From: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Date: Tue, 14 Jan 2020 15:03:29 +0000 (+0100)
Subject: - Fix auth zone support for NSEC3 records without salt.
X-Git-Tag: release-1.10.0rc1~50
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1e0c957dcd7b0b1e03ff2d8bf58fdbb147ce4978;p=thirdparty%2Funbound.git

- Fix auth zone support for NSEC3 records without salt.
---

diff --git a/doc/Changelog b/doc/Changelog
index c085d7e9d..519f4c3ea 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -7,6 +7,7 @@
 	  cache and neg cache structures.
 	- Fix for memory leak when edns subnet config options are read when
 	  compiled without edns subnet support.
+	- Fix auth zone support for NSEC3 records without salt.
 
 10 January 2020: Wouter
 	- Fix the relationship between serve-expired and prefetch options,
diff --git a/services/authzone.c b/services/authzone.c
index 9621d6ee3..bad649c39 100644
--- a/services/authzone.c
+++ b/services/authzone.c
@@ -2586,12 +2586,14 @@ az_nsec3_hash(uint8_t* buf, size_t buflen, uint8_t* nm, size_t nmlen,
 	/* hashfunc(name, salt) */
 	memmove(p, nm, nmlen);
 	query_dname_tolower(p);
-	memmove(p+nmlen, salt, saltlen);
+	if(salt && saltlen > 0)
+		memmove(p+nmlen, salt, saltlen);
 	(void)secalgo_nsec3_hash(algo, p, nmlen+saltlen, (unsigned char*)buf);
 	for(i=0; i<iter; i++) {
 		/* hashfunc(hash, salt) */
 		memmove(p, buf, hlen);
-		memmove(p+hlen, salt, saltlen);
+		if(salt && saltlen > 0)
+			memmove(p+hlen, salt, saltlen);
 		(void)secalgo_nsec3_hash(algo, p, hlen+saltlen,
 			(unsigned char*)buf);
 	}