0) { + ret = DST_R_INVALIDPRIVATEKEY; goto fail; + } else if (check != ISC_R_SUCCESS) { + ret = check; + goto fail; + } return (ISC_R_SUCCESS); @@ -436,7 +446,7 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv, { FILE *fp; int ret, i; - isc_result_t iret; + isc_result_t result; char filename[ISC_DIR_NAMEMAX]; char buffer[MAXFIELDSIZE * 2]; isc_buffer_t b; @@ -444,13 +454,16 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv, REQUIRE(priv != NULL); - if (check_data(priv, dst_key_alg(key), ISC_FALSE) < 0) + ret = check_data(priv, dst_key_alg(key), ISC_FALSE); + if (ret < 0) return (DST_R_INVALIDPRIVATEKEY); + else if (ret != ISC_R_SUCCESS) + return (ret); isc_buffer_init(&b, filename, sizeof(filename)); - ret = dst_key_buildfilename(key, DST_TYPE_PRIVATE, directory, &b); - if (ret != ISC_R_SUCCESS) - return (ret); + result = dst_key_buildfilename(key, DST_TYPE_PRIVATE, directory, &b); + if (result != ISC_R_SUCCESS) + return (result); if ((fp = fopen(filename, "w")) == NULL) return (DST_R_WRITEERROR); @@ -525,8 +538,8 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv, r.base = priv->elements[i].data; r.length = priv->elements[i].length; isc_buffer_init(&b, buffer, sizeof(buffer)); - iret = isc_base64_totext(&r, sizeof(buffer), "", &b); - if (iret != ISC_R_SUCCESS) { + result = isc_base64_totext(&r, sizeof(buffer), "", &b); + if (result != ISC_R_SUCCESS) { fclose(fp); return (DST_R_INVALIDPRIVATEKEY); } @@ -536,9 +549,9 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv, } fflush(fp); - iret = ferror(fp) ? DST_R_WRITEERROR : ISC_R_SUCCESS; + result = ferror(fp) ? DST_R_WRITEERROR : ISC_R_SUCCESS; fclose(fp); - return (iret); + return (result); } /*! \file */