2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR

author Mark Andrews <marka@isc.org>

Tue, 2 May 2006 04:21:42 +0000 (04:21 +0000)

committer Mark Andrews <marka@isc.org>

Tue, 2 May 2006 04:21:42 +0000 (04:21 +0000)
author Mark Andrews <marka@isc.org>
Tue, 2 May 2006 04:21:42 +0000 (04:21 +0000)
committer Mark Andrews <marka@isc.org>
Tue, 2 May 2006 04:21:42 +0000 (04:21 +0000)
diff --git a/CHANGES b/CHANGES

index 673861a8fa7a2f0bbb036f7d39c5548ba2a76c99..bcfd655e227dacbb8d275e236ffab3ee9eec3664 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2013.  [bug]           Handle unexpected TSIGs on unsigned AXFR/IXFR
+                       responses more gracefully. [RT #15941]
+
  2009.  [bug]           libbind: coverity fixes. [RT #15808]
  
  2005.  [bug]           libbind: Retransmission timeouts should be
diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c

index 09dc222d1124337df44fe8047ac247408f2a3604..9bdde06eb1518e030cd5a27bae4f3595590a45e9 100644 (file)
--- a/lib/dns/tsig.c
+++ b/lib/dns/tsig.c
@@ -16,7 +16,7 @@
   */
  
  /*
- * $Id: tsig.c,v 1.112.2.3.8.9 2006/03/08 03:55:54 marka Exp $
+ * $Id: tsig.c,v 1.112.2.3.8.10 2006/05/02 04:21:42 marka Exp $
   */
  
  #include <config.h>
@@ -648,8 +648,11 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
  
         msg->verify_attempted = 1;
  
-       if (msg->tcp_continuation)
+       if (msg->tcp_continuation) {
+               if (tsigkey == NULL || msg->querytsig == NULL)
+                       return (DNS_R_UNEXPECTEDTSIG);
                 return (tsig_verify_tcp(source, msg));
+       }
  
         /*
          * There should be a TSIG record...
author	Mark Andrews <marka@isc.org>
	Tue, 2 May 2006 04:21:42 +0000 (04:21 +0000)
committer	Mark Andrews <marka@isc.org>
	Tue, 2 May 2006 04:21:42 +0000 (04:21 +0000)
CHANGES		patch \| blob \| blame \| history
lib/dns/tsig.c		patch \| blob \| blame \| history