mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 22:45:39 +00:00
Code Issues Releases Wiki Activity

fix check_data() usage

Browse Source 
3328.   [bug]           Fixed inconsistent data checking in dst_parse.c.
                        [RT #29401]
This commit is contained in:
Evan Hunt
2012-05-16 23:12:57 -07:00
parent 0175adabdc
commit 01695063c6
2 changed files with 23 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -1,3 +1,6 @@
3328. [bug] Fixed inconsistent data checking in dst_parse.c.
[RT #29401]
3327. [func] Added 'filter-aaaa-on-v6' option; this is similar 3327. [func] Added 'filter-aaaa-on-v6' option; this is similar
to 'filter-aaaa-on-v4' but applies to IPv6 to 'filter-aaaa-on-v4' but applies to IPv6
connections. (Use "configure --enable-filter-aaaa" connections. (Use "configure --enable-filter-aaaa"

26
lib/dns/dst_parse.c
View File

@@ -313,14 +313,19 @@ check_data(const dst_private_t *priv, const unsigned int alg,
switch (alg) { switch (alg) {
case DST_ALG_RSAMD5: case DST_ALG_RSAMD5:
case DST_ALG_RSASHA1: case DST_ALG_RSASHA1:
case DST_ALG_NSEC3RSASHA1:
case DST_ALG_RSASHA256:
case DST_ALG_RSASHA512:
return (check_rsa(priv)); return (check_rsa(priv));
case DST_ALG_DH: case DST_ALG_DH:
return (check_dh(priv)); return (check_dh(priv));
case DST_ALG_DSA: case DST_ALG_DSA:
case DST_ALG_NSEC3DSA:
return (check_dsa(priv)); return (check_dsa(priv));
case DST_ALG_ECCGOST: case DST_ALG_ECCGOST:
return (check_gost(priv)); return (check_gost(priv));
case DST_ALG_ECDSA256: case DST_ALG_ECDSA256:
case DST_ALG_ECDSA384:
return (check_ecdsa(priv)); return (check_ecdsa(priv));
case DST_ALG_HMACMD5: case DST_ALG_HMACMD5:
return (check_hmac_md5(priv, old)); return (check_hmac_md5(priv, old));
@@ -358,7 +363,7 @@ isc_result_t
dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex, dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
isc_mem_t *mctx, dst_private_t *priv) isc_mem_t *mctx, dst_private_t *priv)
{ {
int n = 0, major, minor; int n = 0, major, minor, check;
isc_buffer_t b; isc_buffer_t b;
isc_token_t token; isc_token_t token;
unsigned char *data = NULL; unsigned char *data = NULL;
@@ -528,8 +533,14 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
data = NULL; data = NULL;
} }
done: done:
if (check_data(priv, alg, ISC_TRUE) < 0) check = check_data(priv, alg, ISC_TRUE);
if (check < 0) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail; goto fail;
} else if (check != ISC_R_SUCCESS) {
ret = check;
goto fail;
}
return (ISC_R_SUCCESS); return (ISC_R_SUCCESS);
@@ -559,13 +570,16 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
REQUIRE(priv != NULL); REQUIRE(priv != NULL);
if (check_data(priv, dst_key_alg(key), ISC_FALSE) < 0) ret = check_data(priv, dst_key_alg(key), ISC_FALSE);
if (ret < 0)
return (DST_R_INVALIDPRIVATEKEY); return (DST_R_INVALIDPRIVATEKEY);
else if (ret != ISC_R_SUCCESS)
return (ret);
isc_buffer_init(&b, filename, sizeof(filename)); isc_buffer_init(&b, filename, sizeof(filename));
ret = dst_key_buildfilename(key, DST_TYPE_PRIVATE, directory, &b); result = dst_key_buildfilename(key, DST_TYPE_PRIVATE, directory, &b);
if (ret != ISC_R_SUCCESS) if (result != ISC_R_SUCCESS)
return (ret); return (result);
if ((fp = fopen(filename, "w")) == NULL) if ((fp = fopen(filename, "w")) == NULL)
return (DST_R_WRITEERROR); return (DST_R_WRITEERROR);