diff options
| author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2018-05-09 12:50:27 +0900 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2018-05-11 14:36:41 +0900 |
| commit | 509685f91aadf6bc56c8298a40d4879494e4e3fe (patch) | |
| tree | 4d25a3258655bb771d94cdfed3aab2b8db1c53e3 /src/resolve/resolved-dns-trust-anchor.c | |
| parent | 9ec578a370c33f09c93f0a3f174dc27483c538c4 (diff) | |
| download | systemd-509685f91aadf6bc56c8298a40d4879494e4e3fe.tar.gz | |
resolve: allow whitespaces in the DS digest or DNSKEY key data
Fixes #3682.
Diffstat (limited to 'src/resolve/resolved-dns-trust-anchor.c')
| -rw-r--r-- | src/resolve/resolved-dns-trust-anchor.c | 35 |
1 files changed, 20 insertions, 15 deletions
diff --git a/src/resolve/resolved-dns-trust-anchor.c b/src/resolve/resolved-dns-trust-anchor.c index 57898dbbc1..51e28796c5 100644 --- a/src/resolve/resolved-dns-trust-anchor.c +++ b/src/resolve/resolved-dns-trust-anchor.c @@ -242,18 +242,18 @@ static int dns_trust_anchor_load_positive(DnsTrustAnchor *d, const char *path, u } if (strcaseeq(type, "DS")) { - _cleanup_free_ char *key_tag = NULL, *algorithm = NULL, *digest_type = NULL, *digest = NULL; + _cleanup_free_ char *key_tag = NULL, *algorithm = NULL, *digest_type = NULL; _cleanup_free_ void *dd = NULL; uint16_t kt; int a, dt; size_t l; - r = extract_many_words(&p, NULL, 0, &key_tag, &algorithm, &digest_type, &digest, NULL); + r = extract_many_words(&p, NULL, 0, &key_tag, &algorithm, &digest_type, NULL); if (r < 0) { log_warning_errno(r, "Failed to parse DS parameters on line %s:%u: %m", path, line); return -EINVAL; } - if (r != 4) { + if (r != 3) { log_warning("Missing DS parameters on line %s:%u", path, line); return -EINVAL; } @@ -274,9 +274,14 @@ static int dns_trust_anchor_load_positive(DnsTrustAnchor *d, const char *path, u return -EINVAL; } - r = unhexmem(digest, strlen(digest), &dd, &l); + if (isempty(p)) { + log_warning("Missing DS digest on line %s:%u", path, line); + return -EINVAL; + } + + r = unhexmem(p, strlen(p), &dd, &l); if (r < 0) { - log_warning("Failed to parse DS digest %s on line %s:%u", digest, path, line); + log_warning("Failed to parse DS digest %s on line %s:%u", p, path, line); return -EINVAL; } @@ -291,16 +296,16 @@ static int dns_trust_anchor_load_positive(DnsTrustAnchor *d, const char *path, u rr->ds.digest = TAKE_PTR(dd); } else if (strcaseeq(type, "DNSKEY")) { - _cleanup_free_ char *flags = NULL, *protocol = NULL, *algorithm = NULL, *key = NULL; + _cleanup_free_ char *flags = NULL, *protocol = NULL, *algorithm = NULL; _cleanup_free_ void *k = NULL; uint16_t f; size_t l; int a; - r = extract_many_words(&p, NULL, 0, &flags, &protocol, &algorithm, &key, NULL); + r = extract_many_words(&p, NULL, 0, &flags, &protocol, &algorithm, NULL); if (r < 0) return log_warning_errno(r, "Failed to parse DNSKEY parameters on line %s:%u: %m", path, line); - if (r != 4) { + if (r != 3) { log_warning("Missing DNSKEY parameters on line %s:%u", path, line); return -EINVAL; } @@ -328,9 +333,14 @@ static int dns_trust_anchor_load_positive(DnsTrustAnchor *d, const char *path, u return -EINVAL; } - r = unbase64mem(key, strlen(key), &k, &l); + if (isempty(p)) { + log_warning("Missing DNSKEY key on line %s:%u", path, line); + return -EINVAL; + } + + r = unbase64mem(p, strlen(p), &k, &l); if (r < 0) - return log_warning_errno(r, "Failed to parse DNSKEY key data %s on line %s:%u", key, path, line); + return log_warning_errno(r, "Failed to parse DNSKEY key data %s on line %s:%u", p, path, line); rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_DNSKEY, domain); if (!rr) @@ -347,11 +357,6 @@ static int dns_trust_anchor_load_positive(DnsTrustAnchor *d, const char *path, u return -EINVAL; } - if (!isempty(p)) { - log_warning("Trailing garbage on line %s:%u, ignoring line.", path, line); - return -EINVAL; - } - r = hashmap_ensure_allocated(&d->positive_by_key, &dns_resource_key_hash_ops); if (r < 0) return log_oom(); |