Fix broken ECDSA DNSSEC signatures.

diff --git a/CHANGELOG b/CHANGELOG
index c05dec63c587e226bd11457048de70960a485d92..c80dc0fdbe9e667185250a376f47d70da95ab17b 100644 (file)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -65,6 +65,8 @@ version 2.73
            configured to do stateful DHCPv6. Thanks to Win King Wan 
            for the patch.
 
+           Fix broken DNSSEC validation of ECDSA signatures.
+       
        
 version 2.72
             Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.

diff --git a/src/dnssec.c b/src/dnssec.c
index a8dfe3871c85474bb8d86da44e8d8adce2f6c0f2..26932373cd3e50d8e335707fc0a4bbf531df07a5 100644 (file)
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -275,7 +275,7 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len
     }
   
   if (sig_len != 2*t || key_len != 2*t ||
-      (p = blockdata_retrieve(key_data, key_len, NULL)))
+      !(p = blockdata_retrieve(key_data, key_len, NULL)))
     return 0;
   
   mpz_import(x, t , 1, 1, 0, 0, p);