summaryrefslogtreecommitdiffstats
path: root/vendor/github.com/miekg/dns/dnssec.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/miekg/dns/dnssec.go')
-rw-r--r--vendor/github.com/miekg/dns/dnssec.go20
1 files changed, 10 insertions, 10 deletions
diff --git a/vendor/github.com/miekg/dns/dnssec.go b/vendor/github.com/miekg/dns/dnssec.go
index 478cb1e90..7e6bac428 100644
--- a/vendor/github.com/miekg/dns/dnssec.go
+++ b/vendor/github.com/miekg/dns/dnssec.go
@@ -542,20 +542,20 @@ func (k *DNSKEY) publicKeyRSA() *rsa.PublicKey {
explen = uint16(keybuf[1])<<8 | uint16(keybuf[2])
keyoff = 3
}
+ if explen > 4 {
+ // Larger exponent than supported by the crypto package.
+ return nil
+ }
pubkey := new(rsa.PublicKey)
pubkey.N = big.NewInt(0)
- shift := uint64((explen - 1) * 8)
expo := uint64(0)
- for i := int(explen - 1); i > 0; i-- {
- expo += uint64(keybuf[keyoff+i]) << shift
- shift -= 8
- }
- // Remainder
- expo += uint64(keybuf[keyoff])
- if expo > (2<<31)+1 {
- // Larger expo than supported.
- // println("dns: F5 primes (or larger) are not supported")
+ for i := 0; i < int(explen); i++ {
+ expo <<= 8
+ expo |= uint64(keybuf[keyoff+i])
+ }
+ if expo > 1<<31-1 {
+ // Larger exponent than supported by the crypto package.
return nil
}
pubkey.E = int(expo)
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-05-20 20:07:21 +0000