Commit Diff
Diff:
c464cbe2644c9851f5f57b35c3a417e2f6cc7e6b
03a608e21e5e4c31ec394f9ffb3c9350def4c735
Commit:
03a608e21e5e4c31ec394f9ffb3c9350def4c735
Tree:
ef4aeff22ddbaf6ecd06fd0c89152038c2f5b3e1
Author:
pjp <pjp@delphinusdns.org>
Committer:
pjp <pjp@delphinusdns.org>
Date:
Tue Nov 19 16:58:41 2019 UTC
Message:
don't decrement the new messages's additional count if it's already at 0 this was a bug. countless if checks around HMAC routines to make sure they work. replace memcmp with timingsafe_memcmp (which is OpenBSD only will fix that on a subsequent commit)
blob - c798d46e3764cea22f0e65d69f7e5191bd7989fe
blob + f7d5173e2bb97964aa0c71e8edd9f8efcf2ef150
--- raxfr.c
+++ raxfr.c
@@ -26,7 +26,7 @@
*
*/
/*
- * $Id: raxfr.c,v 1.36 2019/11/19 07:24:53 pjp Exp $
+ * $Id: raxfr.c,v 1.37 2019/11/19 16:58:41 pjp Exp $
*/
#include <sys/types.h>
@@ -1214,13 +1214,15 @@ raxfr_tsig(FILE *f, u_char *p, u_char *estart, u_char
if (ntohs(*otherlen))
HMAC_Update(ctx, otherdata, ntohs(*otherlen));
- standardanswer = 0;
- } else
+ } else {
HMAC_Update(ctx, (char *)&sdt->timefudge, 8);
+ }
- HMAC_Final(ctx, mac, &macsize);
+ if (HMAC_Final(ctx, mac, &macsize) != 1) {
+ goto out;
+ }
- if (memcmp(sdt->mac, mac, macsize) != 0) {
+ if (timingsafe_memcmp(sdt->mac, mac, macsize) != 0) {
#if 0
int i;
@@ -1966,7 +1968,8 @@ get_remote_soa(struct rzone *rzone)
HMAC_Update(ctx, shabuf, sizeof(shabuf));
hmaclen = rwh->dh.additional; /* save additional */
NTOHS(rwh->dh.additional);
- rwh->dh.additional--;
+ if (rwh->dh.additional)
+ rwh->dh.additional--;
HTONS(rwh->dh.additional);
HMAC_Update(ctx, estart, (p - estart));
rwh->dh.additional = hmaclen; /* restore additional */
blob - 442467ece1e4703749242dc63f82986f15fc24ce
blob + bb2cd9b8f89a9daf5f18673402bb0d05db393197
--- util.c
+++ util.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: util.c,v 1.53 2019/11/12 08:14:09 pjp Exp $
+ * $Id: util.c,v 1.54 2019/11/19 16:58:41 pjp Exp $
*/
#include <sys/types.h>
@@ -2073,7 +2073,8 @@ lookup_axfr(FILE *f, int so, char *zonename, struct so
saveadd = rwh->dh.additional;
NTOHS(rwh->dh.additional);
- rwh->dh.additional--;
+ if (rwh->dh.additional)
+ rwh->dh.additional--;
HTONS(rwh->dh.additional);
HMAC_Update(ctx, estart, (p - estart));
rwh->dh.additional = saveadd;
@@ -2109,8 +2110,14 @@ lookup_axfr(FILE *f, int so, char *zonename, struct so
return -1;
}
- HMAC_CTX_reset(ctx);
- HMAC_Init_ex(ctx, pseudo_packet, len, EVP_sha256(), NULL);
+ if (HMAC_CTX_reset(ctx) != 1) {
+ fprintf(stderr, "HMAC_CTX_reset failed!\n");
+ return -1;
+ }
+ if (HMAC_Init_ex(ctx, pseudo_packet, len, EVP_sha256(), NULL) != 1) {
+ fprintf(stderr, "HMAC_Init_ex failed!\n");
+ return -1;
+ }
maclen = htons(32);
HMAC_Update(ctx, (char *)&maclen, sizeof(maclen));
HMAC_Update(ctx, mac, sizeof(mac));
repomaster@centroid.eu