ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Fix algorithm rollover bug wrt keytag conflicts

Browse Source 
If there is an algorithm rollover and two keys of different algorithm
share the same keytags, then there is a possibility that if we check
that a key matches a specific state, we are checking against the wrong
key.

Fix this by not only checking for matching key id but also key
algorithm.
This commit is contained in:
Matthijs Mekking
2024-08-21 17:14:48 +02:00
parent 7bb6d82505
commit f37eb33f29
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/dns/keymgr.c
View File

@@ -595,6 +595,7 @@ keymgr_key_match_state(dst_key_t *key, dst_key_t *subject, int type,
continue;
}
if (next_state != NA && i == type &&
dst_key_alg(key) == dst_key_alg(subject) &&
dst_key_id(key) == dst_key_id(subject))
{
/* Check next state rather than current state. */