upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 08:09:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Allow any valid DNS name as a key name

Browse source 
TSIG key names need to be any valid DNS name so that update-policy
"self" rules work with arbitrary names.  Replace the
alnum+'.'+'-'+'_' charset filter in the key-generation tools with a
dns_name_fromstring() validity check.
This commit is contained in:
Ondřej Surý 2026-05-15 10:08:46 +02:00
parent c708d694fe
commit 85f854b076
1 changed files with 9 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
bin/confgen/keygen.c
View file

@ -26,6 +26,7 @@
#include <isc/result.h>
#include <isc/string.h>
#include <dns/fixedname.h>
#include <dns/keyvalues.h>
#include <dns/name.h>
@ -95,17 +96,17 @@ alg_bits(dns_secalg_t alg) {
*/
void
validate_keyname(const char *keyname) {
dns_fixedname_t fixed;
dns_name_t *name = dns_fixedname_initname(&fixed);
isc_result_t result;
if (keyname == NULL || keyname[0] == '\0') {
fatal("key name must not be empty");
}
for (const char *p = keyname; *p != '\0'; p++) {
unsigned char c = (unsigned char)*p;
if (!isalnum(c) && c != '.' && c != '-' && c != '_') {
fatal("key name '%s' contains invalid character; "
"only alphanumerics, '.', '-', and '_' are "
"allowed",
keyname);
}
result = dns_name_fromstring(name, keyname, dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS) {
fatal("invalid key name: %s", isc_result_totext(result));
}
}