BIND 10 trac893, updated. 4787c281a351b04b9570b8bb2d863db706a9d9c9 [trac893] make (more) sure previous_digest_.size() fits the 16-bit range. it should have been the case, but this change makes it clearer and more explicit by using more appropriate type and adding an explicit assert() in some places so that people reading the code don't have to worry about it.
BIND 10 source code commits
bind10-changes at lists.isc.org
Mon May 9 18:24:56 UTC 2011
The branch, trac893 has been updated
via 4787c281a351b04b9570b8bb2d863db706a9d9c9 (commit)
via 9bd9fa819f30aff560da9412ffa14d87e557ab69 (commit)
via d53bbaf239de6059dd0d8872f84d1a0db6ccb90c (commit)
via 7b0d9b1dc03d9343f3ccfed2fb5876d7d9f048d5 (commit)
from b734c55b73941125af327595ba39252add032791 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4787c281a351b04b9570b8bb2d863db706a9d9c9
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Mon May 9 11:22:19 2011 -0700
[trac893] make (more) sure previous_digest_.size() fits the 16-bit range.
it should have been the case, but this change makes it clearer and more
explicit by using more appropriate type and adding an explicit assert()
in some places so that people reading the code don't have to worry about it.
commit 9bd9fa819f30aff560da9412ffa14d87e557ab69
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Mon May 9 11:02:25 2011 -0700
[trac893] updated TSIGContext comments based on review results.
commit d53bbaf239de6059dd0d8872f84d1a0db6ccb90c
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Mon May 9 11:00:14 2011 -0700
[trac893] make sure verify() immediately rejects shorter sigs (calling same_mem
with a longer length was wrong, even though it normally wouldn't cause visible
disruption and would return the expected result).
commit 7b0d9b1dc03d9343f3ccfed2fb5876d7d9f048d5
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Mon May 9 10:46:49 2011 -0700
[trac893] a minior grammar fix in comment
-----------------------------------------------------------------------
Summary of changes:
src/lib/cryptolink/crypto_hmac.cc | 2 +-
src/lib/dns/tsig.cc | 8 +++++++-
src/lib/dns/tsig.h | 7 +++++--
3 files changed, 13 insertions(+), 4 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/lib/cryptolink/crypto_hmac.cc b/src/lib/cryptolink/crypto_hmac.cc
index 837e8ba..d20c85b 100644
--- a/src/lib/cryptolink/crypto_hmac.cc
+++ b/src/lib/cryptolink/crypto_hmac.cc
@@ -153,7 +153,7 @@ public:
// standard signature size for the moment.
// Once we support truncation correctly, this if-clause should
// (and the capitalized comment above) be removed.
- len = getOutputLength();
+ return (false);
}
if (len == 0 || len > getOutputLength()) {
len = getOutputLength();
diff --git a/src/lib/dns/tsig.cc b/src/lib/dns/tsig.cc
index 5db9806..76dd55a 100644
--- a/src/lib/dns/tsig.cc
+++ b/src/lib/dns/tsig.cc
@@ -16,6 +16,7 @@
#include <stdint.h>
+#include <cassert>
#include <vector>
#include <boost/shared_ptr.hpp>
@@ -68,7 +69,7 @@ struct TSIGContext::TSIGContextImpl {
// the caller of verify(), so that verify() can call this method within
// its 'return' statement.
TSIGError postVerifyUpdate(TSIGError error, const void* digest,
- size_t digest_len)
+ uint16_t digest_len)
{
if (state_ == INIT) {
state_ = RECEIVED_REQUEST;
@@ -117,6 +118,10 @@ TSIGContext::TSIGContextImpl::digestPreviousMAC(OutputBuffer& buffer,
{
buffer.clear();
+ // We should have ensured the digest size fits 16 bits within this class
+ // implementation.
+ assert(previous_digest_.size() <= 0xffff);
+
const uint16_t previous_digest_len(previous_digest_.size());
buffer.writeUint16(previous_digest_len);
if (previous_digest_len != 0) {
@@ -308,6 +313,7 @@ TSIGContext::sign(const uint16_t qid, const void* const data,
// Get the final digest, update internal state, then finish.
vector<uint8_t> digest = hmac->sign();
+ assert(digest.size() <= 0xffff); // cryptolink API should have ensured it.
ConstTSIGRecordPtr tsig(new TSIGRecord(
impl_->key_.getKeyName(),
any::TSIG(impl_->key_.getAlgorithmName(),
diff --git a/src/lib/dns/tsig.h b/src/lib/dns/tsig.h
index 123b339..bceec25 100644
--- a/src/lib/dns/tsig.h
+++ b/src/lib/dns/tsig.h
@@ -89,6 +89,8 @@ public:
///
/// \code
/// // "renderer" is of MessageRenderer to render the message.
+/// // (TSIGKey would be configured from config or command line in real app)
+/// TSIGContext ctx(TSIGKey("key.example:MSG6Ng=="));
/// Message message(Message::RENDER);
/// message.addQuestion(Question(Name("www.example.com"), RRClass::IN(),
/// RRType::A()));
@@ -107,7 +109,8 @@ public:
/// } else if (message.getRcode() == Rcode::NOTAUTH()) {
/// // hard error. give up this transaction per RFC2845 4.6.
/// } else {
-/// // keep waiting for further response with the same ctx.
+/// // Other error: discard response keep waiting with the same ctx
+/// // for another (again, RFC2845 4.6).
/// } \endcode
///
/// And this is a typical server application that authenticates a signed
@@ -324,7 +327,7 @@ public:
/// One unexpected case that is not covered by this method is that a
/// client receives a signed response to an unsigned request. RFC2845 is
/// silent about such cases; BIND 9 explicitly identifies the case and
- /// reject it. With this implementation, the client can know that the
+ /// rejects it. With this implementation, the client can know that the
/// response contains a TSIG via the result of
/// \c Message::getTSIGRecord() and that it is an unexpected TSIG due to
/// the fact that it doesn't have a corresponding \c TSIGContext.
More information about the bind10-changes
mailing list