From: Simon Kelley <simon@thekelleys.org.uk>
Date: Sat, 31 Jan 2015 22:44:26 +0000 (+0000)
Subject: Fix broken ECDSA DNSSEC signatures.
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6ef15b34ca83c62a939f69356d5c3f7a6bfef3d0;p=people%2Fms%2Fdnsmasq.git

Fix broken ECDSA DNSSEC signatures.
---

diff --git a/CHANGELOG b/CHANGELOG
index c05dec6..c80dc0f 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -65,6 +65,8 @@ version 2.73
 	    configured to do stateful DHCPv6. Thanks to Win King Wan 
 	    for the patch.
 
+	    Fix broken DNSSEC validation of ECDSA signatures.
+	
 	
 version 2.72
             Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
diff --git a/src/dnssec.c b/src/dnssec.c
index a8dfe38..2693237 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -275,7 +275,7 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len
     }
   
   if (sig_len != 2*t || key_len != 2*t ||
-      (p = blockdata_retrieve(key_data, key_len, NULL)))
+      !(p = blockdata_retrieve(key_data, key_len, NULL)))
     return 0;
   
   mpz_import(x, t , 1, 1, 0, 0, p);