2706. [bug] Loading a zone with a very large NSEC3 salt could
trigger an assert. [RT #20368]
This commit is contained in:
Evan Hunt
3
CHANGES
3
CHANGES
@@ -1,3 +1,6 @@
|
||||
2706. [bug] Loading a zone with a very large NSEC3 salt could
|
||||
trigger an assert. [RT #20368]
|
||||
|
||||
2705. [placeholder]
|
||||
|
||||
2704. [bug] Serial of dynamic and stub zones could be inconsistent
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: nsec3hash.c,v 1.5 2009/09/29 15:06:06 fdupont Exp $ */
|
||||
/* $Id: nsec3hash.c,v 1.6 2009/10/06 21:20:44 each Exp $ */
|
||||
|
||||
#include <config.h>
|
||||
|
||||
@@ -32,6 +32,7 @@
|
||||
|
||||
#include <dns/fixedname.h>
|
||||
#include <dns/name.h>
|
||||
#include <dns/nsec3.h>
|
||||
#include <dns/types.h>
|
||||
|
||||
const char *program = "nsec3hash";
|
||||
@@ -70,7 +71,7 @@ main(int argc, char **argv) {
|
||||
isc_region_t region;
|
||||
isc_result_t result;
|
||||
unsigned char hash[NSEC3_MAX_HASH_LENGTH];
|
||||
unsigned char salt[255];
|
||||
unsigned char salt[DNS_NSEC3_SALTSIZE];
|
||||
unsigned char text[1024];
|
||||
unsigned int hash_alg;
|
||||
unsigned int length;
|
||||
@@ -88,7 +89,7 @@ main(int argc, char **argv) {
|
||||
result = isc_hex_decodestring(argv[1], &buffer);
|
||||
check_result(result, "isc_hex_decodestring(salt)");
|
||||
salt_length = isc_buffer_usedlength(&buffer);
|
||||
if (salt_length > 255U)
|
||||
if (salt_length > DNS_NSEC3_SALTSIZE)
|
||||
fatal("salt too long");
|
||||
}
|
||||
hash_alg = atoi(argv[2]);
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: nsec3.h,v 1.7 2009/01/17 23:47:43 tbox Exp $ */
|
||||
/* $Id: nsec3.h,v 1.8 2009/10/06 21:20:45 each Exp $ */
|
||||
|
||||
#ifndef DNS_NSEC3_H
|
||||
#define DNS_NSEC3_H 1
|
||||
@@ -28,6 +28,8 @@
|
||||
#include <dns/rdatastruct.h>
|
||||
#include <dns/types.h>
|
||||
|
||||
#define DNS_NSEC3_SALTSIZE 255
|
||||
|
||||
/*
|
||||
* hash = 1, flags =1, iterations = 2, salt length = 1, salt = 255 (max)
|
||||
* hash length = 1, hash = 255 (max), bitmap = 8192 + 512 (max)
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: rbtdb.c,v 1.281 2009/10/03 23:48:10 tbox Exp $ */
|
||||
/* $Id: rbtdb.c,v 1.282 2009/10/06 21:20:45 each Exp $ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
@@ -383,7 +383,7 @@ typedef struct rbtdb_version {
|
||||
isc_uint8_t flags;
|
||||
isc_uint16_t iterations;
|
||||
isc_uint8_t salt_length;
|
||||
unsigned char salt[NSEC3_MAX_HASH_LENGTH];
|
||||
unsigned char salt[DNS_NSEC3_SALTSIZE];
|
||||
} rbtdb_version_t;
|
||||
|
||||
typedef ISC_LIST(rbtdb_version_t) rbtdb_versionlist_t;
|
||||
@@ -2075,8 +2075,6 @@ setnsec3parameters(dns_db_t *db, rbtdb_version_t *version,
|
||||
continue;
|
||||
#endif
|
||||
|
||||
INSIST(nsec3param.salt_length <=
|
||||
sizeof(version->salt));
|
||||
memcpy(version->salt, nsec3param.salt,
|
||||
nsec3param.salt_length);
|
||||
version->hash = nsec3param.hash;
|
||||
@@ -6656,8 +6654,8 @@ getnsec3parameters(dns_db_t *db, dns_dbversion_t *version, dns_hash_t *hash,
|
||||
if (rbtversion->havensec3) {
|
||||
if (hash != NULL)
|
||||
*hash = rbtversion->hash;
|
||||
if (salt != NULL && salt_length != 0) {
|
||||
REQUIRE(*salt_length > rbtversion->salt_length);
|
||||
if (salt != NULL && salt_length != NULL) {
|
||||
REQUIRE(*salt_length >= rbtversion->salt_length);
|
||||
memcpy(salt, rbtversion->salt, rbtversion->salt_length);
|
||||
}
|
||||
if (salt_length != NULL)
|
||||
|
||||
Reference in New Issue
Block a user