help on TSIGs
Matthieu Patou
mat at samba.org
Sat Oct 11 20:17:45 MDT 2014
On 10/10/2014 08:20 AM, Simo wrote:
> On Wed, 2014-10-08 at 19:00 -0700, Matthieu Patou wrote:
>> - if (state->state.sign) { - ret = dns_sign_tsig(state->dns, mem_ctx,
>> &state->state, + if (state->state->sign) { + ret =
>> dns_sign_tsig(state->dns, mem_ctx, state->state, &state->out_packet,
>> 0);
> Looks to me a simpler fix would be to pass here 'state' instead of
> mem_ctx to dns_sign_tsig()
I think it wouldn't be sufficient, you will need to change the mem_ctx
of handle_tkey as well.
Also despite all the variables being called 'state' they have different
type, in the function dns_process_recv (the function that call
dns_sign_tsig) state is a struct dns_process_state and in
dns_server_process_query_send (calling handle_tkey, where the problem
was reported by address sanitizer) it's a struct
dns_server_process_query_state.
It might work but I'm not sure (I haven't checked the life period of
dns_server_process_query_state).
Then I think it's a bad practice to have sub-objects allocated to an
unrelated context, because one day or another it will bite you because
of the different lifetime between the object and it's sub-objects.
Last but not least, I don't think it should have an impact on the TSIG
stuff, and most probably I'll still have the errors message in nsupdate.
Matthieu.
--
Matthieu Patou
Samba Team
http://samba.org
More information about the samba-technical
mailing list