Check return value of getTSIGKey and B64Decode

author Pieter Lexis <pieter.lexis@powerdns.com>

Thu, 9 Nov 2017 10:09:32 +0000 (11:09 +0100)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Tue, 21 Nov 2017 14:49:21 +0000 (15:49 +0100)
author Pieter Lexis <pieter.lexis@powerdns.com>
Thu, 9 Nov 2017 10:09:32 +0000 (11:09 +0100)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Tue, 21 Nov 2017 14:49:21 +0000 (15:49 +0100)
diff --git a/pdns/mastercommunicator.cc b/pdns/mastercommunicator.cc

index 2fd276217a120aa6906486656cd30602c0b25b91..5bd833604b610c1b02be9cf3a0e65284bb8dad74 100644 (file)
--- a/pdns/mastercommunicator.cc
+++ b/pdns/mastercommunicator.cc
@@ -238,7 +238,10 @@ void CommunicatorClass::sendNotification(int sock, const DNSName& domain, const
    pw.getHeader()->aa = true; 
  
    if (tsigkeyname.empty() == false) {
-    B.getTSIGKey(tsigkeyname, &tsigalgorithm, &tsigsecret64);
+    if (!B.getTSIGKey(tsigkeyname, &tsigalgorithm, &tsigsecret64)) {
+      L<<Logger::Error<<"TSIG key '"<<tsigkeyname<<"' for domain '"<<domain<<"' not found"<<endl;
+      return;
+    }
      TSIGRecordContent trc;
      if (tsigalgorithm.toStringNoDot() == "hmac-md5")
        trc.d_algoName = DNSName(tsigalgorithm.toStringNoDot() + ".sig-alg.reg.int.");
@@ -248,7 +251,10 @@ void CommunicatorClass::sendNotification(int sock, const DNSName& domain, const
      trc.d_fudge = 300;
      trc.d_origID=ntohs(id);
      trc.d_eRcode=0;
-    B64Decode(tsigsecret64, tsigsecret);
+    if (B64Decode(tsigsecret64, tsigsecret) == -1) {
+      L<<Logger::Error<<"Unable to Base-64 decode TSIG key '"<<tsigkeyname<<"' for domain '"<<domain<<"'"<<endl;
+      return;
+    }
      addTSIG(pw, &trc, tsigkeyname, tsigsecret, "", false);
    }
author	Pieter Lexis <pieter.lexis@powerdns.com>
	Thu, 9 Nov 2017 10:09:32 +0000 (11:09 +0100)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Tue, 21 Nov 2017 14:49:21 +0000 (15:49 +0100)