From: Mark Andrews <marka@isc.org>
Date: Thu, 21 Jun 2018 23:50:10 +0000 (+1000)
Subject: the client cookie was being hashed twice when computing the server cookie for sha1... 
X-Git-Tag: v9.10.8rc2~8^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2cf488e71b96f2e2be0aef99ef43361975371e7a;p=thirdparty%2Fbind9.git

the client cookie was being hashed twice when computing the server cookie for sha1 and sha256

(cherry picked from commit 4795f0ca89a3e907cbcc2d406da27b38f9aed8dd)
---

diff --git a/bin/named/client.c b/bin/named/client.c
index 1d72a735a79..16d78cacb73 100644
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -1650,7 +1650,6 @@ compute_cookie(ns_client_t *client, isc_uint32_t when, isc_uint32_t nonce,
 				    (unsigned char *)&netaddr.type.in6, 16);
 		break;
 	}
-	isc_hmacsha1_update(&hmacsha1, client->cookie, sizeof(client->cookie));
 	isc_hmacsha1_sign(&hmacsha1, digest, sizeof(digest));
 	isc_buffer_putmem(buf, digest, 8);
 	isc_hmacsha1_invalidate(&hmacsha1);
@@ -1681,8 +1680,6 @@ compute_cookie(ns_client_t *client, isc_uint32_t when, isc_uint32_t nonce,
 				      (unsigned char *)&netaddr.type.in6, 16);
 		break;
 	}
-	isc_hmacsha256_update(&hmacsha256, client->cookie,
-			      sizeof(client->cookie));
 	isc_hmacsha256_sign(&hmacsha256, digest, sizeof(digest));
 	isc_buffer_putmem(buf, digest, 8);
 	isc_hmacsha256_invalidate(&hmacsha256);