]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5e10fdc) | patch
Fix off-by-one in TSIG generated key eviction
authorOndřej Surý <ondrej@sury.org>
Tue, 17 Mar 2026 23:28:04 +0000 (00:28 +0100)
committerOndřej Surý <ondrej@sury.org>
Wed, 1 Apr 2026 05:04:39 +0000 (07:04 +0200)
commit8c1fe179e321ec993e29eb5a92f8054abdfbd470
treeebd3a5f1ab66464bdb1154278a41370400bcb2fetree | snapshot
parent5e10fdc29552d601adfea2ef63b7121877fdee74commit | diff
Fix off-by-one in TSIG generated key eviction

Use pre-increment (++ring->generated) instead of post-increment
(ring->generated++) so the comparison against DNS_TSIG_MAXGENERATEDKEYS
happens after counting the new key.  With post-increment, one extra key
beyond the limit was allowed before eviction kicked in.
lib/dns/tsig.c diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git