From 87168c90b5b723822638b44ff7612286eac3095a Mon Sep 17 00:00:00 2001 From: Kees Monshouwer Date: Tue, 15 Jul 2014 23:13:53 +0200 Subject: [PATCH] check algorithm in getTSIGKey() --- modules/bindbackend/binddnssec.cc | 6 ++++-- modules/oraclebackend/oraclebackend.cc | 26 +++++++++++++++----------- pdns/backends/gsql/gsqlbackend.cc | 8 +++++--- pdns/dnspacket.cc | 4 ++-- 4 files changed, 26 insertions(+), 18 deletions(-) diff --git a/modules/bindbackend/binddnssec.cc b/modules/bindbackend/binddnssec.cc index ecbd59d32..f18060258 100644 --- a/modules/bindbackend/binddnssec.cc +++ b/modules/bindbackend/binddnssec.cc @@ -296,8 +296,10 @@ bool Bind2Backend::getTSIGKey(const string& name, string* algorithm, string* con content->clear(); while(d_dnssecdb->getRow(row)) { - *algorithm = row[0]; - *content=row[1]; + if(row.size() >= 2 && (algorithm->empty() || pdns_iequals(*algorithm, row[0]))) { + *algorithm = row[0]; + *content = row[1]; + } } return !content->empty(); diff --git a/modules/oraclebackend/oraclebackend.cc b/modules/oraclebackend/oraclebackend.cc index 4e2be62fc..5020cf9dc 100644 --- a/modules/oraclebackend/oraclebackend.cc +++ b/modules/oraclebackend/oraclebackend.cc @@ -1406,22 +1406,26 @@ OracleBackend::getTSIGKey (const string& name, string* algorithm, string* conten rc = OCIStmtExecute(pooledSvcCtx, stmt, oraerr, 1, 0, NULL, NULL, OCI_DEFAULT); - if (rc == OCI_NO_DATA) { - return false; - } + content->clear(); + while (rc != OCI_NO_DATA) { - if (rc == OCI_ERROR) { - throw OracleException("Oracle getTSIGKey", oraerr); - } + if (rc == OCI_ERROR) { + throw OracleException("Oracle getTSIGKey", oraerr); + } - check_indicator(mResultTypeInd, false); - check_indicator(mResultContentInd, false); + check_indicator(mResultTypeInd, false); + check_indicator(mResultContentInd, false); + + if(algorithm->empty() || pdns_iequals(*algorithm, mResultType)) { + *algorithm = mResultType; + *content = mResultContent; + } - *algorithm = mResultType; - *content = mResultContent; + rc = OCIStmtFetch2(stmt, oraerr, 1, OCI_FETCH_NEXT, 0, OCI_DEFAULT); + } release_query(stmt, getTSIGKeyQueryKey); - return true; + return !content->empty(); } bool diff --git a/pdns/backends/gsql/gsqlbackend.cc b/pdns/backends/gsql/gsqlbackend.cc index 094e73243..c42ec3abd 100644 --- a/pdns/backends/gsql/gsqlbackend.cc +++ b/pdns/backends/gsql/gsqlbackend.cc @@ -620,11 +620,13 @@ bool GSQLBackend::getTSIGKey(const string& name, string* algorithm, string* cont } SSql::row_t row; - + content->clear(); while(d_db->getRow(row)) { - *algorithm = row[0]; - *content=row[1]; + if(row.size() >= 2 && (algorithm->empty() || pdns_iequals(*algorithm, row[0]))) { + *algorithm = row[0]; + *content = row[1]; + } } return !content->empty(); diff --git a/pdns/dnspacket.cc b/pdns/dnspacket.cc index 52f129800..f6f5d51b1 100644 --- a/pdns/dnspacket.cc +++ b/pdns/dnspacket.cc @@ -607,8 +607,8 @@ bool checkForCorrectTSIG(const DNSPacket* q, DNSBackend* B, string* keyname, str return false; } - string algoName = trc->d_algoName; - if (stripDot(algoName) == "hmac-md5.sig-alg.reg.int") + string algoName = toLowerCanonic(trc->d_algoName); + if (algoName == "hmac-md5.sig-alg.reg.int") algoName = "hmac-md5"; string secret64; -- 2.49.0