diff options
Diffstat (limited to 'contrib/bind9/lib/dns/tsig.c')
-rw-r--r-- | contrib/bind9/lib/dns/tsig.c | 43 |
1 files changed, 24 insertions, 19 deletions
diff --git a/contrib/bind9/lib/dns/tsig.c b/contrib/bind9/lib/dns/tsig.c index 6a8d774..9bdde06 100644 --- a/contrib/bind9/lib/dns/tsig.c +++ b/contrib/bind9/lib/dns/tsig.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -16,7 +16,7 @@ */ /* - * $Id: tsig.c,v 1.112.2.3.8.6 2005/03/17 03:58:31 marka Exp $ + * $Id: tsig.c,v 1.112.2.3.8.10 2006/05/02 04:21:42 marka Exp $ */ #include <config.h> @@ -363,7 +363,7 @@ dns_tsig_sign(dns_message_t *msg) { isc_buffer_t databuf, sigbuf; isc_buffer_t *dynbuf; dns_name_t *owner; - dns_rdata_t *rdata; + dns_rdata_t *rdata = NULL; dns_rdatalist_t *datalist; dns_rdataset_t *dataset; isc_region_t r; @@ -555,13 +555,12 @@ dns_tsig_sign(dns_message_t *msg) { tsig.signature = NULL; } - rdata = NULL; ret = dns_message_gettemprdata(msg, &rdata); if (ret != ISC_R_SUCCESS) goto cleanup_signature; ret = isc_buffer_allocate(msg->mctx, &dynbuf, 512); if (ret != ISC_R_SUCCESS) - goto cleanup_signature; + goto cleanup_rdata; ret = dns_rdata_fromstruct(rdata, dns_rdataclass_any, dns_rdatatype_tsig, &tsig, dynbuf); if (ret != ISC_R_SUCCESS) @@ -577,7 +576,7 @@ dns_tsig_sign(dns_message_t *msg) { owner = NULL; ret = dns_message_gettempname(msg, &owner); if (ret != ISC_R_SUCCESS) - goto cleanup_dynbuf; + goto cleanup_rdata; dns_name_init(owner, NULL); ret = dns_name_dup(&key->name, msg->mctx, owner); if (ret != ISC_R_SUCCESS) @@ -587,16 +586,16 @@ dns_tsig_sign(dns_message_t *msg) { ret = dns_message_gettemprdatalist(msg, &datalist); if (ret != ISC_R_SUCCESS) goto cleanup_owner; + dataset = NULL; + ret = dns_message_gettemprdataset(msg, &dataset); + if (ret != ISC_R_SUCCESS) + goto cleanup_rdatalist; datalist->rdclass = dns_rdataclass_any; datalist->type = dns_rdatatype_tsig; datalist->covers = 0; datalist->ttl = 0; ISC_LIST_INIT(datalist->rdata); ISC_LIST_APPEND(datalist->rdata, rdata, link); - dataset = NULL; - ret = dns_message_gettemprdataset(msg, &dataset); - if (ret != ISC_R_SUCCESS) - goto cleanup_owner; dns_rdataset_init(dataset); RUNTIME_CHECK(dns_rdatalist_tordataset(datalist, dataset) == ISC_R_SUCCESS); @@ -605,16 +604,19 @@ dns_tsig_sign(dns_message_t *msg) { return (ISC_R_SUCCESS); -cleanup_owner: - if (owner != NULL) - dns_message_puttempname(msg, &owner); -cleanup_dynbuf: - if (dynbuf != NULL) - isc_buffer_free(&dynbuf); -cleanup_signature: + cleanup_rdatalist: + dns_message_puttemprdatalist(msg, &datalist); + cleanup_owner: + dns_message_puttempname(msg, &owner); + goto cleanup_rdata; + cleanup_dynbuf: + isc_buffer_free(&dynbuf); + cleanup_rdata: + dns_message_puttemprdata(msg, &rdata); + cleanup_signature: if (tsig.signature != NULL) isc_mem_put(mctx, tsig.signature, sigsize); -cleanup_context: + cleanup_context: if (ctx != NULL) dst_context_destroy(&ctx); return (ret); @@ -646,8 +648,11 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, msg->verify_attempted = 1; - if (msg->tcp_continuation) + if (msg->tcp_continuation) { + if (tsigkey == NULL || msg->querytsig == NULL) + return (DNS_R_UNEXPECTEDTSIG); return (tsig_verify_tcp(source, msg)); + } /* * There should be a TSIG record... |