]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
projects / thirdparty / bind9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a9ab2bf)
Reject too long ECDSA public keys
authorMark Andrews <marka@isc.org>
Fri, 19 Nov 2021 09:54:05 +0000 (10:54 +0100)
committerMark Andrews <marka@isc.org>
Mon, 22 Nov 2021 21:44:47 +0000 (08:44 +1100)
opensslecdsa_fromdns() already rejects too short ECDSA public keys.
Make it also reject too long ones.  Remove an assignment made redundant
by this change.

lib/dns/opensslecdsa_link.c patch | blob | blame | history

diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c
index 284f05e4e074a8f2a747ae90f482a59529bb769e..75411c5b68b699739855f51e506f52bdd34cadcb 100644 (file)
--- a/lib/dns/opensslecdsa_link.c
+++ b/lib/dns/opensslecdsa_link.c
@@ -752,7 +752,7 @@ opensslecdsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
        if (r.length == 0) {
                DST_RET(ISC_R_SUCCESS);
        }
-       if (r.length < len) {
+       if (r.length != len) {
                DST_RET(DST_R_INVALIDPUBLICKEY);
        }
 
@@ -788,7 +788,6 @@ opensslecdsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
                DST_RET(dst__openssl_toresult(ISC_R_FAILURE));
        }
 #else
-       len = r.length;
        ret = raw_key_to_ossl(key->key_alg, 0, r.base, len, &pkey);
        if (ret != ISC_R_SUCCESS) {
                DST_RET(ret);
Mirror of https://gitlab.isc.org/isc-projects/bind9.git