From: Mark Andrews Date: Fri, 19 Nov 2021 09:54:05 +0000 (+0100) Subject: Reject too long ECDSA public keys X-Git-Tag: v9.17.21~25^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=34f324062270af2c8b8b32962ad3751e2111c664;p=thirdparty%2Fbind9.git Reject too long ECDSA public keys opensslecdsa_fromdns() already rejects too short ECDSA public keys. Make it also reject too long ones. Remove an assignment made redundant by this change. --- diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c index 284f05e4e07..75411c5b68b 100644 --- a/lib/dns/opensslecdsa_link.c +++ b/lib/dns/opensslecdsa_link.c @@ -752,7 +752,7 @@ opensslecdsa_fromdns(dst_key_t *key, isc_buffer_t *data) { if (r.length == 0) { DST_RET(ISC_R_SUCCESS); } - if (r.length < len) { + if (r.length != len) { DST_RET(DST_R_INVALIDPUBLICKEY); } @@ -788,7 +788,6 @@ opensslecdsa_fromdns(dst_key_t *key, isc_buffer_t *data) { DST_RET(dst__openssl_toresult(ISC_R_FAILURE)); } #else - len = r.length; ret = raw_key_to_ossl(key->key_alg, 0, r.base, len, &pkey); if (ret != ISC_R_SUCCESS) { DST_RET(ret);