[net-dns-users] RRSIG->verify() bug Net::DNS::SEC 0.18 and later
Wessels, Duane
dwessels at verisign.com
Tue Sep 30 22:25:15 UTC 2014
Maybe this is it?
Index: RR/RRSIG.pm
===================================================================
--- RR/RRSIG.pm (revision 1267)
+++ RR/RRSIG.pm (working copy)
@@ -516,7 +516,7 @@
$self->{typecovered} = 0 unless ref($rawdata); # SIG0
my @field = qw(typecovered algorithm labels orgttl sigexpiration siginception keytag);
- my $sigdata = pack 'n C2 N3 n a*', @{$self}{@field}, $self->{signame}->encode;
+ my $sigdata = pack 'n C2 N3 n a*', @{$self}{@field}, $self->{signame}->canonical;
print "preamble:\t", unpack( 'H*', $sigdata ) if $debug;
unless ( ref($rawdata) ) { # SIG0 case
On Sep 30, 2014, at 3:14 PM, Duane Wessels <dwessels at verisign.com> wrote:
> Whoops, that patch is not the solution for this bug. However, I'm
> pretty sure it has something to do with upper/lower case!
>
> DW
>
>
> On Sep 30, 2014, at 3:06 PM, Duane Wessels <dwessels at verisign.com> wrote:
>
>> Today I found one of my DNSSEC tools utilizing Net::DNS::SEC was reporting
>> mysterious validation failures. Tracked it to an RRSIG record with an
>> uppercase Signer's Name field (see 'dig us RRSIG').
>>
>> I believe this may be the fix:
>>
>>
>> Index: RR/RRSIG.pm
>> ===================================================================
>> --- RR/RRSIG.pm (revision 1267)
>> +++ RR/RRSIG.pm (working copy)
>> @@ -262,7 +262,7 @@
>> sigexpiration => $args{sigex} || 0,
>> algorithm => $private->algorithm,
>> keytag => $private->keytag,
>> - signame => $private->signame,
>> + signame => lc($private->signame),
>> );
>>
>> $args{sigval} ||= 30 unless $self->{sigexpiration};
>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.nlnetlabs.nl/pipermail/net-dns-users/attachments/20140930/d2731c25/attachment.bin>
More information about the net-dns-users
mailing list