mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-03 08:05:21 +00:00
Code Issues Releases Wiki Activity

The validator could fail when select_signing_key/get_dst_key failed

Browse Source 
to select the signing key because the algorithm was not supported
and the loop was prematurely aborted.
This commit is contained in:
Mark Andrews
2020-06-23 10:26:01 +10:00
committed by Matthijs Mekking
parent 30b85fe4a8
commit d475f3aeed
1 changed files with 17 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
lib/dns/validator.c
View File

@@ -1126,24 +1126,25 @@ select_signing_key(dns_validator_t *val, dns_rdataset_t *rdataset) {
INSIST(val->key == NULL); INSIST(val->key == NULL);
result = dst_key_fromdns(&siginfo->signer, rdata.rdclass, &b, result = dst_key_fromdns(&siginfo->signer, rdata.rdclass, &b,
val->view->mctx, &val->key); val->view->mctx, &val->key);
if (result != ISC_R_SUCCESS) { if (result == ISC_R_SUCCESS) {
goto failure; if (siginfo->algorithm ==
} (dns_secalg_t)dst_key_alg(val->key) &&
if (siginfo->algorithm == (dns_secalg_t)dst_key_alg(val->key) && siginfo->keyid ==
siginfo->keyid == (dns_keytag_t)dst_key_id(val->key) && (dns_keytag_t)dst_key_id(val->key) &&
dst_key_iszonekey(val->key)) dst_key_iszonekey(val->key))
{ {
if (foundold) { if (foundold) {
/* /*
* This is the key we're looking for. * This is the key we're looking for.
*/ */
return (ISC_R_SUCCESS); return (ISC_R_SUCCESS);
} else if (dst_key_compare(oldkey, val->key)) { } else if (dst_key_compare(oldkey, val->key)) {
foundold = true; foundold = true;
dst_key_free(&oldkey); dst_key_free(&oldkey);
}
} }
dst_key_free(&val->key);
} }
dst_key_free(&val->key);
dns_rdata_reset(&rdata); dns_rdata_reset(&rdata);
result = dns_rdataset_next(rdataset); result = dns_rdataset_next(rdataset);
} while (result == ISC_R_SUCCESS); } while (result == ISC_R_SUCCESS);