BIND 10 trac955, updated. 479cab63fda13cde6707a71dd16d9bb4c1f93b4a [trac955] xfrin checks tsig before checking other DNS message values

BIND 10 source code commits bind10-changes at lists.isc.org
Fri Jun 3 06:40:30 UTC 2011 

The branch, trac955 has been updated
       via  479cab63fda13cde6707a71dd16d9bb4c1f93b4a (commit)
      from  d22ff00401ed90df31342dcce12bb4ceb493f232 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 479cab63fda13cde6707a71dd16d9bb4c1f93b4a
Author: chenzhengzhang <jerry.zzpku at gmail.com>
Date:   Fri Jun 3 14:36:04 2011 +0800

    [trac955] xfrin checks tsig before checking other DNS message values

-----------------------------------------------------------------------

Summary of changes:
 src/bin/xfrin/xfrin.py.in |   10 ++++++----
 1 files changed, 6 insertions(+), 4 deletions(-)

-----------------------------------------------------------------------
diff --git a/src/bin/xfrin/xfrin.py.in b/src/bin/xfrin/xfrin.py.in
index 7758a37..85e402b 100755
--- a/src/bin/xfrin/xfrin.py.in
+++ b/src/bin/xfrin/xfrin.py.in
@@ -243,13 +243,13 @@ class XfrinConnection(asyncore.dispatcher):
         msg = Message(Message.PARSE)
         msg.from_wire(soa_response)
 
+        # TSIG related checks, including an unexpected signed response
+        self._check_response_tsig(msg, soa_response)
+
         # perform some minimal level validation.  It's an open issue how
         # strict we should be (see the comment in _check_response_header())
         self._check_response_header(msg)
 
-        # TSIG related checks, including an unexpected signed response
-        self._check_response_tsig(msg, soa_response)
-
         # TODO, need select soa record from data source then compare the two
         # serial, current just return OK, since this function hasn't been used
         # now.
@@ -362,11 +362,13 @@ class XfrinConnection(asyncore.dispatcher):
             recvdata = self._get_request_response(msg_len)
             msg = Message(Message.PARSE)
             msg.from_wire(recvdata)
-            self._check_response_status(msg)
 
             # TSIG related checks, including an unexpected signed response
             self._check_response_tsig(msg, recvdata)
 
+            # Perform response status validation
+            self._check_response_status(msg)
+
             answer_section = msg.get_section(Message.SECTION_ANSWER)
             for rr in self._handle_answer_section(answer_section):
                 yield rr

More information about the bind10-changes mailing list