2522. [security] Handle -1 from DSA_do_verify().

author Mark Andrews <marka@isc.org>

Wed, 24 Dec 2008 00:21:45 +0000 (00:21 +0000)

committer Mark Andrews <marka@isc.org>

Wed, 24 Dec 2008 00:21:45 +0000 (00:21 +0000)
author Mark Andrews <marka@isc.org>
Wed, 24 Dec 2008 00:21:45 +0000 (00:21 +0000)
committer Mark Andrews <marka@isc.org>
Wed, 24 Dec 2008 00:21:45 +0000 (00:21 +0000)
diff --git a/CHANGES b/CHANGES

index baf0b4ad890851d786dfee43156c4fd805b598ea..c390df909ad2e2ff6de60154430a9f632471df04 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+       --- 9.3.6-P1 released ---
+
+2522.  [security]      Handle -1 from DSA_do_verify().
+
  2498.  [bug]           Removed a bogus function argument used with
                         ISC_SOCKET_USE_POLLWATCH: it could cause compiler
                         warning or crash named with the debug 1 level
diff --git a/lib/dns/api b/lib/dns/api

index eaa7c6def4145b0fffbe90a405294f6c3df16629..6bbd1729bc153e63a58077cdee49c65c118d2256 100644 (file)
--- a/lib/dns/api
+++ b/lib/dns/api
@@ -1,3 +1,3 @@
  LIBINTERFACE = 26
-LIBREVISION = 1
+LIBREVISION = 2
  LIBAGE = 0
diff --git a/lib/dns/openssldsa_link.c b/lib/dns/openssldsa_link.c

index df731e45a47df25d36b1c03535a9ebef8d1da0eb..fbfcfbad35ad3753489d37b28c895d14f9084d12 100644 (file)
--- a/lib/dns/openssldsa_link.c
+++ b/lib/dns/openssldsa_link.c
@@ -16,7 +16,7 @@
   * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
   */
  
-/* $Id: openssldsa_link.c,v 1.1.4.7 2007/08/28 07:19:13 tbox Exp $ */
+/* $Id: openssldsa_link.c,v 1.1.4.8 2008/12/24 00:21:45 marka Exp $ */
  
  #ifdef OPENSSL
  
@@ -133,7 +133,7 @@ openssldsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
  
         status = DSA_do_verify(digest, ISC_SHA1_DIGESTLENGTH, dsasig, dsa);
         DSA_SIG_free(dsasig);
-       if (status == 0)
+       if (status != 1)
                 return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
  
         return (ISC_R_SUCCESS);
diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c

index c33913ce3d07b84ed21da30e14b73e3e9acdedf9..765d9ed2a575c3205e3e282edbe719ccb09ac2b8 100644 (file)
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -17,7 +17,7 @@
  
  /*
   * Principal Author: Brian Wellington
- * $Id: opensslrsa_link.c,v 1.1.4.9 2006/11/07 21:28:40 marka Exp $
+ * $Id: opensslrsa_link.c,v 1.1.4.10 2008/12/24 00:21:45 marka Exp $
   */
  #ifdef OPENSSL
  
@@ -246,7 +246,7 @@ opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
  
         status = RSA_verify(type, digest, digestlen, sig->base,
                             RSA_size(rsa), rsa);
-       if (status == 0)
+       if (status != 1)
                 return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
  
         return (ISC_R_SUCCESS);
diff --git a/version b/version

index b0e3529350389cb3ece442135f4e887c01309813..f89ed03fd6dc83aafb60b53de8d86accc6f7747f 100644 (file)
--- a/version
+++ b/version
@@ -1,4 +1,4 @@
-# $Id: version,v 1.26.2.17.2.34 2008/11/12 04:04:56 marka Exp $
+# $Id: version,v 1.26.2.17.2.35 2008/12/24 00:21:45 marka Exp $
  #
  # This file must follow /bin/sh rules.  It is imported directly via
  # configure.
@@ -6,5 +6,5 @@
  MAJORVER=9
  MINORVER=3
  PATCHVER=6
-RELEASETYPE=
-RELEASEVER=
+RELEASETYPE=-P
+RELEASEVER=1
author	Mark Andrews <marka@isc.org>
	Wed, 24 Dec 2008 00:21:45 +0000 (00:21 +0000)
committer	Mark Andrews <marka@isc.org>
	Wed, 24 Dec 2008 00:21:45 +0000 (00:21 +0000)
CHANGES		patch \| blob \| blame \| history
lib/dns/api		patch \| blob \| blame \| history
lib/dns/openssldsa_link.c		patch \| blob \| blame \| history
lib/dns/opensslrsa_link.c		patch \| blob \| blame \| history
version		patch \| blob \| blame \| history