From af9b975ccc2f0e6d82a4dfc2daa6cedfc5f4bdc2 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Tue, 11 Oct 2016 14:40:29 +1100 Subject: [PATCH] 4482. [bug] Address use before require check and remove extraneous dns_message_gettsigkey call in dns_tsig_sign. [RT #43374] (cherry picked from commit 61463ab7a4489b3a097bcff638f3316f094e9914) --- CHANGES | 6 +++++- lib/dns/tsig.c | 7 ++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index f09358dee8..d9b1b85810 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +4482. [bug] Address use before require check and remove extraneous + dns_message_gettsigkey call in dns_tsig_sign. + [RT #43374] + 4482. [cleanup] Change #4455 was incomplete. [RT #43252] 4478. [func] Add +continue option to mdig, allow continue on socket @@ -16,7 +20,7 @@ 4472. [bug] Named could fail to find the correct NSEC3 records when a zone was updated between looking for the answer and - looking for the NSEC3 records proving non-existance + looking for the NSEC3 records proving nonexistence of the answer. [RT #43247] --- 9.11.0 released --- diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c index 54f7fe65c5..80550136f7 100644 --- a/lib/dns/tsig.c +++ b/lib/dns/tsig.c @@ -909,21 +909,22 @@ dns_tsig_sign(dns_message_t *msg) { isc_result_t ret; unsigned char badtimedata[BADTIMELEN]; unsigned int sigsize = 0; - isc_boolean_t response = is_response(msg); + isc_boolean_t response; REQUIRE(msg != NULL); - REQUIRE(VALID_TSIG_KEY(dns_message_gettsigkey(msg))); + key = dns_message_gettsigkey(msg); + REQUIRE(VALID_TSIG_KEY(key)); /* * If this is a response, there should be a query tsig. */ + response = is_response(msg); if (response && msg->querytsig == NULL) return (DNS_R_EXPECTEDTSIG); dynbuf = NULL; mctx = msg->mctx; - key = dns_message_gettsigkey(msg); tsig.mctx = mctx; tsig.common.rdclass = dns_rdataclass_any;