upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-26 19:41:04 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Only look at tsig.error in responses

Browse source
This commit is contained in:
Mark Andrews 2020-03-25 17:46:26 +11:00 committed by Michał Kępień
parent 9d787ab6f0
commit baa7ec24e2
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lib/dns/tsig.c
View file

@ -1360,8 +1360,8 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
goto cleanup_context;
}
msg->verified_sig = 1;
} else if (tsig.error != dns_tsigerror_badsig &&
tsig.error != dns_tsigerror_badkey)
} else if (!response || (tsig.error != dns_tsigerror_badsig &&
tsig.error != dns_tsigerror_badkey))
{
tsig_log(msg->tsigkey, 2, "signature was empty");
return (DNS_R_TSIGVERIFYFAILURE);
@ -1409,7 +1409,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
}
}
if (tsig.error != dns_rcode_noerror) {
if (response && tsig.error != dns_rcode_noerror) {
msg->tsigstatus = tsig.error;
if (tsig.error == dns_tsigerror_badtime) {
ret = DNS_R_CLOCKSKEW;