From b7bd0317afd13fd370afbc407bb46832f8cbe452 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Sun, 29 Oct 2017 18:49:05 +0100 Subject: [PATCH] DNSCrypt: Certificate serials should be in network byte order --- pdns/dnscrypt.cc | 2 +- pdns/dnscrypt.hh | 2 +- regression-tests.dnsdist/dnscrypt.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pdns/dnscrypt.cc b/pdns/dnscrypt.cc index c03284585b..1f74563487 100644 --- a/pdns/dnscrypt.cc +++ b/pdns/dnscrypt.cc @@ -214,7 +214,7 @@ void DNSCryptContext::generateCertificate(uint32_t serial, time_t begin, time_t memcpy(cert.protocolMinorVersion, protocolMinorVersion, sizeof(protocolMinorVersion)); memcpy(cert.signedData.resolverPK, pubK, sizeof(cert.signedData.resolverPK)); memcpy(cert.signedData.clientMagic, pubK, sizeof(cert.signedData.clientMagic)); - cert.signedData.serial = serial; + cert.signedData.serial = htonl(serial); cert.signedData.tsStart = htonl((uint32_t) begin); cert.signedData.tsEnd = htonl((uint32_t) end); diff --git a/pdns/dnscrypt.hh b/pdns/dnscrypt.hh index aad89cd8c8..fea11f0c7f 100644 --- a/pdns/dnscrypt.hh +++ b/pdns/dnscrypt.hh @@ -86,7 +86,7 @@ class DNSCryptCert public: uint32_t getSerial() const { - return signedData.serial; + return ntohl(signedData.serial); } uint32_t getTSStart() const { diff --git a/regression-tests.dnsdist/dnscrypt.py b/regression-tests.dnsdist/dnscrypt.py index a93aeaea0a..bc1a296b42 100644 --- a/regression-tests.dnsdist/dnscrypt.py +++ b/regression-tests.dnsdist/dnscrypt.py @@ -41,7 +41,7 @@ class DNSCryptResolverCertificate(object): resolverPK = orig[0:32] clientMagic = orig[32:40] - serial = struct.unpack_from("I", orig[40:44])[0] + serial = struct.unpack_from("!I", orig[40:44])[0] validFrom = struct.unpack_from("!I", orig[44:48])[0] validUntil = struct.unpack_from("!I", orig[48:52])[0] return DNSCryptResolverCertificate(serial, validFrom, validUntil, resolverPK, clientMagic) -- 2.47.2