ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

[master] fix md5 key id computation

Browse Source 
3630.	[bug]		Ensure correct ID computation for MD5 keys. [RT #33033]
This commit is contained in:
Evan Hunt
2013-08-13 16:03:42 -07:00
parent 9054d0bb03
commit 5d4343a998
4 changed files with 30 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@@ -1,3 +1,5 @@
3630. [bug] Ensure correct ID computation for MD5 keys. [RT #33033]
3629. [func] Allow the printing of cryptographic fields in DNSSEC
records by dig to be suppressed (dig +nocrypto).
[RT #34534]

9
lib/dns/rdata/generic/dnskey_48.c
View File

@@ -193,6 +193,15 @@ fromwire_dnskey(ARGS_FROMWIRE) {
dns_name_init(&name, NULL);
RETERR(dns_name_fromwire(&name, source, dctx, options, target));
}
/*
* RSAMD5 computes key ID differently from other
* algorithms: we need to ensure there's enough data
* present for the computation
*/
if (algorithm == DST_ALG_RSAMD5 && sr.length < 3)
return (ISC_R_UNEXPECTEDEND);
isc_buffer_activeregion(source, &sr);
isc_buffer_forward(source, sr.length);
return (mem_tobuffer(target, sr.base, sr.length));

9
lib/dns/rdata/generic/key_25.c
View File

@@ -176,6 +176,15 @@ fromwire_key(ARGS_FROMWIRE) {
dns_name_init(&name, NULL);
RETERR(dns_name_fromwire(&name, source, dctx, options, target));
}
/*
* RSAMD5 computes key ID differently from other
* algorithms: we need to ensure there's enough data
* present for the computation
*/
if (algorithm == DST_ALG_RSAMD5 && sr.length < 3)
return (ISC_R_UNEXPECTEDEND);
isc_buffer_activeregion(source, &sr);
isc_buffer_forward(source, sr.length);
return (mem_tobuffer(target, sr.base, sr.length));

10
lib/dns/rdata/generic/keydata_65533.c
View File

@@ -185,6 +185,7 @@ totext_keydata(ARGS_TOTEXT) {
static inline isc_result_t
fromwire_keydata(ARGS_FROMWIRE) {
isc_region_t sr;
unsigned char algorithm;
REQUIRE(type == 65533);
@@ -197,6 +198,15 @@ fromwire_keydata(ARGS_FROMWIRE) {
if (sr.length < 16)
return (ISC_R_UNEXPECTEDEND);
/*
* RSAMD5 computes key ID differently from other
* algorithms: we need to ensure there's enough data
* present for the computation
*/
algorithm = sr.base[15];
if (algorithm == DST_ALG_RSAMD5 && sr.length < 19)
return (ISC_R_UNEXPECTEDEND);
isc_buffer_forward(source, sr.length);
return (mem_tobuffer(target, sr.base, sr.length));
}