dnssec verification of cached sets was failing, since the ttl from the

rdataset was used instead of the ttl from the sig record. Also found and fixed an unchecked memory allocation.
2000-04-11 18:04:35 +00:00
parent 864a05fa26
commit d0e69984a9
1 changed files with 6 additions and 4 deletions
--- a/lib/dns/dnssec.c
+++ b/lib/dns/dnssec.c
@@ -16,7 +16,7 @@
 */

 /*
- * $Id: dnssec.c,v 1.26 2000/04/06 22:01:55 explorer Exp $
+ * $Id: dnssec.c,v 1.27 2000/04/11 18:04:35 bwelling Exp $
 * Principal Author: Brian Wellington
 */

@@ -136,12 +136,14 @@ rdataset_to_sortedarray(dns_rdataset_t *set, isc_mem_t *mctx,
 	while (dns_rdataset_next(set) == ISC_R_SUCCESS)
 		n++;

+	data = isc_mem_get(mctx, n * sizeof(dns_rdata_t));
+	if (data == NULL)
+		return (ISC_R_NOMEMORY);
+
 	ret = dns_rdataset_first(set);
 	if (ret != ISC_R_SUCCESS)
 		return (ret);

-	data = isc_mem_get(mctx, n * sizeof(dns_rdata_t));
-
 	/* put them in the array */
 	do {
 		dns_rdataset_current(set, &data[i++]);
@@ -405,7 +407,7 @@ dns_dnssec_verify(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
 	isc_buffer_add(&envbuf, r.length);
 	isc_buffer_putuint16(&envbuf, set->type);
 	isc_buffer_putuint16(&envbuf, set->rdclass);
-	isc_buffer_putuint32(&envbuf, set->ttl);
+	isc_buffer_putuint32(&envbuf, sig.originalttl);

 	memset(&dctx, 0, sizeof(dctx));
 	dctx.key = key;