mirror of
https://github.com/isc-projects/bind9.git
synced 2026-06-09 14:29:59 -04:00
properly range-check fields that do not allow 0
3362. [bug] Setting some option values to 0 in named.conf could trigger an assertion failure on startup. [RT #27730]
This commit is contained in:
Evan Hunt
parent
8f6d6d72e8
commit
820fdd61dd
4 changed files with 75 additions and 3 deletions
4
CHANGES
4
CHANGES
|
|
@ -1,3 +1,7 @@
|
|||
3362. [bug] Setting some option values to 0 in named.conf
|
||||
could trigger an assertion failure on startup.
|
||||
[RT #27730]
|
||||
|
||||
3361. [bug] "rndc signing -nsec3param" didn't work correctly
|
||||
when salt was set to '-' (no salt). [RT #30099]
|
||||
|
||||
|
|
|
|||
|
|
@ -16,4 +16,4 @@
|
|||
|
||||
# $Id: clean.sh,v 1.2 2011/05/07 05:55:17 each Exp $
|
||||
|
||||
rm -f good.conf.in good.conf.out
|
||||
rm -f good.conf.in good.conf.out badzero.conf
|
||||
|
|
|
|||
|
|
@ -57,5 +57,35 @@ $CHECKCONF dnssec.3 2>&1 | grep '.*' && ret=1
|
|||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
echo "I: range checking fields that do not allow zero"
|
||||
ret=0
|
||||
for field in max-retry-time min-retry-time max-refresh-time min-refresh-time; do
|
||||
cat > badzero.conf << EOF
|
||||
options {
|
||||
$field 0;
|
||||
};
|
||||
EOF
|
||||
$CHECKCONF badzero.conf > /dev/null 2>&1
|
||||
[ $? -eq 1 ] || { echo "I: options $field failed" ; ret=1; }
|
||||
cat > badzero.conf << EOF
|
||||
view dummy {
|
||||
$field 0;
|
||||
};
|
||||
EOF
|
||||
$CHECKCONF badzero.conf > /dev/null 2>&1
|
||||
[ $? -eq 1 ] || { echo "I: view $field failed" ; ret=1; }
|
||||
cat > badzero.conf << EOF
|
||||
zone dummy {
|
||||
type slave;
|
||||
masters { 0.0.0.0; };
|
||||
$field 0;
|
||||
};
|
||||
EOF
|
||||
$CHECKCONF badzero.conf > /dev/null 2>&1
|
||||
[ $? -eq 1 ] || { echo "I: zone $field failed" ; ret=1; }
|
||||
done
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
echo "I:exit status: $status"
|
||||
exit $status
|
||||
|
|
|
|||
|
|
@ -1294,6 +1294,29 @@ typedef struct {
|
|||
int allowed;
|
||||
} optionstable;
|
||||
|
||||
static isc_result_t
|
||||
check_nonzero(const cfg_obj_t *options, isc_log_t *logctx) {
|
||||
isc_result_t result = ISC_R_SUCCESS;
|
||||
const cfg_obj_t *obj = NULL;
|
||||
unsigned int i;
|
||||
|
||||
static const char *nonzero[] = { "max-retry-time", "min-retry-time",
|
||||
"max-refresh-time", "min-refresh-time" };
|
||||
/*
|
||||
* Check if value is zero.
|
||||
*/
|
||||
for (i = 0; i < sizeof(nonzero) / sizeof(nonzero[0]); i++) {
|
||||
obj = NULL;
|
||||
if (cfg_map_get(options, nonzero[i], &obj) == ISC_R_SUCCESS &&
|
||||
cfg_obj_asuint32(obj) == 0) {
|
||||
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
|
||||
"'%s' must not be zero", nonzero[i]);
|
||||
result = ISC_R_FAILURE;
|
||||
}
|
||||
}
|
||||
return (result);
|
||||
}
|
||||
|
||||
static isc_result_t
|
||||
check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
|
||||
const cfg_obj_t *config, isc_symtab_t *symtab,
|
||||
|
|
@ -1303,7 +1326,7 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
|
|||
const char *znamestr;
|
||||
const char *typestr;
|
||||
unsigned int ztype;
|
||||
const cfg_obj_t *zoptions;
|
||||
const cfg_obj_t *zoptions, *goptions = NULL;
|
||||
const cfg_obj_t *obj = NULL;
|
||||
isc_result_t result = ISC_R_SUCCESS;
|
||||
isc_result_t tresult;
|
||||
|
|
@ -1384,10 +1407,14 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
|
|||
{ "passive", SLAVEZONE | STUBZONE | STREDIRECTZONE },
|
||||
};
|
||||
|
||||
|
||||
znamestr = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
|
||||
|
||||
zoptions = cfg_tuple_get(zconfig, "options");
|
||||
|
||||
if (config != NULL)
|
||||
cfg_map_get(config, "options", &goptions);
|
||||
|
||||
obj = NULL;
|
||||
(void)cfg_map_get(zoptions, "type", &obj);
|
||||
if (obj == NULL) {
|
||||
|
|
@ -1476,6 +1503,12 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
|
|||
root = ISC_TRUE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Check if value is zero.
|
||||
*/
|
||||
if (check_nonzero(zoptions, logctx) != ISC_R_SUCCESS)
|
||||
result = ISC_R_FAILURE;
|
||||
|
||||
/*
|
||||
* Look for inappropriate options for the given zone type.
|
||||
* Check that ACLs expand correctly.
|
||||
|
|
@ -2214,13 +2247,18 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
|
|||
* Check that forwarding is reasonable.
|
||||
*/
|
||||
if (voptions == NULL) {
|
||||
if (options != NULL)
|
||||
if (options != NULL) {
|
||||
if (check_forward(options, NULL,
|
||||
logctx) != ISC_R_SUCCESS)
|
||||
result = ISC_R_FAILURE;
|
||||
if (check_nonzero(options, logctx) != ISC_R_SUCCESS)
|
||||
result = ISC_R_FAILURE;
|
||||
}
|
||||
} else {
|
||||
if (check_forward(voptions, NULL, logctx) != ISC_R_SUCCESS)
|
||||
result = ISC_R_FAILURE;
|
||||
if (check_nonzero(voptions, logctx) != ISC_R_SUCCESS)
|
||||
result = ISC_R_FAILURE;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
|||
Loading…
Reference in a new issue