Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Handle digest lengths greater than 1 block.

Browse Source
This commit is contained in:
Simon Kelley
2014-01-08 21:21:20 +00:00
parent 0435d041ea
commit b6e9e7c32d
3 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/blockdata.c
View File

@@ -96,18 +96,24 @@ void blockdata_free(struct blockdata *blocks)
} }
} }
void blockdata_retrieve(struct blockdata *block, size_t len, void *data) /* copy blocks into data[], return 1 if data[] unchanged by so doing */
int blockdata_retrieve(struct blockdata *block, size_t len, void *data)
{ {
size_t blen; size_t blen;
struct blockdata *b; struct blockdata *b;
int match = 1;
for (b = block; len > 0 && b; b = b->next) for (b = block; len > 0 && b; b = b->next)
{ {
blen = len > KEYBLOCK_LEN ? KEYBLOCK_LEN : len; blen = len > KEYBLOCK_LEN ? KEYBLOCK_LEN : len;
if (memcmp(data, b->key, blen) != 0)
match = 0;
memcpy(data, b->key, blen); memcpy(data, b->key, blen);
data += blen; data += blen;
len -= blen; len -= blen;
} }
return match;
} }
#endif #endif

2
src/dnsmasq.h
View File

@@ -993,7 +993,7 @@ struct crec *cache_enumerate(int init);
void blockdata_report(void); void blockdata_report(void);
struct blockdata *blockdata_alloc(char *data, size_t len); struct blockdata *blockdata_alloc(char *data, size_t len);
size_t blockdata_walk(struct blockdata **key, unsigned char **p, size_t cnt); size_t blockdata_walk(struct blockdata **key, unsigned char **p, size_t cnt);
void blockdata_retrieve(struct blockdata *block, size_t len, void *data); int blockdata_retrieve(struct blockdata *block, size_t len, void *data);
void blockdata_free(struct blockdata *blocks); void blockdata_free(struct blockdata *blocks);
#endif #endif

5
src/dnssec.c
View File

@@ -617,8 +617,8 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
from_wire(name); from_wire(name);
/* TODO fragented digest */ if (recp1->uid == digestalg_len() &&
if (memcmp(digestalg_final(), recp1->addr.key.keydata->key, digestalg_len()) == 0 && blockdata_retrieve(recp1->addr.key.keydata, recp1->uid, digestalg_final()) &&
validate_rrset(now, header, plen, class, T_DNSKEY, name, keyname, key, rdlen - 4, algo, keytag)) validate_rrset(now, header, plen, class, T_DNSKEY, name, keyname, key, rdlen - 4, algo, keytag))
{ {
struct all_addr a; struct all_addr a;
@@ -717,6 +717,7 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
crecp->addr.key.keydata = key; crecp->addr.key.keydata = key;
crecp->addr.key.algo = algo; crecp->addr.key.algo = algo;
crecp->addr.key.keytag = keytag; crecp->addr.key.keytag = keytag;
crecp->uid = rdlen - 4;
} }
else else
return STAT_INSECURE; /* cache problem */ return STAT_INSECURE; /* cache problem */