Commit c1e88f8d authored by Evan Hunt's avatar Evan Hunt
Browse files

[master] fix rndc replay protection

3519.	[func]		Full replay protection via four-way handshake is
			now mandatory for rndc clients. Very old versions
			of rndc will no longer work. [RT #32798]
parent af21fc66
3519. [func] Full replay protection via four-way handshake is
now mandatory for rndc clients. Very old versions
of rndc will no longer work. [RT #32798]
3518. [bug] Increase the size of dns_rrl_key.s.rtype by one bit
so that all dns_rrl_rtype_t enum values fit regardless
of whether it is teated as signed or unsigned by
......
......@@ -439,14 +439,17 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
goto cleanup_request;
}
isc_buffer_init(&text, textarray, sizeof(textarray));
/*
* Establish nonce.
*/
while (conn->nonce == 0)
isc_random_get(&conn->nonce);
isc_buffer_init(&text, textarray, sizeof(textarray));
eresult = ns_control_docommand(request, &text);
if (conn->nonce == 0) {
while (conn->nonce == 0)
isc_random_get(&conn->nonce);
eresult = ISC_R_SUCCESS;
} else
eresult = ns_control_docommand(request, &text);
result = isccc_cc_createresponse(request, now, now + 60, &response);
if (result != ISC_R_SUCCESS)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment