https://bugzilla.mindrot.org/show_bug.cgi?id=2022
--- Comment #3 from [email protected] --- The failure case happens when your DNS resolver does the DNSSEC validation for you and sets the ad flag (but RRSIG are still included DNS answer). Then SSH trusts the resolver, skip the DNSSEC validation and does not initialize rrset->rri_nsig, hence rrset->rri_nsig is 0 and the memory is not allocated. /* Check for authenticated data */ if (ldns_pkt_ad(pkt)) { rrset->rri_flags |= RRSET_VALIDATED; } else { /* AD is not set, try autonomous validation */ //... rrset->rri_nsigs = ldns_rr_list_rr_count(rrsigs); debug2("ldns: got %u signature(s) (RRTYPE %u) from DNS", rrset->rri_nsigs, LDNS_RR_TYPE_RRSIG); //... } -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
