From: Kees Monshouwer <mind04@monshouwer.org>
Date: Tue, 15 Jul 2014 21:13:53 +0000 (+0200)
Subject: check algorithm in getTSIGKey()
X-Git-Tag: auth-3.4.0-rc1~43^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=87168c90b5b723822638b44ff7612286eac3095a;p=thirdparty%2Fpdns.git

check algorithm in getTSIGKey()
---

diff --git a/modules/bindbackend/binddnssec.cc b/modules/bindbackend/binddnssec.cc
index ecbd59d32d..f180602584 100644
--- a/modules/bindbackend/binddnssec.cc
+++ b/modules/bindbackend/binddnssec.cc
@@ -296,8 +296,10 @@ bool Bind2Backend::getTSIGKey(const string& name, string* algorithm, string* con
   
   content->clear();
   while(d_dnssecdb->getRow(row)) {
-    *algorithm = row[0];
-    *content=row[1];
+    if(row.size() >= 2 && (algorithm->empty() || pdns_iequals(*algorithm, row[0]))) {
+      *algorithm = row[0];
+      *content = row[1];
+    }
   }
 
   return !content->empty();
diff --git a/modules/oraclebackend/oraclebackend.cc b/modules/oraclebackend/oraclebackend.cc
index 4e2be62fca..5020cf9dc6 100644
--- a/modules/oraclebackend/oraclebackend.cc
+++ b/modules/oraclebackend/oraclebackend.cc
@@ -1406,22 +1406,26 @@ OracleBackend::getTSIGKey (const string& name, string* algorithm, string* conten
 
   rc = OCIStmtExecute(pooledSvcCtx, stmt, oraerr, 1, 0, NULL, NULL, OCI_DEFAULT);
 
-  if (rc == OCI_NO_DATA) {
-    return false;
-  }
+  content->clear();
+  while (rc != OCI_NO_DATA) {
 
-  if (rc == OCI_ERROR) {
-    throw OracleException("Oracle getTSIGKey", oraerr);
-  }
+    if (rc == OCI_ERROR) {
+      throw OracleException("Oracle getTSIGKey", oraerr);
+    }
 
-  check_indicator(mResultTypeInd, false);
-  check_indicator(mResultContentInd, false);
+    check_indicator(mResultTypeInd, false);
+    check_indicator(mResultContentInd, false);
+
+    if(algorithm->empty() || pdns_iequals(*algorithm, mResultType)) {
+      *algorithm = mResultType;
+      *content = mResultContent;
+    }
 
-  *algorithm = mResultType;
-  *content = mResultContent;
+    rc = OCIStmtFetch2(stmt, oraerr, 1, OCI_FETCH_NEXT, 0, OCI_DEFAULT);
+  }
 
   release_query(stmt, getTSIGKeyQueryKey);
-  return true;
+  return !content->empty();
 }
 
 bool
diff --git a/pdns/backends/gsql/gsqlbackend.cc b/pdns/backends/gsql/gsqlbackend.cc
index 094e732431..c42ec3abd2 100644
--- a/pdns/backends/gsql/gsqlbackend.cc
+++ b/pdns/backends/gsql/gsqlbackend.cc
@@ -620,11 +620,13 @@ bool GSQLBackend::getTSIGKey(const string& name, string* algorithm, string* cont
   }
   
   SSql::row_t row;
-  
+
   content->clear();
   while(d_db->getRow(row)) {
-    *algorithm = row[0];
-    *content=row[1];
+    if(row.size() >= 2 && (algorithm->empty() || pdns_iequals(*algorithm, row[0]))) {
+      *algorithm = row[0];
+      *content = row[1];
+    }
   }
 
   return !content->empty();
diff --git a/pdns/dnspacket.cc b/pdns/dnspacket.cc
index 52f1298005..f6f5d51b10 100644
--- a/pdns/dnspacket.cc
+++ b/pdns/dnspacket.cc
@@ -607,8 +607,8 @@ bool checkForCorrectTSIG(const DNSPacket* q, DNSBackend* B, string* keyname, str
     return false;
   }
 
-  string algoName = trc->d_algoName;
-  if (stripDot(algoName) == "hmac-md5.sig-alg.reg.int")
+  string algoName = toLowerCanonic(trc->d_algoName);
+  if (algoName == "hmac-md5.sig-alg.reg.int")
     algoName = "hmac-md5";
 
   string secret64;