- Fix auth zone support for NSEC3 records without salt.

NLnetLabs · Jan 14, 2020 · 1e0c957 · 1e0c957
1 parent ea26e50
commit 1e0c957
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/doc/Changelog b/doc/Changelog
@@ -7,6 +7,7 @@
 	  cache and neg cache structures.
 	- Fix for memory leak when edns subnet config options are read when
 	  compiled without edns subnet support.
+	- Fix auth zone support for NSEC3 records without salt.
 
 10 January 2020: Wouter
 	- Fix the relationship between serve-expired and prefetch options,

diff --git a/services/authzone.c b/services/authzone.c
@@ -2586,12 +2586,14 @@ az_nsec3_hash(uint8_t* buf, size_t buflen, uint8_t* nm, size_t nmlen,
 	/* hashfunc(name, salt) */
 	memmove(p, nm, nmlen);
 	query_dname_tolower(p);
-	memmove(p+nmlen, salt, saltlen);
+	if(salt && saltlen > 0)
+		memmove(p+nmlen, salt, saltlen);
 	(void)secalgo_nsec3_hash(algo, p, nmlen+saltlen, (unsigned char*)buf);
 	for(i=0; i<iter; i++) {
 		/* hashfunc(hash, salt) */
 		memmove(p, buf, hlen);
-		memmove(p+hlen, salt, saltlen);
+		if(salt && saltlen > 0)
+			memmove(p+hlen, salt, saltlen);
 		(void)secalgo_nsec3_hash(algo, p, hlen+saltlen,
 			(unsigned char*)buf);
 	}