Opened 8 years ago

Closed 8 years ago

#1370 closed defect (fixed)

xfrout must add TSIG (when used) for all messages

Reported by: jinmei Owned by: jinmei
Priority: high Milestone: Sprint-20111122
Component: xfrout Version:
Keywords: Cc:
CVSS Scoring: Parent Tickets:
Sensitive: no Defect Severity: N/A
Sub-Project: DNS Feature Depending on Ticket:
Estimated Difficulty: 3 Add Hours to Ticket: 0
Total Hours: 0.90 Internal?: no

Description

If I read the code correctly, it skips TSIG signing for up to
96 messages. This doesn't work, becasue TSIGContext currently
doesn't support this type of signing.

We need to sign all messages. This is a quite critical bug, because
it can easily happen for reasonably large zones. So I propose
we fix it ASAP.

Subtickets

Change History (8)

comment:1 Changed 8 years ago by jelte

  • Estimated Difficulty changed from 0 to 3

comment:2 Changed 8 years ago by jelte

  • Milestone changed from Next-Sprint-Proposed to Sprint-20111122

comment:3 Changed 8 years ago by jinmei

trac1370 is ready for review. I believe this is pretty straightforward.

Proposed changelog entry:

320.?	[bug]		jinmei
	b10-xfrout incorrectly skipped adding TSIG RRs to some
	intermediate responses (when TSIG is to be used for the
	responses).  While RFC2845 optionally allows to skip intermediate
	TSIGs (as long as the digest for the skipped part was included
	in a later TSIG), the underlying TSIG API doesn't support this
	mode of signing.
	(Trac #1370, git TBD)

comment:4 Changed 8 years ago by jinmei

  • Owner set to UnAssigned
  • Status changed from new to reviewing

comment:5 Changed 8 years ago by jelte

  • Owner changed from UnAssigned to jelte

comment:6 follow-up: Changed 8 years ago by jelte

  • Owner changed from jelte to jinmei

looks good, changelog is fine with me too, so please go ahead and merge

comment:7 in reply to: ↑ 6 Changed 8 years ago by jinmei

Replying to jelte:

looks good, changelog is fine with me too, so please go ahead and merge

Thanks for the review, merge done, closing.

comment:8 Changed 8 years ago by jinmei

  • Resolution set to fixed
  • Status changed from reviewing to closed
  • Total Hours changed from 0 to 0.90
Note: See TracTickets for help on using tickets.