shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-03-24 14:50:17 +03:00
Code

resolved: refuse revoked DNSKEYs in trust anchor

Browse Source
This commit is contained in:
Lennart Poettering 2016-01-03 17:57:44 +01:00
parent 28b8191e2f
commit 2a0d751be4
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/resolve/resolved-dns-trust-anchor.c
View File

@ -188,6 +188,14 @@ static int dns_trust_anchor_load_positive(DnsTrustAnchor *d, const char *path, u
r = safe_atou16(flags, &f);
if (r < 0)
return log_warning_errno(r, "Failed to parse DNSKEY flags field %s on line %s:%u", flags, path, line);
if ((f & DNSKEY_FLAG_ZONE_KEY) == 0) {
log_warning("DNSKEY lacks zone key bit set on line %s:%u", path, line);
return -EINVAL;
}
if ((f & DNSKEY_FLAG_REVOKE)) {
log_warning("DNSKEY is already revoked on line %s:%u", path, line);
return -EINVAL;
}
a = dnssec_algorithm_from_string(algorithm);
if (a < 0) {