summaryrefslogtreecommitdiff
path: root/src/resolve/resolved-dns-dnssec.c
diff options
context:
space:
mode:
authorTom Gundersen <teg@jklm.no>2015-12-28 18:03:34 +0100
committerTom Gundersen <teg@jklm.no>2016-01-01 16:48:52 +0100
commitac04adbeb9d0b19e77a715715be24779f7dcf1b2 (patch)
tree686d829f1f09281d41c66189ed5a8a703a32f154 /src/resolve/resolved-dns-dnssec.c
parent5809f340fd7e5e6c76e229059c50d92e1f57e8d8 (diff)
resolved: dnssec - fix off-by-one in RSA key parsing
If the first byte of the key is zero, the key-length is stored in the second and third byte (not first and second).
Diffstat (limited to 'src/resolve/resolved-dns-dnssec.c')
-rw-r--r--src/resolve/resolved-dns-dnssec.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c
index e4b32c7e4b..6a6aabc18f 100644
--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/resolve/resolved-dns-dnssec.c
@@ -238,8 +238,8 @@ static int dnssec_rsa_verify(
exponent = (uint8_t*) dnskey->dnskey.key + 3;
exponent_size =
- ((size_t) (((uint8_t*) dnskey->dnskey.key)[0]) << 8) |
- ((size_t) ((uint8_t*) dnskey->dnskey.key)[1]);
+ ((size_t) (((uint8_t*) dnskey->dnskey.key)[1]) << 8) |
+ ((size_t) ((uint8_t*) dnskey->dnskey.key)[2]);
if (exponent_size < 256)
return -EINVAL;