Fix broken ECDSA DNSSEC signatures.

author: Simon Kelley <simon@thekelleys.org.uk> 2015-01-31 22:44:26 +0000
committer: Simon Kelley <simon@thekelleys.org.uk> 2015-01-31 22:44:26 +0000
commit: 6ef15b34ca83c62a939f69356d5c3f7a6bfef3d0 (patch)
tree: f50d91ffac8cce133575ce063d21117f52753b82
parent: 3d04f46334d0e345f589eda1372e638b946fe637 (diff)
download: dnsmasq-6ef15b34ca83c62a939f69356d5c3f7a6bfef3d0.tar.gz
2 files changed, 3 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG
index c05dec6..c80dc0f 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -65,6 +65,8 @@ version 2.73
 	    configured to do stateful DHCPv6. Thanks to Win King Wan 
 	    for the patch.
 
+	    Fix broken DNSSEC validation of ECDSA signatures.
+	
 	
 version 2.72
             Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
diff --git a/src/dnssec.c b/src/dnssec.c
index a8dfe38..2693237 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -275,7 +275,7 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len
     }
   
   if (sig_len != 2*t || key_len != 2*t ||
-      (p = blockdata_retrieve(key_data, key_len, NULL)))
+      !(p = blockdata_retrieve(key_data, key_len, NULL)))
     return 0;
   
   mpz_import(x, t , 1, 1, 0, 0, p);
author	Simon Kelley <simon@thekelleys.org.uk>	2015-01-31 22:44:26 +0000
committer	Simon Kelley <simon@thekelleys.org.uk>	2015-01-31 22:44:26 +0000
commit	6ef15b34ca83c62a939f69356d5c3f7a6bfef3d0 (patch)
tree	f50d91ffac8cce133575ce063d21117f52753b82
parent	3d04f46334d0e345f589eda1372e638b946fe637 (diff)
download	dnsmasq-6ef15b34ca83c62a939f69356d5c3f7a6bfef3d0.tar.gz