2771. [bug] dnssec-signzone: DNSKEY records could be

author Evan Hunt <each@isc.org>

Tue, 17 Nov 2009 05:46:53 +0000 (05:46 +0000)

committer Evan Hunt <each@isc.org>

Tue, 17 Nov 2009 05:46:53 +0000 (05:46 +0000)
author Evan Hunt <each@isc.org>
Tue, 17 Nov 2009 05:46:53 +0000 (05:46 +0000)
committer Evan Hunt <each@isc.org>
Tue, 17 Nov 2009 05:46:53 +0000 (05:46 +0000)
diff --git a/CHANGES b/CHANGES

index b5f40df73d124cc1e68b50a6908bccb570ebb2c1..0776dd75584a24b43957bd2c55db24f265d58105 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2771.  [bug]           dnssec-signzone: DNSKEY records could be
+                       corrupted when importing from key files [RT #20624]
+
  2770.  [cleanup]       Add log messages to resolver.c to indicate events
                         causing FORMERR responses. [RT #20526]
  
diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c

index cac4d6c1bc35d91e9c7a3bc21047531119e28227..c629dcf19755276a44bf5af0acef7ef9610cb75b 100644 (file)
--- a/lib/dns/dnssec.c
+++ b/lib/dns/dnssec.c
@@ -16,7 +16,7 @@
   */
  
  /*
- * $Id: dnssec.c,v 1.109 2009/11/16 01:44:33 each Exp $
+ * $Id: dnssec.c,v 1.110 2009/11/17 05:46:53 each Exp $
   */
  
  /*! \file */
@@ -1364,13 +1364,14 @@ dns_dnssec_keylistfromrdataset(dns_name_t *origin,
  }
  
  static isc_result_t
-make_dnskey(dst_key_t *key, dns_rdata_t *target) {
+make_dnskey(dst_key_t *key, unsigned char *buf, int bufsize,
+           dns_rdata_t *target)
+{
         isc_result_t result;
-       unsigned char data[DST_KEY_MAXSIZE];
         isc_buffer_t b;
         isc_region_t r;
  
-       isc_buffer_init(&b, data, sizeof(data));
+       isc_buffer_init(&b, buf, bufsize);
         result = dst_key_todns(key, &b);
         if (result != ISC_R_SUCCESS)
                 return (result);
@@ -1389,11 +1390,12 @@ publish_key(dns_diff_t *add, dns_dnsseckey_t *key, dns_name_t *origin,
  {
         isc_result_t result;
         dns_difftuple_t *tuple = NULL;
+       unsigned char buf[DST_KEY_MAXSIZE];
         dns_rdata_t dnskey = DNS_RDATA_INIT;
         char alg[80];
  
         dns_rdata_reset(&dnskey);
-       RETERR(make_dnskey(key->key, &dnskey));
+       RETERR(make_dnskey(key->key, buf, sizeof(buf), &dnskey));
  
         dns_secalg_format(dst_key_alg(key->key), alg, sizeof(alg));
         report("Fetching %s %d/%s from key %s\n",
@@ -1430,6 +1432,7 @@ remove_key(dns_diff_t *del, dns_dnsseckey_t *key, dns_name_t *origin,
  {
         isc_result_t result;
         dns_difftuple_t *tuple = NULL;
+       unsigned char buf[DST_KEY_MAXSIZE];
         dns_rdata_t dnskey = DNS_RDATA_INIT;
         char alg[80];
  
@@ -1437,7 +1440,7 @@ remove_key(dns_diff_t *del, dns_dnsseckey_t *key, dns_name_t *origin,
         report("Removing %s key %d/%s from DNSKEY RRset.\n",
                reason, dst_key_id(key->key), alg);
  
-       RETERR(make_dnskey(key->key, &dnskey));
+       RETERR(make_dnskey(key->key, buf, sizeof(buf), &dnskey));
         RETERR(dns_difftuple_create(mctx, DNS_DIFFOP_DEL, origin, ttl, &dnskey,
                                     &tuple));
         dns_diff_append(del, &tuple);
author	Evan Hunt <each@isc.org>
	Tue, 17 Nov 2009 05:46:53 +0000 (05:46 +0000)
committer	Evan Hunt <each@isc.org>
	Tue, 17 Nov 2009 05:46:53 +0000 (05:46 +0000)
CHANGES		patch \| blob \| blame \| history
lib/dns/dnssec.c		patch \| blob \| blame \| history