From ac04adbeb9d0b19e77a715715be24779f7dcf1b2 Mon Sep 17 00:00:00 2001 From: Tom Gundersen Date: Mon, 28 Dec 2015 18:03:34 +0100 Subject: resolved: dnssec - fix off-by-one in RSA key parsing If the first byte of the key is zero, the key-length is stored in the second and third byte (not first and second). --- src/resolve/resolved-dns-dnssec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/resolve') diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c index e4b32c7e4b..6a6aabc18f 100644 --- a/src/resolve/resolved-dns-dnssec.c +++ b/src/resolve/resolved-dns-dnssec.c @@ -238,8 +238,8 @@ static int dnssec_rsa_verify( exponent = (uint8_t*) dnskey->dnskey.key + 3; exponent_size = - ((size_t) (((uint8_t*) dnskey->dnskey.key)[0]) << 8) | - ((size_t) ((uint8_t*) dnskey->dnskey.key)[1]); + ((size_t) (((uint8_t*) dnskey->dnskey.key)[1]) << 8) | + ((size_t) ((uint8_t*) dnskey->dnskey.key)[2]); if (exponent_size < 256) return -EINVAL; -- cgit v1.2.3-54-g00ecf