[ipfire-2.x.git] / src / patches / dnsmasq / 0041-Fix-broken-ECDSA-DNSSEC-signatures.patch

From 6ef15b34ca83c62a939f69356d5c3f7a6bfef3d0 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Sat, 31 Jan 2015 22:44:26 +0000
Subject: [PATCH 41/71] Fix broken ECDSA DNSSEC signatures.

---
 CHANGELOG    | 2 ++
 src/dnssec.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index c05dec63c587..c80dc0fdbe9e 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -65,6 +65,8 @@ version 2.73
 	    configured to do stateful DHCPv6. Thanks to Win King Wan 
 	    for the patch.
 
+	    Fix broken DNSSEC validation of ECDSA signatures.
+	
 	
 version 2.72
             Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
diff --git a/src/dnssec.c b/src/dnssec.c
index a8dfe3871c85..26932373cd3e 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -275,7 +275,7 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len
     }
   
   if (sig_len != 2*t || key_len != 2*t ||
-      (p = blockdata_retrieve(key_data, key_len, NULL)))
+      !(p = blockdata_retrieve(key_data, key_len, NULL)))
     return 0;
   
   mpz_import(x, t , 1, 1, 0, 0, p);
-- 
2.1.0
Commit	Line	Data
6644c1c7 MT	1	From 6ef15b34ca83c62a939f69356d5c3f7a6bfef3d0 Mon Sep 17 00:00:00 2001
	2	From: Simon Kelley <simon@thekelleys.org.uk>
	3	Date: Sat, 31 Jan 2015 22:44:26 +0000
263d0a71	4	Subject: [PATCH 41/71] Fix broken ECDSA DNSSEC signatures.
6644c1c7 MT	5
	6	---
	7	CHANGELOG \| 2 ++
	8	src/dnssec.c \| 2 +-
	9	2 files changed, 3 insertions(+), 1 deletion(-)
	10
	11	diff --git a/CHANGELOG b/CHANGELOG
	12	index c05dec63c587..c80dc0fdbe9e 100644
	13	--- a/CHANGELOG
	14	+++ b/CHANGELOG
	15	@@ -65,6 +65,8 @@ version 2.73
	16	configured to do stateful DHCPv6. Thanks to Win King Wan
	17	for the patch.
	18
	19	+ Fix broken DNSSEC validation of ECDSA signatures.
	20	+
	21
	22	version 2.72
	23	Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
	24	diff --git a/src/dnssec.c b/src/dnssec.c
	25	index a8dfe3871c85..26932373cd3e 100644
	26	--- a/src/dnssec.c
	27	+++ b/src/dnssec.c
	28	@@ -275,7 +275,7 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len
	29	}
	30
	31	if (sig_len != 2t \|\| key_len != 2t \|\|
	32	- (p = blockdata_retrieve(key_data, key_len, NULL)))
	33	+ !(p = blockdata_retrieve(key_data, key_len, NULL)))
	34	return 0;
	35
	36	mpz_import(x, t , 1, 1, 0, 0, p);
	37	--
	38	2.1.0
	39