upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- For #45, check that 127.0.0.1 and ::1 are not used in unbound.conf

Browse source 
when do-not-query-localhost is turned on, or at default on,
  unbound-checkconf prints a warning if it is found in forward-addr or
  stub-addr statements.
This commit is contained in:
W.C.A. Wijngaards 2019-06-25 14:50:49 +02:00
parent 1aa1facabc
commit da46ea24d5
2 changed files with 40 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
doc/Changelog
View file

@ -1,3 +1,9 @@
25 June 2019: Wouter
- For #45, check that 127.0.0.1 and ::1 are not used in unbound.conf
when do-not-query-localhost is turned on, or at default on,
unbound-checkconf prints a warning if it is found in forward-addr or
stub-addr statements.
24 June 2019: Wouter 24 June 2019: Wouter
- Fix memleak in unit test, reported from the clang 8.0 static analyzer. - Fix memleak in unit test, reported from the clang 8.0 static analyzer.

34
smallapp/unbound-checkconf.c
View file

@ -146,6 +146,39 @@ check_mod(struct config_file* cfg, struct module_func_block* fb)
edns_known_options_delete(&env); edns_known_options_delete(&env);
} }
/** true is addr is a localhost address, 127.0.0.1 or ::1 (@port) */
static int
str_addr_is_localhost(const char* a)
{
if(strncmp(a, "127.", 4) == 0) return 1;
if(strncmp(a, "::1", 3) == 0) return 1;
return 0;
}
/** check do-not-query-localhost */
static void
donotquerylocalhostcheck(struct config_file* cfg)
{
if(cfg->donotquery_localhost) {
struct config_stub* p;
struct config_strlist* s;
for(p=cfg->forwards; p; p=p->next) {
for(s=p->addrs; s; s=s->next) {
if(str_addr_is_localhost(s->str)) {
fprintf(stderr, "unbound-checkconf: warning: forward-addr: '%s' is specified for forward-zone: '%s', but do-not-query-localhost: yes means that the address will not be used for lookups.\n", s->str, p->name);
}
}
}
for(p=cfg->stubs; p; p=p->next) {
for(s=p->addrs; s; s=s->next) {
if(str_addr_is_localhost(s->str)) {
fprintf(stderr, "unbound-checkconf: warning: stub-addr: '%s' is specified for stub-zone: '%s', but do-not-query-localhost: yes means that the address will not be used for lookups.\n", s->str, p->name);
}
}
}
}
}
/** check localzones */ /** check localzones */
static void static void
localzonechecks(struct config_file* cfg) localzonechecks(struct config_file* cfg)
@ -606,6 +639,7 @@ morechecks(struct config_file* cfg)
cfg->control_cert_file); cfg->control_cert_file);
} }
donotquerylocalhostcheck(cfg);
localzonechecks(cfg); localzonechecks(cfg);
view_and_respipchecks(cfg); view_and_respipchecks(cfg);
#ifdef CLIENT_SUBNET #ifdef CLIENT_SUBNET