Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
D
Dnsmasq
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Locked Files
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Security & Compliance
Security & Compliance
Dependency List
License Compliance
Packages
Packages
List
Container Registry
Analytics
Analytics
CI / CD
Code Review
Insights
Issues
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nanahira
Dnsmasq
Commits
13e435eb
Commit
13e435eb
authored
Apr 27, 2012
by
Giovanni Bajo
Committed by
Simon Kelley
Aug 20, 2013
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Bugfix: domain names must go through hash function in DNS format (but uncompressed!)
parent
4b0eecbb
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
29 additions
and
8 deletions
+29
-8
src/dnssec.c
src/dnssec.c
+29
-8
No files found.
src/dnssec.c
View file @
13e435eb
...
@@ -103,6 +103,27 @@ typedef struct PendingRRSIGValidation
...
@@ -103,6 +103,27 @@ typedef struct PendingRRSIGValidation
int
keytag
;
int
keytag
;
}
PendingRRSIGValidation
;
}
PendingRRSIGValidation
;
/* Pass a domain name through a verification hash function.
We must pass domain names in DNS wire format, but uncompressed.
This means that we cannot directly use raw data from the original
message since it might be compressed. */
static
void
verifyalg_add_data_domain
(
VerifyAlgCtx
*
alg
,
char
*
name
)
{
unsigned
char
len
;
char
*
p
;
while
((
p
=
strchr
(
name
,
'.'
)))
{
len
=
p
-
name
;
alg
->
vtbl
->
add_data
(
alg
,
&
len
,
1
);
alg
->
vtbl
->
add_data
(
alg
,
name
,
len
);
name
=
p
+
1
;
}
len
=
strlen
(
name
);
alg
->
vtbl
->
add_data
(
alg
,
&
len
,
1
);
alg
->
vtbl
->
add_data
(
alg
,
name
,
len
+
1
);
}
static
int
begin_rrsig_validation
(
struct
dns_header
*
header
,
size_t
pktlen
,
static
int
begin_rrsig_validation
(
struct
dns_header
*
header
,
size_t
pktlen
,
unsigned
char
*
reply
,
int
count
,
char
*
owner
,
unsigned
char
*
reply
,
int
count
,
char
*
owner
,
int
sigclass
,
int
sigrdlen
,
unsigned
char
*
sig
,
int
sigclass
,
int
sigrdlen
,
unsigned
char
*
sig
,
...
@@ -114,6 +135,7 @@ static int begin_rrsig_validation(struct dns_header *header, size_t pktlen,
...
@@ -114,6 +135,7 @@ static int begin_rrsig_validation(struct dns_header *header, size_t pktlen,
unsigned
long
sigttl
,
date_end
,
date_start
;
unsigned
long
sigttl
,
date_end
,
date_start
;
unsigned
char
*
p
=
reply
;
unsigned
char
*
p
=
reply
;
char
*
signer_name
=
daemon
->
namebuff
;
char
*
signer_name
=
daemon
->
namebuff
;
int
signer_name_rdlen
;
int
keytag
;
int
keytag
;
void
*
rrset
[
16
];
/* TODO: max RRset size? */
void
*
rrset
[
16
];
/* TODO: max RRset size? */
int
rrsetidx
=
0
;
int
rrsetidx
=
0
;
...
@@ -169,10 +191,10 @@ static int begin_rrsig_validation(struct dns_header *header, size_t pktlen,
...
@@ -169,10 +191,10 @@ static int begin_rrsig_validation(struct dns_header *header, size_t pktlen,
qsort
(
rrset
,
rrsetidx
,
sizeof
(
void
*
),
rrset_canonical_order
);
qsort
(
rrset
,
rrsetidx
,
sizeof
(
void
*
),
rrset_canonical_order
);
/* Extract the signer name (we need to query DNSKEY of this name) */
/* Extract the signer name (we need to query DNSKEY of this name) */
if
(
!
(
res
=
extract_name_no_compression
(
sig
,
sigrdlen
,
signer_name
)))
if
(
!
(
signer_name_rdlen
=
extract_name_no_compression
(
sig
,
sigrdlen
,
signer_name
)))
return
0
;
return
0
;
sig
+=
res
;
sigrdlen
-=
res
;
sig
+=
signer_name_rdlen
;
sigrdlen
-=
signer_name_rdlen
;
/* Now initialize the signature verification algorithm and process the whole
/* Now initialize the signature verification algorithm and process the whole
RRset */
RRset */
VerifyAlgCtx
*
alg
=
verifyalg_alloc
(
sigalg
);
VerifyAlgCtx
*
alg
=
verifyalg_alloc
(
sigalg
);
...
@@ -186,18 +208,17 @@ static int begin_rrsig_validation(struct dns_header *header, size_t pktlen,
...
@@ -186,18 +208,17 @@ static int begin_rrsig_validation(struct dns_header *header, size_t pktlen,
sigttl
=
htonl
(
sigttl
);
sigttl
=
htonl
(
sigttl
);
alg
->
vtbl
->
begin_data
(
alg
);
alg
->
vtbl
->
begin_data
(
alg
);
alg
->
vtbl
->
add_data
(
alg
,
sigrdata
,
18
);
alg
->
vtbl
->
add_data
(
alg
,
sigrdata
,
18
+
signer_name_rdlen
);
alg
->
vtbl
->
add_data
(
alg
,
signer_name
,
strlen
(
signer_name
));
for
(
i
=
0
;
i
<
rrsetidx
;
++
i
)
for
(
i
=
0
;
i
<
rrsetidx
;
++
i
)
{
{
int
rdlen
;
int
rdlen
;
p
=
(
unsigned
char
*
)(
rrset
[
i
]);
alg
->
vtbl
->
add_data
(
alg
,
owner
,
strlen
(
owner
));
verifyalg_add_data_domain
(
alg
,
owner
);
alg
->
vtbl
->
add_data
(
alg
,
&
sigtype
,
2
);
alg
->
vtbl
->
add_data
(
alg
,
&
sigtype
,
2
);
alg
->
vtbl
->
add_data
(
alg
,
&
sigclass
,
2
);
alg
->
vtbl
->
add_data
(
alg
,
&
sigclass
,
2
);
alg
->
vtbl
->
add_data
(
alg
,
&
sigttl
,
4
);
alg
->
vtbl
->
add_data
(
alg
,
&
sigttl
,
4
);
p
=
(
unsigned
char
*
)(
rrset
[
i
]);
p
+=
8
;
p
+=
8
;
GETSHORT
(
rdlen
,
p
);
GETSHORT
(
rdlen
,
p
);
/* TODO: instead of a direct add_data(), we must call a RRtype-specific
/* TODO: instead of a direct add_data(), we must call a RRtype-specific
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
