From 05183bbc4f892ebb29d35257c944d47c02bcb821 Mon Sep 17 00:00:00 2001
From: Brian Wellington <source@isc.org>
Date: Wed, 2 May 2001 00:02:28 +0000
Subject: [PATCH] Signing with a large key didn't work since the static output
 buffer was too small; use a dynamic buffer instead.  Also, comment a section

---
 lib/dns/dnssec.c | 27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c
index 1fa7f43cd5..e953cf551e 100644
--- a/lib/dns/dnssec.c
+++ b/lib/dns/dnssec.c
@@ -16,7 +16,7 @@
  */
 
 /*
- * $Id: dnssec.c,v 1.63 2001/04/17 17:20:27 bwelling Exp $
+ * $Id: dnssec.c,v 1.64 2001/05/02 00:02:28 bwelling Exp $
  */
 
 
@@ -168,11 +168,12 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
 	dns_rdata_t tmpsigrdata;
 	dns_rdata_t *rdatas;
 	int nrdatas, i;
-	isc_buffer_t b, sigbuf, envbuf;
+	isc_buffer_t sigbuf, envbuf;
 	isc_region_t r;
 	dst_context_t *ctx = NULL;
 	isc_result_t ret;
-	unsigned char data[300];
+	isc_buffer_t *databuf = NULL;
+	char data[256 + 8];
 	isc_uint32_t flags;
 	unsigned int sigsize;
 	dns_fixedname_t fnewname;
@@ -219,20 +220,27 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
 	if (ret != ISC_R_SUCCESS)
 		return (ret);
 	sig.siglen = sigsize;
+	/*
+	 * The actual contents of sig.signature are not important, since
+	 * they're not used in digest_sig().
+	 */
 	sig.signature = isc_mem_get(mctx, sig.siglen);
 	if (sig.signature == NULL)
 		return (ISC_R_NOMEMORY);
 
-	isc_buffer_init(&b, data, sizeof(data));
-	dns_rdata_init(&tmpsigrdata);
-	ret = dns_rdata_fromstruct(&tmpsigrdata, sig.common.rdclass,
-				   sig.common.rdtype, &sig, &b);
+	ret = isc_buffer_allocate(mctx, &databuf, sigsize + 256 + 18);
 	if (ret != ISC_R_SUCCESS)
 		goto cleanup_signature;
 
+	dns_rdata_init(&tmpsigrdata);
+	ret = dns_rdata_fromstruct(&tmpsigrdata, sig.common.rdclass,
+				   sig.common.rdtype, &sig, databuf);
+	if (ret != ISC_R_SUCCESS)
+		goto cleanup_databuf;
+
 	ret = dst_context_create(key, mctx, &ctx);
 	if (ret != ISC_R_SUCCESS)
-		goto cleanup_signature;
+		goto cleanup_databuf;
 
 	/*
 	 * Digest the SIG rdata.
@@ -309,6 +317,9 @@ cleanup_array:
 	isc_mem_put(mctx, rdatas, nrdatas * sizeof(dns_rdata_t));
 cleanup_context:
 	dst_context_destroy(&ctx);
+cleanup_databuf:
+	if (databuf != NULL)
+		isc_buffer_free(&databuf);
 cleanup_signature:
 	isc_mem_put(mctx, sig.signature, sig.siglen);