From d0e69984a964314c7804babece32fe5487fb092a Mon Sep 17 00:00:00 2001
From: Brian Wellington <source@isc.org>
Date: Tue, 11 Apr 2000 18:04:35 +0000
Subject: [PATCH] dnssec verification of cached sets was failing, since the ttl
 from the rdataset was used instead of the ttl from the sig record.  Also
 found and fixed an unchecked memory allocation.

---
 lib/dns/dnssec.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c
index acc2e6f1d9..4be5310457 100644
--- a/lib/dns/dnssec.c
+++ b/lib/dns/dnssec.c
@@ -16,7 +16,7 @@
  */
 
 /*
- * $Id: dnssec.c,v 1.26 2000/04/06 22:01:55 explorer Exp $
+ * $Id: dnssec.c,v 1.27 2000/04/11 18:04:35 bwelling Exp $
  * Principal Author: Brian Wellington
  */
 
@@ -136,12 +136,14 @@ rdataset_to_sortedarray(dns_rdataset_t *set, isc_mem_t *mctx,
 	while (dns_rdataset_next(set) == ISC_R_SUCCESS)
 		n++;
 
+	data = isc_mem_get(mctx, n * sizeof(dns_rdata_t));
+	if (data == NULL)
+		return (ISC_R_NOMEMORY);
+
 	ret = dns_rdataset_first(set);
 	if (ret != ISC_R_SUCCESS)
 		return (ret);
 
-	data = isc_mem_get(mctx, n * sizeof(dns_rdata_t));
-
 	/* put them in the array */
 	do {
 		dns_rdataset_current(set, &data[i++]);
@@ -405,7 +407,7 @@ dns_dnssec_verify(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
 	isc_buffer_add(&envbuf, r.length);
 	isc_buffer_putuint16(&envbuf, set->type);
 	isc_buffer_putuint16(&envbuf, set->rdclass);
-	isc_buffer_putuint32(&envbuf, set->ttl);
+	isc_buffer_putuint32(&envbuf, sig.originalttl);
 
 	memset(&dctx, 0, sizeof(dctx));
 	dctx.key = key;