-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 1.3.0
-
Fix Version/s: None
-
Component/s: Signer
-
Labels:
Just an FYI:
found bug /usr/local/src/opendnssec-1.3.0rc3/signer/src/signer/zone.c
details:
Imported keys, using your softHSM, but I mistakenly left the version as "Algorithm: 7 
". The ods-signerd didn't like it and dumped (no core) memory without exiting...<strange>. After that ods-signer didn't repsond, neither did ods-signerd.
I found an issue within zone.c:
This function was not getting executed within the long if statement::
dns_rr_new_frm_fp(&nsec3params_rr, fd, NULL, NULL, NULL)
... hence nsec3params_rr doesn't get initialized, so i moved it out of the if statement and it didn't error out. But now I wonder how the code handled the version "?" since it didn't give me any errors after I changed the code without fixing the keys.
(after my change)
860 /* nsec3params part */
861 if (zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC3) {
862
863 if (!backup_read_check_str(fd, ";;Nsec3parameters:") ||
864 !backup_read_check_str(fd, "salt") ||
865 !backup_read_str(fd, &salt) ||
866 !backup_read_check_str(fd, "algorithm") ||
867 !backup_read_uint32_t(fd, &zone->signconf->nsec3_algo) ||
868 !backup_read_check_str(fd, "optout") ||
869 !backup_read_int(fd, &zone->signconf->nsec3_optout) ||
870 !backup_read_check_str(fd, "iterations") ||
871 !backup_read_uint32_t(fd, &zone->signconf->nsec3_iterations) ||
872 !backup_read_check_str(fd, ";;Nsec3done") ||
873 !backup_read_check_str(fd, ";;"))
874 {
875 goto recover_error;
876 }
877
878 if(ldns_rr_new_frm_fp(&nsec3params_rr, fd, NULL, NULL, NULL) != LDNS_STATUS_OK) {
879 fprintf(stdout, "Failed to define nsec3params_rr\n"); fflush(stdout);
880 goto recover_error;
881 }
882 }