Commit c1e88f8d authored by Evan Hunt's avatar Evan Hunt
Browse files

[master] fix rndc replay protection

3519.	[func]		Full replay protection via four-way handshake is
			now mandatory for rndc clients. Very old versions
			of rndc will no longer work. [RT #32798]
parent af21fc66
3519. [func] Full replay protection via four-way handshake is
now mandatory for rndc clients. Very old versions
of rndc will no longer work. [RT #32798]
3518. [bug] Increase the size of dns_rrl_key.s.rtype by one bit 3518. [bug] Increase the size of dns_rrl_key.s.rtype by one bit
so that all dns_rrl_rtype_t enum values fit regardless so that all dns_rrl_rtype_t enum values fit regardless
of whether it is teated as signed or unsigned by of whether it is teated as signed or unsigned by
......
...@@ -439,14 +439,17 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { ...@@ -439,14 +439,17 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
goto cleanup_request; goto cleanup_request;
} }
isc_buffer_init(&text, textarray, sizeof(textarray));
/* /*
* Establish nonce. * Establish nonce.
*/ */
while (conn->nonce == 0) if (conn->nonce == 0) {
isc_random_get(&conn->nonce); while (conn->nonce == 0)
isc_random_get(&conn->nonce);
isc_buffer_init(&text, textarray, sizeof(textarray)); eresult = ISC_R_SUCCESS;
eresult = ns_control_docommand(request, &text); } else
eresult = ns_control_docommand(request, &text);
result = isccc_cc_createresponse(request, now, now + 60, &response); result = isccc_cc_createresponse(request, now, now + 60, &response);
if (result != ISC_R_SUCCESS) if (result != ISC_R_SUCCESS)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment