upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-28 12:31:29 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/lib
History
Matthijs Mekking fb2f0c8168 Fix validate_dnskey_dsset when KSK is not signing 
When there is a secure chain of trust with a KSK that is not actively
signing the DNSKEY RRset, the code for validating the DNSKEY RRset
against the DS RRset could potentially skip DS records, thinking the
chain of trust is broken while there is a valid DS with corresponding
DNSKEY record present.

This is because we pass the result ISC_R_NOMORE on when we are done
checking for signatures, but then treat it as "no more DS records".

Chaning the return value to something else (DNS_R_NOVALIDSIG seems the
most appropriate here) fixes the issue.
2024-03-12 09:10:41 +01:00
..
dns Fix validate_dnskey_dsset when KSK is not signing 2024-03-12 09:10:41 +01:00
isc BIND 9.19.21 2024-02-14 13:24:56 +01:00
isccc Fix UAF in ccmsg.c when reading stopped before sending 2024-02-08 17:24:11 +01:00
isccfg add a compile-time option to select default zone and cache DB 2024-03-06 10:49:02 +01:00
ns Do not lock workers when using -T transferslowly/transferstuck 2024-02-22 00:09:04 +02:00
.gitignore The isc/platform.h header has been completely removed 2021-07-06 05:33:48 +00:00
Makefile.am Move irs_resconf into libdns and remove libirs 2023-02-24 09:38:59 +00:00