[prev in list] [next in list] [prev in thread] [next in thread]
List: openssh-bugs
Subject: [Bug 2022] ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME
From: bugzilla-daemon () mindrot ! org
Date: 2012-06-29 9:56:12
Message-ID: bug-2022-705-ifumOn00Bv () https ! bugzilla ! mindrot ! org/
[Download RAW message or body]
https://bugzilla.mindrot.org/show_bug.cgi?id=2022
--- Comment #3 from gregdlg+mr@hochet.info ---
The failure case happens when your DNS resolver does the DNSSEC
validation for you and sets the ad flag (but RRSIG are still included
DNS answer). Then SSH trusts the resolver, skip the DNSSEC validation
and does not initialize rrset->rri_nsig, hence rrset->rri_nsig is 0 and
the memory is not allocated.
/* Check for authenticated data */
if (ldns_pkt_ad(pkt)) {
rrset->rri_flags |= RRSET_VALIDATED;
} else { /* AD is not set, try autonomous validation */
//...
rrset->rri_nsigs = ldns_rr_list_rr_count(rrsigs);
debug2("ldns: got %u signature(s) (RRTYPE %u) from DNS",
rrset->rri_nsigs, LDNS_RR_TYPE_RRSIG);
//...
}
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic