Hello,
Fix crash caused by invalid wildcard in update policy string.
https://fedorahosted.org/bind-dyndb-ldap/ticket/108
Question:
What we should do if update policy string contains an error?
Should we disable all updates?
Or let the old policy in place?
I vote for disallowing all updates.
--
Petr^2 Spacek
From 9265430d94cb4997188583b8e4c2befe7b28ba4b Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspa...@redhat.com>
Date: Mon, 25 Feb 2013 15:24:07 +0100
Subject: [PATCH] Fix crash caused by invalid wildcard in update policy
string.
https://fedorahosted.org/bind-dyndb-ldap/ticket/108
Signed-off-by: Petr Spacek <pspa...@redhat.com>
---
src/acl.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/acl.c b/src/acl.c
index c62a8cb9e867b658b65ce05a07fc31377b2356c2..f95cf431b6363d82085e9cfec7e6c1d6ddd45d7a 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -420,6 +420,18 @@ acl_configure_zone_ssutable(const char *policy_str, dns_zone_t *zone)
CHECK(get_fixed_name(stmt, "name", &fname));
CHECK(get_types(mctx, stmt, &types, &n));
+ if (match_type == DNS_SSUMATCHTYPE_WILDCARD &&
+ !dns_name_iswildcard(dns_fixedname_name(&fname))) {
+ char name[DNS_NAME_FORMATSIZE];
+ dns_name_format(dns_fixedname_name(&fname), name,
+ DNS_NAME_FORMATSIZE);
+ dns_zone_log(zone, ISC_LOG_ERROR,
+ "invalid update policy: "
+ "name '%s' is expected to be a wildcard",
+ name);
+ CLEANUP_WITH(DNS_R_BADNAME);
+ }
+
result = dns_ssutable_addrule(table, grant,
dns_fixedname_name(&fident),
match_type,
--
1.7.11.7
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
