[v9_6] fix md5 key id computation

author Evan Hunt <each@isc.org>

Tue, 13 Aug 2013 23:23:51 +0000 (16:23 -0700)

committer Evan Hunt <each@isc.org>

Tue, 13 Aug 2013 23:23:51 +0000 (16:23 -0700)
author Evan Hunt <each@isc.org>
Tue, 13 Aug 2013 23:23:51 +0000 (16:23 -0700)
committer Evan Hunt <each@isc.org>
Tue, 13 Aug 2013 23:23:51 +0000 (16:23 -0700)
diff --git a/CHANGES b/CHANGES

index bee4d50f4b15c25b15bf500baad2a226626aa20e..d9fec3a55c5e4533bbce15040d43cc470e137987 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+3630.  [bug]           Ensure correct ID computation for MD5 keys. [RT #33033]
+
  3625.  [bug]           Don't send notify messages to machines outside of the
                         test setup.
  
diff --git a/lib/dns/rdata/generic/dnskey_48.c b/lib/dns/rdata/generic/dnskey_48.c

index 022f85ad0ce81f346cb3d3e2b321e44243a966c1..b900daa431c6e41a92bf12921507869dea128e0c 100644 (file)
--- a/lib/dns/rdata/generic/dnskey_48.c
+++ b/lib/dns/rdata/generic/dnskey_48.c
@@ -134,6 +134,7 @@ totext_dnskey(ARGS_TOTEXT) {
  static inline isc_result_t
  fromwire_dnskey(ARGS_FROMWIRE) {
         isc_region_t sr;
+       unsigned char algorithm;
  
         REQUIRE(type == 48);
  
@@ -146,6 +147,15 @@ fromwire_dnskey(ARGS_FROMWIRE) {
         if (sr.length < 4)
                 return (ISC_R_UNEXPECTEDEND);
  
+       /*
+        * RSAMD5 computes key ID differently from other
+        * algorithms: we need to ensure there's enough data
+        * present for the computation
+        */
+       algorithm = sr.base[3];
+       if (algorithm == DST_ALG_RSAMD5 && sr.length < 7)
+               return (ISC_R_UNEXPECTEDEND);
+
         isc_buffer_forward(source, sr.length);
         return (mem_tobuffer(target, sr.base, sr.length));
  }
diff --git a/lib/dns/rdata/generic/key_25.c b/lib/dns/rdata/generic/key_25.c

index 5c2a5cfb6c7fe14a2e3f62e31a1631ef1a70f1a1..53b0e2738130d82e54bb3eae9b60e7704e149c5a 100644 (file)
--- a/lib/dns/rdata/generic/key_25.c
+++ b/lib/dns/rdata/generic/key_25.c
@@ -134,6 +134,7 @@ totext_key(ARGS_TOTEXT) {
  static inline isc_result_t
  fromwire_key(ARGS_FROMWIRE) {
         isc_region_t sr;
+       unsigned char algorithm;
  
         REQUIRE(type == 25);
  
@@ -146,6 +147,15 @@ fromwire_key(ARGS_FROMWIRE) {
         if (sr.length < 4)
                 return (ISC_R_UNEXPECTEDEND);
  
+       /*
+        * RSAMD5 computes key ID differently from other
+        * algorithms: we need to ensure there's enough data
+        * present for the computation
+        */
+       algorithm = sr.base[3];
+       if (algorithm == DST_ALG_RSAMD5 && sr.length < 3)
+               return (ISC_R_UNEXPECTEDEND);
+
         isc_buffer_forward(source, sr.length);
         return (mem_tobuffer(target, sr.base, sr.length));
  }
author	Evan Hunt <each@isc.org>
	Tue, 13 Aug 2013 23:23:51 +0000 (16:23 -0700)
committer	Evan Hunt <each@isc.org>
	Tue, 13 Aug 2013 23:23:51 +0000 (16:23 -0700)
CHANGES		patch \| blob \| blame \| history
lib/dns/rdata/generic/dnskey_48.c		patch \| blob \| blame \| history
lib/dns/rdata/generic/key_25.c		patch \| blob \| blame \| history