tsig: move signature validity period check after the signature validity check (!738) · Merge requests · Knot projects / Knot DNS

Ondřej Surý requested to merge 1.6-tsig-fix into 1.6 Jun 29, 2017

When the signature validity period check returned KNOT_TSIG_EBADTIME, the itself signature validity check was omitted and the response TSIG contained a non-empty signature, based on the unverified data.

Thanks to Synacktiv!

(cherry picked from commit 74862ce0)

Admin message

Admin message

tsig: move signature validity period check after the signature validity check

Merge request reports