]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cf18479) | patch
Remove DNS_KEYFLAG_EXTENDED
authorEvan Hunt <each@isc.org>
Thu, 30 Apr 2026 18:28:58 +0000 (11:28 -0700)
committerOndřej Surý <ondrej@isc.org>
Tue, 5 May 2026 08:16:02 +0000 (10:16 +0200)
commit9c06f0a41de12fb4366db42c1dd4bbc785fe67b2
treef743c88ce3f1a2992e06262bdeca9e8c946fea54tree | snapshot
parentcf18479882818bd2c2accb15f9da94f69cdedf61commit | diff
Remove DNS_KEYFLAG_EXTENDED

The DNS_KEYFLAG_EXTENDED flag was only legitimate for type KEY
and was eliminated by RFC 3445. Dropping the extended-flags
handling in pub_compare() also fixes a possible crash when
signing a zone whose journal contains a crafted DNSKEY: a
6-byte record with the EXTENDED bit set produced a memmove()
length that underflowed and ran off a stack buffer.
lib/dns/dst_api.c diff | blob | blame | history
lib/dns/include/dns/keyvalues.h diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git