Clarified -p option in ldns-verify-zone.

Bugfix #410: Don't leak sha temporary data on the stack
Fix tests to take (DY)LD_LIBRARY_PATH into account

diff --git a/Changelog b/Changelog
index 3747e8c9539601e49aa132fdfb34071cc8410e24..68f9abfdb70a1627f25ada88ab9b6f79447d150e 100644 (file)
--- a/Changelog
+++ b/Changelog
@@ -3,7 +3,7 @@
        * bugfix #392: Apex only and percentage checks for ldns-verify-zone 
          (thanks Miek Gieben)
        * bugfix #398: Allow NSEC RRSIGs before the NSEC3 in ldns-verify-zone
-       * Fix python site package path to /usr/lib64.
+       * Fix python site package path from sitelib to sitearch for pyldns.
        * Fix python api to support python2 and python3 (thanks Karel Slany).
        * bugfix #401: Correction of date/time functions algorithm and 
          prevention of an infinite loop therein
@@ -40,6 +40,7 @@
          The ldnsx module is automatically installed when --with-pyldns is
          used with configuring, but may explicitly be excluded with the
          --without-pyldnsx option to configure.
+       * bugfix #410: Fix clearing out temporary data on stack in sha2.c
 
 1.6.10 2011-05-31
        * New example tool added: ldns-gen-zone.

diff --git a/examples/ldns-verify-zone.1 b/examples/ldns-verify-zone.1
index 175ee2dd646d95f8bf6b5dcac16bce549534c7fa..092fb213aee1cacd12970dc1b5c236020eb2311d 100644 (file)
--- a/examples/ldns-verify-zone.1
+++ b/examples/ldns-verify-zone.1
@@ -20,7 +20,9 @@ Apex only, check only the zone apex
 
 .TP
 \fB-p\fR \fI[0-100]\fR
-Only check this percentage of the zone. Defaults to 100.
+Only check this percentage of the zone.
+Which names to check is determined randomly.
+Defaults to 100.
 
 .TP
 \fB-h\fR

diff --git a/sha2.c b/sha2.c
index 26b7716a6623533b7ee28b458902d7463eaffef6..6ba4ab5cb1e09e49c765fe89475af6300fdbeeae 100644 (file)
--- a/sha2.c
+++ b/sha2.c
@@ -605,7 +605,7 @@ void ldns_sha256_final(sha2_byte digest[], ldns_sha256_CTX* context) {
        }
 
        /* Clean up state data: */
-       MEMSET_BZERO(context, sizeof(context));
+       MEMSET_BZERO(context, sizeof(ldns_sha256_CTX));
        usedspace = 0;
 }
 
@@ -915,7 +915,7 @@ void ldns_sha512_final(sha2_byte digest[], ldns_sha512_CTX* context) {
        }
 
        /* Zero out state data */
-       MEMSET_BZERO(context, sizeof(context));
+       MEMSET_BZERO(context, sizeof(ldns_sha512_CTX));
 }
 
 unsigned char *
@@ -968,7 +968,7 @@ void ldns_sha384_final(sha2_byte digest[], ldns_sha384_CTX* context) {
        }
 
        /* Zero out state data */
-       MEMSET_BZERO(context, sizeof(context));
+       MEMSET_BZERO(context, sizeof(ldns_sha384_CTX));
 }
 
 unsigned char *

diff --git a/test/03-run.tpkg b/test/03-run.tpkg
index 2eaf75fe0dc1c66bbf95204f752d41e4ceaca608..dc40c10b6a6ef08347dc2bacd62de127f40ea9d4 100644 (file)
Binary files a/test/03-run.tpkg and b/test/03-run.tpkg differ

diff --git a/test/04-run-normal.tpkg b/test/04-run-normal.tpkg
index ff024596e2fe96d5c9443a78605b8de36348d20e..5776c48b07a2a79db1fd06eabb286ee5ac0adbc1 100644 (file)
Binary files a/test/04-run-normal.tpkg and b/test/04-run-normal.tpkg differ

diff --git a/test/18-drill-tests1.tpkg b/test/18-drill-tests1.tpkg
index 6fc5dd940ede2a48669f15f1c6b6f9bb8c8c2580..0dd5163a40e8d4cba02e0f8af5b39bd57251fffe 100644 (file)
Binary files a/test/18-drill-tests1.tpkg and b/test/18-drill-tests1.tpkg differ