Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
BIND
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
583
Issues
583
List
Boards
Labels
Service Desk
Milestones
Merge Requests
110
Merge Requests
110
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
ISC Open Source Projects
BIND
Commits
4938f97c
Commit
4938f97c
authored
Feb 13, 2019
by
Mark Andrews
2
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
record when querytsig is valid
parent
0de6a383
Pipeline
#10156
passed with stages
in 28 minutes and 33 seconds
Changes
1
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
7 additions
and
45 deletions
+7
-45
lib/dns/tsig.c
lib/dns/tsig.c
+7
-45
No files found.
lib/dns/tsig.c
View file @
4938f97c
...
...
@@ -830,6 +830,7 @@ dns_tsig_sign(dns_message_t *msg) {
unsigned
char
header
[
DNS_MESSAGE_HEADERLEN
];
isc_buffer_t
headerbuf
;
uint16_t
digestbits
;
bool
querytsig_ok
=
false
;
/*
* If it is a response, we assume that the request MAC
...
...
@@ -876,14 +877,8 @@ dns_tsig_sign(dns_message_t *msg) {
ret
=
dst_context_adddata
(
ctx
,
&
r
);
if
(
ret
!=
ISC_R_SUCCESS
)
goto
cleanup_context
;
querytsig_ok
=
true
;
}
#if defined(__clang__) && \
( __clang_major__ < 3 || \
(__clang_major__ == 3 && __clang_minor__ < 2) || \
(__clang_major__ == 4 && __clang_minor__ < 2))
/* false positive: http://llvm.org/bugs/show_bug.cgi?id=14461 */
else
memset
(
&
querytsig
,
0
,
sizeof
(
querytsig
));
#endif
/*
* Digest the header.
...
...
@@ -929,8 +924,7 @@ dns_tsig_sign(dns_message_t *msg) {
}
/* Digest the timesigned and fudge */
isc_buffer_clear
(
&
databuf
);
if
(
tsig
.
error
==
dns_tsigerror_badtime
)
{
INSIST
(
response
);
if
(
tsig
.
error
==
dns_tsigerror_badtime
&&
querytsig_ok
)
{
tsig
.
timesigned
=
querytsig
.
timesigned
;
}
isc_buffer_putuint48
(
&
databuf
,
tsig
.
timesigned
);
...
...
@@ -981,19 +975,8 @@ dns_tsig_sign(dns_message_t *msg) {
dst_context_destroy
(
&
ctx
);
digestbits
=
dst_key_getbits
(
key
->
key
);
if
(
digestbits
!=
0
)
{
/*
* XXXRAY: Is this correct? What is the
* expected behavior when digestbits is not an
* integral multiple of 8? It looks like bytes
* should either be (digestbits/8) or
* (digestbits+7)/8.
*
* In any case, for current algorithms,
* digestbits are an integral multiple of 8, so
* it has the same effect as (digestbits/8).
*/
unsigned
int
bytes
=
(
digestbits
+
1
)
/
8
;
if
(
response
&&
bytes
<
querytsig
.
siglen
)
unsigned
int
bytes
=
(
digestbits
+
7
)
/
8
;
if
(
querytsig_ok
&&
bytes
<
querytsig
.
siglen
)
bytes
=
querytsig
.
siglen
;
if
(
bytes
>
isc_buffer_usedlength
(
&
sigbuf
))
bytes
=
isc_buffer_usedlength
(
&
sigbuf
);
...
...
@@ -1372,18 +1355,8 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
if
(
dns__tsig_algvalid
(
alg
))
{
uint16_t
digestbits
=
dst_key_getbits
(
key
);
/*
* XXXRAY: Is this correct? What is the expected
* behavior when digestbits is not an integral multiple
* of 8? It looks like bytes should either be
* (digestbits/8) or (digestbits+7)/8.
*
* In any case, for current algorithms, digestbits are
* an integral multiple of 8, so it has the same effect
* as (digestbits/8).
*/
if
(
tsig
.
siglen
>
0
&&
digestbits
!=
0
&&
tsig
.
siglen
<
((
digestbits
+
1
)
/
8
))
tsig
.
siglen
<
((
digestbits
+
7
)
/
8
))
{
msg
->
tsigstatus
=
dns_tsigerror_badtrunc
;
tsig_log
(
msg
->
tsigkey
,
2
,
...
...
@@ -1676,19 +1649,8 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
if
(
dns__tsig_algvalid
(
alg
))
{
uint16_t
digestbits
=
dst_key_getbits
(
key
);
/*
* XXXRAY: Is this correct? What is the
* expected behavior when digestbits is not an
* integral multiple of 8? It looks like bytes
* should either be (digestbits/8) or
* (digestbits+7)/8.
*
* In any case, for current algorithms,
* digestbits are an integral multiple of 8, so
* it has the same effect as (digestbits/8).
*/
if
(
tsig
.
siglen
>
0
&&
digestbits
!=
0
&&
tsig
.
siglen
<
((
digestbits
+
1
)
/
8
))
tsig
.
siglen
<
((
digestbits
+
7
)
/
8
))
{
msg
->
tsigstatus
=
dns_tsigerror_badtrunc
;
tsig_log
(
msg
->
tsigkey
,
2
,
...
...
Mark Andrews
@marka
mentioned in commit
9bdad7dc
·
Nov 05, 2019
mentioned in commit
9bdad7dc
mentioned in commit 9bdad7dc2671269d345962a04722be1997b3b26a
Toggle commit list
Mark Andrews
@marka
mentioned in commit
16ad4442
·
Nov 05, 2019
mentioned in commit
16ad4442
mentioned in commit 16ad44420762d7eae06e4b4068c63e6872947b23
Toggle commit list
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment