upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 11:29:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fix algorithm rollover bug wrt keytag conflicts

Browse source 
If there is an algorithm rollover and two keys of different algorithm
share the same keytags, then there is a possibility that if we check
that a key matches a specific state, we are checking against the wrong
key.

Fix this by not only checking for matching key id but also key
algorithm.
This commit is contained in:
Matthijs Mekking 2024-08-21 17:14:48 +02:00
parent 7bb6d82505
commit f37eb33f29
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
lib/dns/keymgr.c
View file

@ -595,6 +595,7 @@ keymgr_key_match_state(dst_key_t *key, dst_key_t *subject, int type,
continue;
}
if (next_state != NA && i == type &&
dst_key_alg(key) == dst_key_alg(subject) &&
dst_key_id(key) == dst_key_id(subject))
{
/* Check next state rather than current state. */