Commit da786e79 authored by Brian Wellington's avatar Brian Wellington
Browse files

Sending a TSIG signed query with a TSIG algorithm that's not

HMAC-MD5.SIG-ALG.REG.INT shouldn't crash the server.  Also, the description
of dns_tsigkey_create was wrong in at least one place, and the function
incorrectly returned an undocumented result.
parent e0f23ee8
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: tsig.h,v 1.29 2000/07/27 23:56:41 bwelling Exp $ */
/* $Id: tsig.h,v 1.30 2000/07/28 23:27:01 bwelling Exp $ */
#ifndef DNS_TSIG_H
#define DNS_TSIG_H 1
......@@ -82,13 +82,16 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
* not NULL, *key will contain a copy of the key. The keys validity
* period is specified by (inception, expire), and will not expire if
* inception == expire. If the key was generated, the creating identity,
* if there is one, should be in the creator parameter.
* if there is one, should be in the creator parameter. Specifying an
* unimplemented algorithm will cause failure only if length > 0; this
* allows a transient key with an invalid algorithm to exist long enough
* to generate a BADKEY response.
*
* Requires:
* 'name' is a valid dns_name_t
* 'algorithm' is a valid dns_name_t
* 'secret' is a valid pointer
* 'length' is an integer greater than 0
* 'length' is an integer >= 0
* 'creator' points to a valid dns_name_t or is NULL
* 'mctx' is a valid memory context
* 'ring' is a valid TSIG keyring or NULL
......
......@@ -16,7 +16,7 @@
*/
/*
* $Id: tsig.c,v 1.79 2000/07/28 00:01:59 bwelling Exp $
* $Id: tsig.c,v 1.80 2000/07/28 23:26:59 bwelling Exp $
* Principal Author: Brian Wellington
*/
......@@ -87,8 +87,12 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
REQUIRE(mctx != NULL);
RUNTIME_CHECK(isc_once_do(&once, dns_tsig_inithmac) == ISC_R_SUCCESS);
if (!dns_name_equal(algorithm, DNS_TSIG_HMACMD5_NAME))
return (ISC_R_NOTFOUND);
if (!dns_name_equal(algorithm, DNS_TSIG_HMACMD5_NAME)) {
if (length != 0)
return (ISC_R_NOTIMPLEMENTED);
else
alg = 0;
}
else
alg = DST_ALG_HMACMD5;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment