resolved: dnssec - fix off-by-one in RSA key parsing

If the first byte of the key is zero, the key-length is stored in the second and third byte (not first and second).
2015-12-28 18:03:34 +01:00 · 2015-12-28 18:03:34 +01:00 · ac04adbeb9
parent 5809f340fd
commit ac04adbeb9
1 changed files with 2 additions and 2 deletions
--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/resolve/resolved-dns-dnssec.c
@ -238,8 +238,8 @@ static int dnssec_rsa_verify(

                exponent = (uint8_t*) dnskey->dnskey.key + 3;
                exponent_size =
-                        ((size_t) (((uint8_t*) dnskey->dnskey.key)[0]) << 8) |
-                        ((size_t) ((uint8_t*) dnskey->dnskey.key)[1]);
+                        ((size_t) (((uint8_t*) dnskey->dnskey.key)[1]) << 8) |
+                        ((size_t) ((uint8_t*) dnskey->dnskey.key)[2]);

                if (exponent_size < 256)
                        return -EINVAL;