]>
Commit | Line | Data |
---|---|---|
6644c1c7 MT |
1 | From 6ef15b34ca83c62a939f69356d5c3f7a6bfef3d0 Mon Sep 17 00:00:00 2001 |
2 | From: Simon Kelley <simon@thekelleys.org.uk> | |
3 | Date: Sat, 31 Jan 2015 22:44:26 +0000 | |
263d0a71 | 4 | Subject: [PATCH 41/71] Fix broken ECDSA DNSSEC signatures. |
6644c1c7 MT |
5 | |
6 | --- | |
7 | CHANGELOG | 2 ++ | |
8 | src/dnssec.c | 2 +- | |
9 | 2 files changed, 3 insertions(+), 1 deletion(-) | |
10 | ||
11 | diff --git a/CHANGELOG b/CHANGELOG | |
12 | index c05dec63c587..c80dc0fdbe9e 100644 | |
13 | --- a/CHANGELOG | |
14 | +++ b/CHANGELOG | |
15 | @@ -65,6 +65,8 @@ version 2.73 | |
16 | configured to do stateful DHCPv6. Thanks to Win King Wan | |
17 | for the patch. | |
18 | ||
19 | + Fix broken DNSSEC validation of ECDSA signatures. | |
20 | + | |
21 | ||
22 | version 2.72 | |
23 | Add ra-advrouter mode, for RFC-3775 mobile IPv6 support. | |
24 | diff --git a/src/dnssec.c b/src/dnssec.c | |
25 | index a8dfe3871c85..26932373cd3e 100644 | |
26 | --- a/src/dnssec.c | |
27 | +++ b/src/dnssec.c | |
28 | @@ -275,7 +275,7 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len | |
29 | } | |
30 | ||
31 | if (sig_len != 2*t || key_len != 2*t || | |
32 | - (p = blockdata_retrieve(key_data, key_len, NULL))) | |
33 | + !(p = blockdata_retrieve(key_data, key_len, NULL))) | |
34 | return 0; | |
35 | ||
36 | mpz_import(x, t , 1, 1, 0, 0, p); | |
37 | -- | |
38 | 2.1.0 | |
39 |