From: Mark Andrews <marka@isc.org>
Date: Thu, 25 Aug 2022 03:35:27 +0000 (+1000)
Subject: Report when dnssec-policy has an unsupported algorithn
X-Git-Tag: v9.19.12~38^2~40
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=1246fd3b5fb59c7805b2efccc46afe598d2e97b3;p=thirdparty%2Fbind9.git

Report when dnssec-policy has an unsupported algorithn
---

diff --git a/lib/isccfg/kaspconf.c b/lib/isccfg/kaspconf.c
index e51d2a14261..2b9eeb5c153 100644
--- a/lib/isccfg/kaspconf.c
+++ b/lib/isccfg/kaspconf.c
@@ -183,6 +183,14 @@ cfg_kaspkey_fromconfig(const cfg_obj_t *config, dns_kasp_t *kasp,
 			goto cleanup;
 		}
 
+		if (!dst_algorithm_supported(key->algorithm)) {
+			cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+				    "dnssec-policy: algorithm %s not supported",
+				    alg.base);
+			result = DNS_R_BADALG;
+			goto cleanup;
+		}
+
 		obj = cfg_tuple_get(config, "length");
 		if (cfg_obj_isuint32(obj)) {
 			uint32_t min, size;