turns out TSIG signing code was using the DNSPacketWriter in a superspecial way....

author bert hubert <bert.hubert@netherlabs.nl>

Sat, 27 Aug 2016 08:48:35 +0000 (10:48 +0200)

committer bert hubert <bert.hubert@netherlabs.nl>

Sat, 27 Aug 2016 12:15:55 +0000 (14:15 +0200)
author bert hubert <bert.hubert@netherlabs.nl>
Sat, 27 Aug 2016 08:48:35 +0000 (10:48 +0200)
committer bert hubert <bert.hubert@netherlabs.nl>
Sat, 27 Aug 2016 12:15:55 +0000 (14:15 +0200)
diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc

index 6edc8297d83761709d7ff5a1bbb6dc5755ea7bb3..f213d353e831ac8cd1aa7351782c414e49b415b0 100644 (file)
--- a/pdns/dnssecinfra.cc
+++ b/pdns/dnssecinfra.cc
@@ -632,6 +632,7 @@ string makeTSIGMessageFromTSIGPacket(const string& opacket, unsigned int tsigOff
  
    vector<uint8_t> signVect;
    DNSPacketWriter dw(signVect, DNSName(), 0);
+  auto pos=signVect.size();
    if(!timersonly) {
      dw.xfrName(keyname, false);
      dw.xfr16BitInt(QClass::ANY); // class
@@ -648,8 +649,7 @@ string makeTSIGMessageFromTSIGPacket(const string& opacket, unsigned int tsigOff
      dw.xfr16BitInt(trc.d_otherData.length()); // length of 'other' data
      //    dw.xfrBlob(trc->d_otherData);
    }
-  const vector<uint8_t>& signRecord=dw.getRecordBeingWritten();
-  message.append(signRecord.begin(), signRecord.end());
+  message.append(signVect.begin()+pos, signVect.end());
    return message;
  }
  
@@ -672,6 +672,7 @@ void addTSIG(DNSPacketWriter& pw, TSIGRecordContent* trc, const DNSName& tsigkey
    // now add something that looks a lot like a TSIG record, but isn't
    vector<uint8_t> signVect;
    DNSPacketWriter dw(signVect, DNSName(), 0);
+  auto pos=dw.size();
    if(!timersonly) {
      dw.xfrName(tsigkeyname, false);
      dw.xfr16BitInt(QClass::ANY); // class
@@ -688,8 +689,7 @@ void addTSIG(DNSPacketWriter& pw, TSIGRecordContent* trc, const DNSName& tsigkey
      //    dw.xfrBlob(trc->d_otherData);
    }
    
-  const vector<uint8_t>& signRecord=dw.getRecordBeingWritten();
-  toSign.append(signRecord.begin(), signRecord.end());
+  toSign.append(signVect.begin() + pos, signVect.end());
  
    if (algo == TSIG_GSS) {
      if (!gss_add_signature(tsigkeyname, toSign, trc->d_mac)) {
diff --git a/pdns/dnswriter.hh b/pdns/dnswriter.hh

index 024cfae9e6301ca725c2d480947bae186fc9f5e9..3c5f33e266d123fe094bdf45c8a88204da2dedb1 100644 (file)
--- a/pdns/dnswriter.hh
+++ b/pdns/dnswriter.hh
@@ -116,7 +116,6 @@ public:
  
    dnsheader* getHeader();
    void getRecordPayload(string& records); // call __before commit__
-  const vector<uint8_t> getRecordBeingWritten() { return vector<uint8_t>(d_content.begin()+d_sor, d_content.end()); }
  
    void setCanonic(bool val)
    {
author	bert hubert <bert.hubert@netherlabs.nl>
	Sat, 27 Aug 2016 08:48:35 +0000 (10:48 +0200)
committer	bert hubert <bert.hubert@netherlabs.nl>
	Sat, 27 Aug 2016 12:15:55 +0000 (14:15 +0200)
pdns/dnssecinfra.cc		patch \| blob \| blame \| history
pdns/dnswriter.hh		patch \| blob \| blame \| history