Check the DS trust anchor algorithm is supported

author Mark Andrews <marka@isc.org>

Fri, 16 May 2025 06:14:14 +0000 (16:14 +1000)

committer Mark Andrews <marka@isc.org>

Wed, 18 Jun 2025 21:00:53 +0000 (07:00 +1000)
author Mark Andrews <marka@isc.org>
Fri, 16 May 2025 06:14:14 +0000 (16:14 +1000)
committer Mark Andrews <marka@isc.org>
Wed, 18 Jun 2025 21:00:53 +0000 (07:00 +1000)
diff --git a/bin/named/server.c b/bin/named/server.c

index db395e20ef2c9665f503c7b615a6c66e16d5ee61..b39bf1b107281f33d8ee7fc61561ee20658f7749 100644 (file)
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -853,8 +853,13 @@ ta_fromconfig(const cfg_obj_t *key, bool *initialp, const char **namestrp,
  
                 ds->length = r.length;
                 ds->digest = digest;
+               INSIST(r.length <= ISC_MAX_MD_SIZE);
                 memmove(ds->digest, r.base, r.length);
  
+               if (!dst_algorithm_supported(ds->algorithm)) {
+                       CHECK(DST_R_UNSUPPORTEDALG);
+               }
+
                 break;
  
         default:
author	Mark Andrews <marka@isc.org>
	Fri, 16 May 2025 06:14:14 +0000 (16:14 +1000)
committer	Mark Andrews <marka@isc.org>
	Wed, 18 Jun 2025 21:00:53 +0000 (07:00 +1000)