if(memcmp(current_keypair->crypt_publickey,
env->signed_certs[c].server_publickey,
crypto_box_PUBLICKEYBYTES) == 0) {
- dnsccert *current_cert = &env->certs[cert_id++];
+ dnsccert* current_cert;
+ if(cert_id >= env->signed_certs_count) {
+ log_err("dnscrypt: secret key %s matches a cert that "
+ "is already bound to another key (duplicate "
+ "dnscrypt-secret-key?)", head->str);
+ return -1;
+ }
+ current_cert = &env->certs[cert_id++];
found_cert = 1;
current_cert->keypair = current_keypair;
memcpy(current_cert->magic_query,
list does not crash later. The newly created RRset is
linked after creation has succeeded. Thanks to Qifan Zhang,
Palo Alto Networks, for the report.
-
+ - Fix that dnscrypt configuration does not crash, due to
+ inconsistency between secret and public keys. Also
+ duplicate files are skipped. Thanks to Qifan Zhang, Palo
+ Alto Networks, for the report.
15 June 2026: Wouter
- Fix to add `max-transfer-size` and `max-transfer-time` that
dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG
{
OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2));
- if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, $2))
+ if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, $2)) {
log_warn("dnscrypt-provider-cert %s is a duplicate", $2);
- if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2))
+ free($2);
+ } else if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2)) {
fatal_exit("out of memory adding dnscrypt-provider-cert");
+ }
}
;
dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG
dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG
{
OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2));
- if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, $2))
+ if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, $2)) {
log_warn("dnscrypt-secret-key: %s is a duplicate", $2);
- if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2))
+ free($2);
+ } else if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2)) {
fatal_exit("out of memory adding dnscrypt-secret-key");
+ }
}
;
dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG
projects / thirdparty / unbound.git / commitdiff
