diff --git a/CHANGES b/CHANGES index 7f97ebbda2..dc3011cdaf 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,7 @@ -3238. [bug] keyrdata was not being reinitialize in +3239. [bug] dns_dnssec_findmatchingkeys needs to use a consistent + timestamp. [RT #26883] + +3238. [bug] keyrdata was not being reinitialized in lib/dns/rbtdb.c:iszonesecure. [RT#26913] 3237. [bug] dig -6 didn't work with +trace. [RT #26906] diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c index 8bd3c2af5f..9eeac358e5 100644 --- a/lib/dns/dnssec.c +++ b/lib/dns/dnssec.c @@ -16,7 +16,7 @@ */ /* - * $Id: dnssec.c,v 1.125 2011/08/26 05:29:48 marka Exp $ + * $Id: dnssec.c,v 1.126 2011/12/07 22:36:25 marka Exp $ */ /*! \file */ @@ -1142,17 +1142,15 @@ dns_dnsseckey_destroy(isc_mem_t *mctx, dns_dnsseckey_t **dkp) { } static void -get_hints(dns_dnsseckey_t *key) { +get_hints(dns_dnsseckey_t *key, isc_stdtime_t now) { isc_result_t result; - isc_stdtime_t now, publish, active, revoke, inactive, delete; + isc_stdtime_t publish, active, revoke, inactive, delete; isc_boolean_t pubset = ISC_FALSE, actset = ISC_FALSE; isc_boolean_t revset = ISC_FALSE, inactset = ISC_FALSE; isc_boolean_t delset = ISC_FALSE; REQUIRE(key != NULL && key->key != NULL); - isc_stdtime_get(&now); - result = dst_key_gettime(key->key, DST_TIME_PUBLISH, &publish); if (result == ISC_R_SUCCESS) pubset = ISC_TRUE; @@ -1249,6 +1247,7 @@ dns_dnssec_findmatchingkeys(dns_name_t *origin, const char *directory, char namebuf[DNS_NAME_FORMATSIZE], *p; isc_buffer_t b; unsigned int len; + isc_stdtime_t now; REQUIRE(keylist != NULL); ISC_LIST_INIT(list); @@ -1264,6 +1263,8 @@ dns_dnssec_findmatchingkeys(dns_name_t *origin, const char *directory, RETERR(isc_dir_open(&dir, directory)); dir_open = ISC_TRUE; + isc_stdtime_get(&now); + while (isc_dir_read(&dir) == ISC_R_SUCCESS) { if (dir.entry.name[0] == 'K' && dir.entry.length > len + 1 && @@ -1294,7 +1295,7 @@ dns_dnssec_findmatchingkeys(dns_name_t *origin, const char *directory, RETERR(dns_dnsseckey_create(mctx, &dstkey, &key)); key->source = dns_keysource_repository; - get_hints(key); + get_hints(key, now); if (key->legacy) { dns_dnsseckey_destroy(mctx, &key);