From: Mark Andrews <marka@isc.org>
Date: Fri, 12 Oct 2001 01:08:20 +0000 (+0000)
Subject: pullup:
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=39bdc01d4634c9debb8ba93fec625ff2415a37e6;p=thirdparty%2Fbind9.git

pullup:
1047.   [bug]           When a request was refused due to being signed with
                        a TSIG key derived from an unsigned TKEY negotiation,
                        the response could have an rcode of SUCCESS rather
                        than REFUSED. [RT #1886]
---

diff --git a/CHANGES b/CHANGES
index 93165d88756..4254fe76d6b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+1047.	[bug]		When a request was refused due to being signed with
+			a TSIG key derived from an unsigned TKEY negotiation,
+			the response could have an rcode of SUCCESS rather
+			than REFUSED. [RT #1886]
+
 
 1041.	[bug]		Dig/host/nslookup could catch an assertion failure
 			on SIGINT due to an uninitialized variable. [RT #1867]
diff --git a/bin/named/client.c b/bin/named/client.c
index 0d0b4319384..272571b3940 100644
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: client.c,v 1.136.2.7 2001/09/19 02:46:55 marka Exp $ */
+/* $Id: client.c,v 1.136.2.8 2001/10/12 01:08:20 marka Exp $ */
 
 #include <config.h>
 
@@ -1413,6 +1413,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
 			      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
 			      "request is signed by a nonauthoritative key");
+		sigresult = DNS_R_REFUSED;
 		/*
 		 * Accept update messages signed by unknown keys so that
 		 * update forwarding works transparently through slaves