help on TSIGs

Matthieu Patou mat at
Sat Oct 11 20:17:45 MDT 2014

On 10/10/2014 08:20 AM, Simo wrote:
> On Wed, 2014-10-08 at 19:00 -0700, Matthieu Patou wrote:
>> - if (state->state.sign) { - ret = dns_sign_tsig(state->dns, mem_ctx,
>> &state->state, + if (state->state->sign) { + ret =
>> dns_sign_tsig(state->dns, mem_ctx, state->state, &state->out_packet,
>> 0);
> Looks to me a simpler fix would be to pass here 'state' instead of
> mem_ctx to dns_sign_tsig()
I think it wouldn't be sufficient, you will need to change the mem_ctx 
of handle_tkey as well.
Also despite all the variables being called 'state' they have different 
type, in the function dns_process_recv (the function that call 
dns_sign_tsig) state is a struct dns_process_state and in 
dns_server_process_query_send (calling handle_tkey, where the problem 
was reported by address sanitizer) it's a struct 
It might work but I'm not sure (I haven't checked the life period of 

Then I think it's a bad practice to have sub-objects allocated to an 
unrelated context, because one day or another it will bite you because 
of the different lifetime between the object and it's sub-objects.

Last but not least, I don't think it should have an impact on the TSIG 
stuff, and most probably I'll still have the errors message in nsupdate.


Matthieu Patou
Samba Team

More information about the samba-technical mailing list