- Fix auth zone support for NSEC3 records without salt.

diff --git a/doc/Changelog b/doc/Changelog
index c085d7e9d1aba23af083e88ab1920133abc49bb7..519f4c3ea862d572670d5f4791dad586dac201db 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -7,6 +7,7 @@
          cache and neg cache structures.
        - Fix for memory leak when edns subnet config options are read when
          compiled without edns subnet support.
+       - Fix auth zone support for NSEC3 records without salt.
 
 10 January 2020: Wouter
        - Fix the relationship between serve-expired and prefetch options,

diff --git a/services/authzone.c b/services/authzone.c
index 9621d6ee328a488e85527be7d4b38fe273d627fe..bad649c39bad01314b0a8784da78b300d3354f40 100644 (file)
--- a/services/authzone.c
+++ b/services/authzone.c
@@ -2586,12 +2586,14 @@ az_nsec3_hash(uint8_t* buf, size_t buflen, uint8_t* nm, size_t nmlen,
        /* hashfunc(name, salt) */
        memmove(p, nm, nmlen);
        query_dname_tolower(p);
-       memmove(p+nmlen, salt, saltlen);
+       if(salt && saltlen > 0)
+               memmove(p+nmlen, salt, saltlen);
        (void)secalgo_nsec3_hash(algo, p, nmlen+saltlen, (unsigned char*)buf);
        for(i=0; i<iter; i++) {
                /* hashfunc(hash, salt) */
                memmove(p, buf, hlen);
-               memmove(p+hlen, salt, saltlen);
+               if(salt && saltlen > 0)
+                       memmove(p+hlen, salt, saltlen);
                (void)secalgo_nsec3_hash(algo, p, hlen+saltlen,
                        (unsigned char*)buf);
        }