From: Andreas Gustafsson Date: Mon, 21 Aug 2000 23:17:29 +0000 (+0000) Subject: pullup: X-Git-Tag: v9.0.0rc4~13 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=d748f57152292f6df0c78aeca4be31b4f417d321;p=thirdparty%2Fbind9.git pullup: 400. [bug] SIG(0) signing and verifying was done incorrectly. [RT #249] --- diff --git a/CHANGES b/CHANGES index 2827eb63e0e..d5eb25c911a 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,7 @@ + 400. [bug] SIG(0) signing and verifying was done incorrectly. + [RT #249] + 399. [bug] When reloading the server with a config file containing a syntax error, it could catch an assertion failure trying to perform zone diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c index 32f0583b7f4..0206cb9f200 100644 --- a/lib/dns/dnssec.c +++ b/lib/dns/dnssec.c @@ -16,7 +16,7 @@ */ /* - * $Id: dnssec.c,v 1.43.2.1 2000/07/27 22:15:21 gson Exp $ + * $Id: dnssec.c,v 1.43.2.2 2000/08/21 23:17:29 gson Exp $ * Principal Author: Brian Wellington */ @@ -581,12 +581,11 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) { /* * Digest the fields of the SIG - we can cheat and use * dns_rdata_fromstruct. Since siglen is 0, the digested data - * is identical to dns format with the last 2 bytes removed. + * is identical to dns format. */ RETERR(dns_rdata_fromstruct(NULL, dns_rdataclass_any, dns_rdatatype_sig, &sig, &databuf)); isc_buffer_usedregion(&databuf, &r); - r.length -= 2; RETERR(dst_context_adddata(ctx, &r)); RETERR(dst_key_sigsize(key, &sigsize)); @@ -743,7 +742,7 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg, dns_name_fromregion(&tname, &r); dns_name_toregion(&tname, &r2); isc_region_consume(&r, r2.length + 10); - r.length -= (sig.siglen + 2); + r.length -= sig.siglen; RETERR(dst_context_adddata(ctx, &r)); sig_r.base = sig.signature;