From f37eb33f29ad50cead2673f4f7634839ef7e2a26 Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Wed, 21 Aug 2024 17:14:48 +0200 Subject: [PATCH] Fix algorithm rollover bug wrt keytag conflicts If there is an algorithm rollover and two keys of different algorithm share the same keytags, then there is a possibility that if we check that a key matches a specific state, we are checking against the wrong key. Fix this by not only checking for matching key id but also key algorithm. --- lib/dns/keymgr.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/dns/keymgr.c b/lib/dns/keymgr.c index 9e0f808dd8..3eb61185e8 100644 --- a/lib/dns/keymgr.c +++ b/lib/dns/keymgr.c @@ -595,6 +595,7 @@ keymgr_key_match_state(dst_key_t *key, dst_key_t *subject, int type, continue; } if (next_state != NA && i == type && + dst_key_alg(key) == dst_key_alg(subject) && dst_key_id(key) == dst_key_id(subject)) { /* Check next state rather than current state. */