system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-07-21 10:17:21 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

resolve: avoid reusing 'r' for encoded packet size

Browse source 
This is a footgun, as using r between the encoded length being
taken and it being used risks it being overwritten accidentally
This commit is contained in:
Luca Boccassi 2024-04-02 20:27:41 +01:00
parent ef6a2df7fe
commit 72270f29e4
1 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/resolve/resolved-dns-dnssec.c
View file

@ -1334,6 +1334,7 @@ static hash_md_t digest_to_hash_md(uint8_t algorithm) {
int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds, bool mask_revoke) {
uint8_t wire_format[DNS_WIRE_FORMAT_HOSTNAME_MAX];
size_t encoded_length;
int r;
assert(dnskey);
@ -1360,6 +1361,7 @@ int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds,
r = dns_name_to_wire_format(dns_resource_key_name(dnskey->key), wire_format, sizeof wire_format, true);
if (r < 0)
return r;
encoded_length = r;
hash_md_t md_algorithm = digest_to_hash_md(ds->ds.digest_type);
@ -1383,7 +1385,7 @@ int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds,
if (EVP_DigestInit_ex(ctx, md_algorithm, NULL) <= 0)
return -EIO;
if (EVP_DigestUpdate(ctx, wire_format, r) <= 0)
if (EVP_DigestUpdate(ctx, wire_format, encoded_length) <= 0)
return -EIO;
if (mask_revoke)
@ -1421,7 +1423,7 @@ int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds,
if (gcry_err_code(err) != GPG_ERR_NO_ERROR || !md)
return -EIO;
gcry_md_write(md, wire_format, r);
gcry_md_write(md, wire_format, encoded_length);
if (mask_revoke)
md_add_uint16(md, dnskey->dnskey.flags & ~DNSKEY_FLAG_REVOKE);
else
@ -1554,6 +1556,7 @@ int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) {
initialize_libgcrypt(false);
size_t encoded_length;
unsigned hash_size = gcry_md_get_algo_dlen(algorithm);
assert(hash_size > 0);
@ -1563,13 +1566,14 @@ int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) {
r = dns_name_to_wire_format(name, wire_format, sizeof(wire_format), true);
if (r < 0)
return r;
encoded_length = r;
_cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
gcry_error_t err = gcry_md_open(&md, algorithm, 0);
if (gcry_err_code(err) != GPG_ERR_NO_ERROR || !md)
return -EIO;
gcry_md_write(md, wire_format, r);
gcry_md_write(md, wire_format, encoded_length);
gcry_md_write(md, nsec3->nsec3.salt, nsec3->nsec3.salt_size);
void *result = gcry_md_read(md, 0);