From 50a96b62f1384cf45ead6fc529eded48e6528ef2 Mon Sep 17 00:00:00 2001 From: Giovanni Bajo Date: Sat, 28 Apr 2012 01:04:56 +0200 Subject: [PATCH] Fix a validation bug when owner != signer. Since owner and signer are both domain names and share the same buffer in memory (daemon->namebuff), we need to go through a little hoop to make sure one doesn't step on the other's toes. We don't really need to extract the signer name until we have finished calculating the hash of the RRset, so we postpone its extraction. --- src/dnssec.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/dnssec.c b/src/dnssec.c index 679b77d..2991fe2 100644 --- a/src/dnssec.c +++ b/src/dnssec.c @@ -190,10 +190,13 @@ static int begin_rrsig_validation(struct dns_header *header, size_t pktlen, /* Sort RRset records in canonical order. */ qsort(rrset, rrsetidx, sizeof(void*), rrset_canonical_order); - /* Extract the signer name (we need to query DNSKEY of this name) */ - if (!(signer_name_rdlen = extract_name_no_compression(sig, sigrdlen, signer_name))) + /* Skip through the signer name; we don't extract it right now because + we don't want to overwrite the single daemon->namebuff which contains + the owner name. We'll get to this later. */ + if (!(p = skip_name(sig, header, pktlen, 0))) return 0; - sig += signer_name_rdlen; sigrdlen -= signer_name_rdlen; + signer_name_rdlen = p - sig; + sig = p; sigrdlen -= signer_name_rdlen; /* Now initialize the signature verification algorithm and process the whole RRset */ @@ -227,6 +230,10 @@ static int begin_rrsig_validation(struct dns_header *header, size_t pktlen, } alg->vtbl->end_data(alg); + /* We don't need the owner name anymore; now extract the signer name */ + if (!extract_name_no_compression(sigrdata+18, signer_name_rdlen, signer_name)) + return 0; + out->alg = alg; out->keytag = keytag; out->signer_name = signer_name;