]> git.ipfire.org Git - thirdparty/knot-resolver.git/commit
projects / thirdparty / knot-resolver.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e966b7f) | patch
validator: similarly also limit excessive NSEC3 salt length
authorVladimír Čunát <vladimir.cunat@nic.cz>
Tue, 2 Jan 2024 10:18:31 +0000 (11:18 +0100)
committerVladimír Čunát <vladimir.cunat@nic.cz>
Mon, 12 Feb 2024 10:19:57 +0000 (11:19 +0100)
commiteccb8e278c1cde0548cc570eac619feaa290cede
tree153e1f5613ca201eaabf0aaf110585eced145df3tree
parente966b7fdb167add0ec37c56a954c2d847f627985commit | diff
validator: similarly also limit excessive NSEC3 salt length

Limit combination of iterations and salt length, based on estimated
expense of the computation.  Note that the result only differs for
salt length > 44 which is rather nonsensical and very rare:
https://chat.dns-oarc.net/community/pl/h58qx9sjkbgt9dajb7x988p78a
lib/cache/api.c diff | blob | blame | history
lib/cache/nsec3.c diff | blob | blame | history
lib/dnssec/nsec3.c diff | blob | blame | history
lib/dnssec/nsec3.h diff | blob | blame | history
lib/layer/validate.c diff | blob | blame | history
Mirror of https://gitlab.nic.cz/knot/knot-resolver.git