ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Sending a TSIG signed query with a TSIG algorithm that's not

Browse Source 
HMAC-MD5.SIG-ALG.REG.INT shouldn't crash the server.  Also, the description
of dns_tsigkey_create was wrong in at least one place, and the function
incorrectly returned an undocumented result.
This commit is contained in:
Brian Wellington
2000-07-28 23:27:01 +00:00
parent e0f23ee828
commit da786e7937
2 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/dns/include/dns/tsig.h
View File

@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: tsig.h,v 1.29 2000/07/27 23:56:41 bwelling Exp $ */
/* $Id: tsig.h,v 1.30 2000/07/28 23:27:01 bwelling Exp $ */
#ifndef DNS_TSIG_H
#define DNS_TSIG_H 1
@@ -82,13 +82,16 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
* not NULL, *key will contain a copy of the key. The keys validity
* period is specified by (inception, expire), and will not expire if
* inception == expire. If the key was generated, the creating identity,
* if there is one, should be in the creator parameter.
* if there is one, should be in the creator parameter. Specifying an
* unimplemented algorithm will cause failure only if length > 0; this
* allows a transient key with an invalid algorithm to exist long enough
* to generate a BADKEY response.
*
* Requires:
* 'name' is a valid dns_name_t
* 'algorithm' is a valid dns_name_t
* 'secret' is a valid pointer
* 'length' is an integer greater than 0
* 'length' is an integer >= 0
* 'creator' points to a valid dns_name_t or is NULL
* 'mctx' is a valid memory context
* 'ring' is a valid TSIG keyring or NULL

10
lib/dns/tsig.c
View File

@@ -16,7 +16,7 @@
*/
/*
* $Id: tsig.c,v 1.79 2000/07/28 00:01:59 bwelling Exp $
* $Id: tsig.c,v 1.80 2000/07/28 23:26:59 bwelling Exp $
* Principal Author: Brian Wellington
*/
@@ -87,8 +87,12 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
REQUIRE(mctx != NULL);
RUNTIME_CHECK(isc_once_do(&once, dns_tsig_inithmac) == ISC_R_SUCCESS);
if (!dns_name_equal(algorithm, DNS_TSIG_HMACMD5_NAME))
return (ISC_R_NOTFOUND);
if (!dns_name_equal(algorithm, DNS_TSIG_HMACMD5_NAME)) {
if (length != 0)
return (ISC_R_NOTIMPLEMENTED);
else
alg = 0;
}
else
alg = DST_ALG_HMACMD5;