Fix TSig check on second DNS message (TCP) #180
The next chunk needs to use the previous MAC Using this fix, I can successfully verify the signatures of not only the first but the subsequent envelopes as well. Patch was proposed by andrewtj in a comment. Kudos !
This commit is contained in:
parent
3ec344b2c8
commit
11bd0d5a09
1
xfr.go
1
xfr.go
|
@ -193,6 +193,7 @@ func (t *Transfer) ReadMsg() (*Msg, error) {
|
||||||
}
|
}
|
||||||
// Need to work on the original message p, as that was used to calculate the tsig.
|
// Need to work on the original message p, as that was used to calculate the tsig.
|
||||||
err = TsigVerify(p, t.TsigSecret[ts.Hdr.Name], t.tsigRequestMAC, t.tsigTimersOnly)
|
err = TsigVerify(p, t.TsigSecret[ts.Hdr.Name], t.tsigRequestMAC, t.tsigTimersOnly)
|
||||||
|
t.tsigRequestMAC = ts.MAC
|
||||||
}
|
}
|
||||||
return m, err
|
return m, err
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue