[9.18] prevent TSIG keys from being added to multiple rings (!7965) · Merge requests · ISC Open Source Projects / BIND

Evan Hunt requested to merge 4079-multiple-keyrings-bind-9.18 into bind-9.18 May 25, 2023

it was possible to add a TSIG key to more than one TSIG keyring at a time, and this was in fact happening with the session key, which was generated once and then added to the keyrings for each view as it was configured.

this has been corrected and a REQUIRE added to dns_tsigkeyring_add() to prevent it from happening again.

Backport of MR !7955 (merged)

Edited May 25, 2023 by Evan Hunt

[9.18] prevent TSIG keys from being added to multiple rings

Merge request reports