upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

chroot checks for roothints and anchor files.

Browse source 
git-svn-id: file:///svn/unbound/trunk@910 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2008-01-30 11:21:20 +00:00
parent be483a3bfb
commit 0e1b3fb3e0
5 changed files with 49 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
doc/Changelog
View file

@ -1,3 +1,7 @@
29 January 2008: Wouter
- check trailing / on chrootdir in checkconf.
- check if root hints and anchor files are in chrootdir.
28 January 2008: Wouter 28 January 2008: Wouter
- fixup uninit use of buffer by libunbound (query id, flags) for - fixup uninit use of buffer by libunbound (query id, flags) for
local_zone answers. local_zone answers.

7
iterator/iter_hints.c
View file

@ -403,7 +403,12 @@ read_root_hints_list(struct iter_hints* hints, struct config_file* cfg)
for(p = cfg->root_hints; p; p = p->next) { for(p = cfg->root_hints; p; p = p->next) {
log_assert(p->str); log_assert(p->str);
if(p->str && p->str[0]) { if(p->str && p->str[0]) {
if(!read_root_hints(hints, p->str)) char* f = p->str;
if(cfg->chrootdir && cfg->chrootdir[0] &&
strncmp(p->str, cfg->chrootdir,
strlen(cfg->chrootdir)) == 0)
f += strlen(cfg->chrootdir);
if(!read_root_hints(hints, f))
return 0; return 0;
} }
} }

26
smallapp/unbound-checkconf.c
View file

@ -171,6 +171,22 @@ aclchecks(struct config_file* cfg)
} }
} }
/** check file list, every file must be inside the chroot location */
static void
check_chroot_filelist(const char* desc, struct config_strlist* list,
const char* chrootdir)
{
struct config_strlist* p;
if(!chrootdir) return;
for(p=list; p; p=p->next) {
if(p->str && p->str[0] && strncmp(chrootdir, p->str,
strlen(chrootdir)) != 0) {
fatal_exit("%s: \"%s\" not in chrootdir %s",
desc, p->str, chrootdir);
}
}
}
/** check configuration for errors */ /** check configuration for errors */
static void static void
morechecks(struct config_file* cfg) morechecks(struct config_file* cfg)
@ -189,6 +205,10 @@ morechecks(struct config_file* cfg)
if(!cfg->do_udp && !cfg->do_tcp) if(!cfg->do_udp && !cfg->do_tcp)
fatal_exit("udp and tcp are both disabled, pointless"); fatal_exit("udp and tcp are both disabled, pointless");
if(cfg->chrootdir && cfg->chrootdir[0] &&
cfg->chrootdir[strlen(cfg->chrootdir)-1] == '/')
fatal_exit("chootdir %s has trailing slash '/' please remove.",
cfg->chrootdir);
if(cfg->chrootdir && strncmp(cfg->chrootdir, cfg->directory, if(cfg->chrootdir && strncmp(cfg->chrootdir, cfg->directory,
strlen(cfg->chrootdir)) != 0) strlen(cfg->chrootdir)) != 0)
fatal_exit("working directory %s not in chrootdir %s", fatal_exit("working directory %s not in chrootdir %s",
@ -203,6 +223,12 @@ morechecks(struct config_file* cfg)
strlen(cfg->chrootdir)) != 0) strlen(cfg->chrootdir)) != 0)
fatal_exit("log file %s not in chrootdir %s", fatal_exit("log file %s not in chrootdir %s",
cfg->logfile, cfg->chrootdir); cfg->logfile, cfg->chrootdir);
check_chroot_filelist("file with root-hints",
cfg->root_hints, cfg->chrootdir);
check_chroot_filelist("trust-anchor-file",
cfg->trust_anchor_file_list, cfg->chrootdir);
check_chroot_filelist("trusted-keys-file",
cfg->trusted_keys_file_list, cfg->chrootdir);
if(strcmp(cfg->module_conf, "iterator") != 0 && if(strcmp(cfg->module_conf, "iterator") != 0 &&
strcmp(cfg->module_conf, "validator iterator") != 0) { strcmp(cfg->module_conf, "validator iterator") != 0) {

2
util/config_file.c
View file

@ -148,6 +148,8 @@ struct config_file* config_create_forlib()
struct config_file* cfg = config_create(); struct config_file* cfg = config_create();
if(!cfg) return NULL; if(!cfg) return NULL;
/* modifications for library use, less verbose, less memory */ /* modifications for library use, less verbose, less memory */
free(cfg->chrootdir);
cfg->chrootdir = NULL;
cfg->verbosity = 0; cfg->verbosity = 0;
cfg->outgoing_num_tcp = 2; cfg->outgoing_num_tcp = 2;
cfg->msg_cache_size = 1024*1024; cfg->msg_cache_size = 1024*1024;

13
validator/val_anchor.c
View file

@ -750,11 +750,16 @@ int
anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg) anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg)
{ {
struct config_strlist* f; struct config_strlist* f;
char* nm;
ldns_buffer* parsebuf = ldns_buffer_new(65535); ldns_buffer* parsebuf = ldns_buffer_new(65535);
for(f = cfg->trust_anchor_file_list; f; f = f->next) { for(f = cfg->trust_anchor_file_list; f; f = f->next) {
if(!f->str || f->str[0] == 0) /* empty "" */ if(!f->str || f->str[0] == 0) /* empty "" */
continue; continue;
if(!anchor_read_file(anchors, parsebuf, f->str)) { nm = f->str;
if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm,
cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
nm += strlen(cfg->chrootdir);
if(!anchor_read_file(anchors, parsebuf, nm)) {
log_err("error reading trust-anchor-file: %s", f->str); log_err("error reading trust-anchor-file: %s", f->str);
ldns_buffer_free(parsebuf); ldns_buffer_free(parsebuf);
return 0; return 0;
@ -763,7 +768,11 @@ anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg)
for(f = cfg->trusted_keys_file_list; f; f = f->next) { for(f = cfg->trusted_keys_file_list; f; f = f->next) {
if(!f->str || f->str[0] == 0) /* empty "" */ if(!f->str || f->str[0] == 0) /* empty "" */
continue; continue;
if(!anchor_read_bind_file(anchors, parsebuf, f->str)) { nm = f->str;
if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm,
cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
nm += strlen(cfg->chrootdir);
if(!anchor_read_bind_file(anchors, parsebuf, nm)) {
log_err("error reading trusted-keys-file: %s", f->str); log_err("error reading trusted-keys-file: %s", f->str);
ldns_buffer_free(parsebuf); ldns_buffer_free(parsebuf);
return 0; return 0;