2559. [bug] dnssec-dsfromkey could compute bad DS records when

                        reading from a K* files.  [RT #19357]

diff --git a/CHANGES b/CHANGES
index 64c178049f2930700d04f7642efcf9ea17228c52..b680f062efc3ef98ba8b46349a7e78ab6e6a7641 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2559.  [bug]           dnssec-dsfromkey could compute bad DS records when
+                       reading from a K* files.  [RT #19357]
+
 2558.  [func]          Set the ownership of missing directories created
                        for pid-file if -u has been specified on the command
                        line. [RT #19328]

diff --git a/bin/dnssec/dnssec-dsfromkey.c b/bin/dnssec/dnssec-dsfromkey.c
index d3d1d06f4e28160a216ff61469c53c6718163c33..6401a0002d055d3e7ee9ea1494e4ea12b7b9ef6b 100644 (file)
--- a/bin/dnssec/dnssec-dsfromkey.c
+++ b/bin/dnssec/dnssec-dsfromkey.c
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-dsfromkey.c,v 1.2 2008/11/07 02:28:49 marka Exp $ */
+/* $Id: dnssec-dsfromkey.c,v 1.3 2009/02/17 00:16:45 marka Exp $ */
 
 /*! \file */
 
@@ -111,18 +111,18 @@ loadkeys(char *dirname, char *setname)
 }
 
 static void
-loadkey(char *filename, dns_rdata_t *rdata)
+loadkey(char *filename, unsigned char *key_buf, unsigned int key_buf_size,
+       dns_rdata_t *rdata)
 {
        isc_result_t  result;
        dst_key_t     *key = NULL;
-       unsigned char key_buf[DST_KEY_MAXSIZE];
        isc_buffer_t  keyb;
        isc_region_t  r;
 
        dns_rdataset_init(&keyset);
        dns_rdata_init(rdata);
 
-       isc_buffer_init(&keyb, key_buf, sizeof(key_buf));
+       isc_buffer_init(&keyb, key_buf, key_buf_size);
 
        result = dst_key_fromnamedfile(filename, DST_TYPE_PUBLIC, mctx, &key);
        if (result != ISC_R_SUCCESS)
@@ -360,7 +360,10 @@ main(int argc, char **argv) {
                                emitds(dtype, &rdata);
                }
        } else {
-               loadkey(argv[isc_commandline_index], &rdata);
+               unsigned char key_buf[DST_KEY_MAXSIZE];
+
+               loadkey(argv[isc_commandline_index], key_buf,
+                       DST_KEY_MAXSIZE, &rdata);
 
                if (both) {
                        emitds(DNS_DSDIGEST_SHA1, &rdata);