From: Remi Gacogne Date: Sun, 29 Oct 2017 17:49:05 +0000 (+0100) Subject: DNSCrypt: Certificate serials should be in network byte order X-Git-Tag: dnsdist-1.3.0~37^2~4 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b7bd0317afd13fd370afbc407bb46832f8cbe452;p=thirdparty%2Fpdns.git DNSCrypt: Certificate serials should be in network byte order --- diff --git a/pdns/dnscrypt.cc b/pdns/dnscrypt.cc index c03284585b..1f74563487 100644 --- a/pdns/dnscrypt.cc +++ b/pdns/dnscrypt.cc @@ -214,7 +214,7 @@ void DNSCryptContext::generateCertificate(uint32_t serial, time_t begin, time_t memcpy(cert.protocolMinorVersion, protocolMinorVersion, sizeof(protocolMinorVersion)); memcpy(cert.signedData.resolverPK, pubK, sizeof(cert.signedData.resolverPK)); memcpy(cert.signedData.clientMagic, pubK, sizeof(cert.signedData.clientMagic)); - cert.signedData.serial = serial; + cert.signedData.serial = htonl(serial); cert.signedData.tsStart = htonl((uint32_t) begin); cert.signedData.tsEnd = htonl((uint32_t) end); diff --git a/pdns/dnscrypt.hh b/pdns/dnscrypt.hh index aad89cd8c8..fea11f0c7f 100644 --- a/pdns/dnscrypt.hh +++ b/pdns/dnscrypt.hh @@ -86,7 +86,7 @@ class DNSCryptCert public: uint32_t getSerial() const { - return signedData.serial; + return ntohl(signedData.serial); } uint32_t getTSStart() const { diff --git a/regression-tests.dnsdist/dnscrypt.py b/regression-tests.dnsdist/dnscrypt.py index a93aeaea0a..bc1a296b42 100644 --- a/regression-tests.dnsdist/dnscrypt.py +++ b/regression-tests.dnsdist/dnscrypt.py @@ -41,7 +41,7 @@ class DNSCryptResolverCertificate(object): resolverPK = orig[0:32] clientMagic = orig[32:40] - serial = struct.unpack_from("I", orig[40:44])[0] + serial = struct.unpack_from("!I", orig[40:44])[0] validFrom = struct.unpack_from("!I", orig[44:48])[0] validUntil = struct.unpack_from("!I", orig[48:52])[0] return DNSCryptResolverCertificate(serial, validFrom, validUntil, resolverPK, clientMagic)