From: Bert Hubert <bert.hubert@netherlabs.nl>
Date: Wed, 12 Jan 2011 18:26:05 +0000 (+0000)
Subject: refuse to make keys of unknown algorithm instead of just complaining
X-Git-Tag: auth-3.0~368
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8296003a726398ff325b05210dc6b9ad8d013666;p=pdns

refuse to make keys of unknown algorithm instead of just complaining
allow us to process ginormous keys - both issues spotted by Stefan Schmidt


git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1879 d19b8d6e-7fed-0310-83ef-9ca221ded41b
---

diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc
index 92afa221a..c11eb9430 100644
--- a/pdns/dnssecinfra.cc
+++ b/pdns/dnssecinfra.cc
@@ -296,7 +296,7 @@ DSRecordContent makeDSFromDNSKey(const std::string& qname, const DNSKEYRecordCon
 DNSKEYRecordContent makeDNSKEYFromRSAKey(const rsa_context* rc, uint8_t algorithm, uint16_t flags)
 {
   DNSKEYRecordContent drc;
-  char tmp[256];
+  char tmp[max(mpi_size(&rc->E), mpi_size(&rc->N))];
 
   //  cerr<<"in makeDNSKEY rsa_check_pubkey: "<<rsa_check_pubkey(rc)<<", bits="<<mpi_size(&rc->N)*8<<endl;
 
diff --git a/pdns/pdnssec.cc b/pdns/pdnssec.cc
index d93c9140d..a4074f535 100644
--- a/pdns/pdnssec.cc
+++ b/pdns/pdnssec.cc
@@ -307,6 +307,7 @@ try
         bits = atoi(cmds[n].c_str());
       else { 
         cerr<<"Unknown algorithm, key flag or size '"<<cmds[n]<<"'"<<endl;
+        return 0;
       }
     }
     cerr<<"Adding a " << (keyOrZone ? "KSK" : "ZSK")<<" with algorithm = "<<algorithm<<endl;