refuse to make keys of unknown algorithm instead of just complaining

allow us to process ginormous keys - both issues spotted by Stefan Schmidt

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1879 d19b8d6e-7fed-0310-83ef-9ca221ded41b

diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc
index 92afa221a002fa5d98bc47fb988a535f28a785fb..c11eb94303fcf3c8e52b8179367d2e8168cb8450 100644 (file)
--- a/pdns/dnssecinfra.cc
+++ b/pdns/dnssecinfra.cc
@@ -296,7 +296,7 @@ DSRecordContent makeDSFromDNSKey(const std::string& qname, const DNSKEYRecordCon
 DNSKEYRecordContent makeDNSKEYFromRSAKey(const rsa_context* rc, uint8_t algorithm, uint16_t flags)
 {
   DNSKEYRecordContent drc;
-  char tmp[256];
+  char tmp[max(mpi_size(&rc->E), mpi_size(&rc->N))];
 
   //  cerr<<"in makeDNSKEY rsa_check_pubkey: "<<rsa_check_pubkey(rc)<<", bits="<<mpi_size(&rc->N)*8<<endl;
 

diff --git a/pdns/pdnssec.cc b/pdns/pdnssec.cc
index d93c9140dedfcc9e821e3abd1416b0bc0c987d8e..a4074f535fdf9f2a79da2bd6f2b1508e7eeab341 100644 (file)
--- a/pdns/pdnssec.cc
+++ b/pdns/pdnssec.cc
@@ -307,6 +307,7 @@ try
         bits = atoi(cmds[n].c_str());
       else { 
         cerr<<"Unknown algorithm, key flag or size '"<<cmds[n]<<"'"<<endl;
+        return 0;
       }
     }
     cerr<<"Adding a " << (keyOrZone ? "KSK" : "ZSK")<<" with algorithm = "<<algorithm<<endl;