Fix TSig check on second DNS message (TCP) #180

The next chunk needs to use the previous MAC Using this fix, I can successfully verify the signatures of not only the first but the subsequent envelopes as well. Patch was proposed by andrewtj in a comment. Kudos !
2015-02-24 15:45:03 +01:00 · 2015-02-24 15:45:03 +01:00 · 11bd0d5a09
parent 3ec344b2c8
commit 11bd0d5a09
1 changed files with 1 additions and 0 deletions
--- a/xfr.go
+++ b/xfr.go
@ -193,6 +193,7 @@ func (t *Transfer) ReadMsg() (*Msg, error) {
 		}
 		// Need to work on the original message p, as that was used to calculate the tsig.
 		err = TsigVerify(p, t.TsigSecret[ts.Hdr.Name], t.tsigRequestMAC, t.tsigTimersOnly)
+		t.tsigRequestMAC = ts.MAC
 	}
 	return m, err
 }