src/patches/dnsmasq/0041-Fix-broken-ECDSA-DNSSEC-signatures.patch

   1 From 6ef15b34ca83c62a939f69356d5c3f7a6bfef3d0 Mon Sep 17 00:00:00 2001
   2 From: Simon Kelley <simon@thekelleys.org.uk>
   3 Date: Sat, 31 Jan 2015 22:44:26 +0000
   4 Subject: [PATCH 41/55] Fix broken ECDSA DNSSEC signatures.
   5
   6 ---
   7  CHANGELOG    | 2 ++
   8  src/dnssec.c | 2 +-
   9  2 files changed, 3 insertions(+), 1 deletion(-)
  10
  11 diff --git a/CHANGELOG b/CHANGELOG
  12 index c05dec63c587..c80dc0fdbe9e 100644
  13 --- a/CHANGELOG
  14 +++ b/CHANGELOG
  15 @@ -65,6 +65,8 @@ version 2.73
  16             configured to do stateful DHCPv6. Thanks to Win King Wan
  17             for the patch.
  18
  19 +           Fix broken DNSSEC validation of ECDSA signatures.
  20 +
  21
  22  version 2.72
  23              Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
  24 diff --git a/src/dnssec.c b/src/dnssec.c
  25 index a8dfe3871c85..26932373cd3e 100644
  26 --- a/src/dnssec.c
  27 +++ b/src/dnssec.c
  28 @@ -275,7 +275,7 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len
  29      }
  30
  31    if (sig_len != 2*t || key_len != 2*t ||
  32 -      (p = blockdata_retrieve(key_data, key_len, NULL)))
  33 +      !(p = blockdata_retrieve(key_data, key_len, NULL)))
  34      return 0;
  35
  36    mpz_import(x, t , 1, 1, 0, 0, p);
  37 --
  38 2.1.0
  39