unsigned char header[DNS_MESSAGE_HEADERLEN];
isc_buffer_t headerbuf;
uint16_t digestbits;
+ bool querytsig_ok = false;
/*
* If it is a response, we assume that the request MAC
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS)
goto cleanup_context;
+ querytsig_ok = true;
}
-#if defined(__clang__) && \
- ( __clang_major__ < 3 || \
- (__clang_major__ == 3 && __clang_minor__ < 2) || \
- (__clang_major__ == 4 && __clang_minor__ < 2))
- /* false positive: http://llvm.org/bugs/show_bug.cgi?id=14461 */
- else memset(&querytsig, 0, sizeof(querytsig));
-#endif
/*
* Digest the header.
}
/* Digest the timesigned and fudge */
isc_buffer_clear(&databuf);
- if (tsig.error == dns_tsigerror_badtime) {
- INSIST(response);
+ if (tsig.error == dns_tsigerror_badtime && querytsig_ok) {
tsig.timesigned = querytsig.timesigned;
}
isc_buffer_putuint48(&databuf, tsig.timesigned);
dst_context_destroy(&ctx);
digestbits = dst_key_getbits(key->key);
if (digestbits != 0) {
- /*
- * XXXRAY: Is this correct? What is the
- * expected behavior when digestbits is not an
- * integral multiple of 8? It looks like bytes
- * should either be (digestbits/8) or
- * (digestbits+7)/8.
- *
- * In any case, for current algorithms,
- * digestbits are an integral multiple of 8, so
- * it has the same effect as (digestbits/8).
- */
- unsigned int bytes = (digestbits + 1) / 8;
- if (response && bytes < querytsig.siglen)
+ unsigned int bytes = (digestbits + 7) / 8;
+ if (querytsig_ok && bytes < querytsig.siglen)
bytes = querytsig.siglen;
if (bytes > isc_buffer_usedlength(&sigbuf))
bytes = isc_buffer_usedlength(&sigbuf);
if (dns__tsig_algvalid(alg)) {
uint16_t digestbits = dst_key_getbits(key);
- /*
- * XXXRAY: Is this correct? What is the expected
- * behavior when digestbits is not an integral multiple
- * of 8? It looks like bytes should either be
- * (digestbits/8) or (digestbits+7)/8.
- *
- * In any case, for current algorithms, digestbits are
- * an integral multiple of 8, so it has the same effect
- * as (digestbits/8).
- */
if (tsig.siglen > 0 && digestbits != 0 &&
- tsig.siglen < ((digestbits + 1) / 8))
+ tsig.siglen < ((digestbits + 7) / 8))
{
msg->tsigstatus = dns_tsigerror_badtrunc;
tsig_log(msg->tsigkey, 2,
if (dns__tsig_algvalid(alg)) {
uint16_t digestbits = dst_key_getbits(key);
- /*
- * XXXRAY: Is this correct? What is the
- * expected behavior when digestbits is not an
- * integral multiple of 8? It looks like bytes
- * should either be (digestbits/8) or
- * (digestbits+7)/8.
- *
- * In any case, for current algorithms,
- * digestbits are an integral multiple of 8, so
- * it has the same effect as (digestbits/8).
- */
if (tsig.siglen > 0 && digestbits != 0 &&
- tsig.siglen < ((digestbits + 1) / 8))
+ tsig.siglen < ((digestbits + 7) / 8))
{
msg->tsigstatus = dns_tsigerror_badtrunc;
tsig_log(msg->tsigkey, 2,
projects / thirdparty / bind9.git / commitdiff
