check range of fetch-quota-param parameters

the 'low', 'high' and 'discount' parameters to 'fetch-quota-param' are meant to be ratios with values between zero and one, but higher values can be assigned. this could potentially lead to an assertion in maybe_adjust_quota().
2026-06-11 08:09:59 -04:00 · 2023-10-31 11:21:33 +01:00 · 2023-10-31 11:21:33 +01:00 · 86fdc66ed3
commit 86fdc66ed3
parent fec06dce51
2 changed files with 77 additions and 0 deletions
--- a/bin/tests/system/checkconf/bad-fetchparam.conf
+++ b/bin/tests/system/checkconf/bad-fetchparam.conf
@ -0,0 +1,17 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/* Bad fetch-quota-params */
+options {
+	fetch-quota-params 1 2 3 2;
+};
--- a/lib/isccfg/check.c
+++ b/lib/isccfg/check.c
@ -875,6 +875,61 @@ check_ratelimit(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions,
 	return (result);
 }

+static isc_result_t
+check_fetchlimit(const cfg_obj_t *voptions, const cfg_obj_t *config,
+		 isc_log_t *logctx) {
+	const cfg_obj_t *map = NULL;
+	const cfg_obj_t *options = NULL;
+	const cfg_obj_t *obj = NULL;
+	double low, high, discount;
+
+	if (voptions != NULL) {
+		cfg_map_get(voptions, "fetch-quota-params", &map);
+	}
+	if (config != NULL && map == NULL) {
+		options = NULL;
+		cfg_map_get(config, "options", &options);
+		if (options != NULL) {
+			cfg_map_get(options, "fetch-quota-params", &map);
+		}
+	}
+	if (map == NULL) {
+		return (ISC_R_SUCCESS);
+	}
+
+	obj = cfg_tuple_get(map, "low");
+	low = (double)cfg_obj_asfixedpoint(obj) / 100.0;
+	if (low < 0.0 || low > 1.0) {
+		cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+			    "fetch-quota-param low value (%0.1f) "
+			    "out of range",
+			    low);
+		return (ISC_R_RANGE);
+	}
+
+	obj = cfg_tuple_get(map, "high");
+	high = (double)cfg_obj_asfixedpoint(obj) / 100.0;
+	if (high < 0.0 || high > 1.0) {
+		cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+			    "fetch-quota-param high value (%0.1f) "
+			    "out of range",
+			    high);
+		return (ISC_R_RANGE);
+	}
+
+	obj = cfg_tuple_get(map, "discount");
+	discount = (double)cfg_obj_asfixedpoint(obj) / 100.0;
+	if (discount < 0.0 || discount > 1.0) {
+		cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+			    "fetch-quota-param discount value (%0.1f) "
+			    "out of range",
+			    discount);
+		return (ISC_R_RANGE);
+	}
+
+	return (ISC_R_SUCCESS);
+}
+
 /*
 * Check allow-recursion and allow-recursion-on acls, and also log a
 * warning if they're inconsistent with the "recursion" option.
@ -5739,6 +5794,11 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
 		result = tresult;
 	}

+	tresult = check_fetchlimit(voptions, config, logctx);
+	if (tresult != ISC_R_SUCCESS) {
+		result = tresult;
+	}
+
 	/*
 	 * Load plugins.
 	 */