nsupdate succeeds with wrong key...
Mark Andrews
Mark_Andrews at isc.org
Thu Jan 26 21:56:44 UTC 2006
> I noticed that with secret key length = 24 characters, I can send a
> wrong key and
> still see that nsupdate suceeds.
>
> BIND version: 9.2
All BIND 9 versions have THREE numbers in them. The last
number is the maintence release number.
BIND 9.2 is a feature set.
> OS : HPUX-11i
>
> My secret key has the format:
>
> <22characters> followed by ==
>
> Example:
> blahblahblahblahblahkG==
> ^^
> |
> +------------------------ CHARACTER TO
> CHANGE
>
> Step#1: Have the same key in nsupdate input key file and in named.conf
> step#2 : do a nsupdate, it succeeds [ Accepted behavior ]
> step#3: Change G to H ( or any upper case alphabet )
> step#4 : do a nsupdate, it succeeds...!!!!!! [ UNACCEPTABLE Behavior
> ]
>
> However, if I change from G to g ( or to any lower case character or to
> a digit ), I see a ERROR in nsupdate ( Accepted behavior ).
>
> Is this a known bug in nsupdate or named?
From BIND 9.2.3 CHANGES.
1465. [bug] isc_base64_decodestring() and isc_base64_tobuffer()
failed to check that trailing bits were zero allowing
some invalid base64 strings to be accepted. [RT #5397]
> thanks
> Blr
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list