On Mon, Feb 25, 2013 at 03:28:57PM +0100, Petr Spacek wrote: > Hello, > > Fix crash caused by invalid wildcard in update policy string. > > https://fedorahosted.org/bind-dyndb-ldap/ticket/108 > > Question: > What we should do if update policy string contains an error? > Should we disable all updates? > Or let the old policy in place? > I vote for disallowing all updates.
+1. In my opinion disallowing all updates is correct. Ack for the patch. > From 9265430d94cb4997188583b8e4c2befe7b28ba4b Mon Sep 17 00:00:00 2001 > From: Petr Spacek <pspa...@redhat.com> > Date: Mon, 25 Feb 2013 15:24:07 +0100 > Subject: [PATCH] Fix crash caused by invalid wildcard in update policy > string. > > https://fedorahosted.org/bind-dyndb-ldap/ticket/108 > > Signed-off-by: Petr Spacek <pspa...@redhat.com> > --- > src/acl.c | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > diff --git a/src/acl.c b/src/acl.c > index > c62a8cb9e867b658b65ce05a07fc31377b2356c2..f95cf431b6363d82085e9cfec7e6c1d6ddd45d7a > 100644 > --- a/src/acl.c > +++ b/src/acl.c > @@ -420,6 +420,18 @@ acl_configure_zone_ssutable(const char *policy_str, > dns_zone_t *zone) > CHECK(get_fixed_name(stmt, "name", &fname)); > CHECK(get_types(mctx, stmt, &types, &n)); > > + if (match_type == DNS_SSUMATCHTYPE_WILDCARD && > + !dns_name_iswildcard(dns_fixedname_name(&fname))) { > + char name[DNS_NAME_FORMATSIZE]; > + dns_name_format(dns_fixedname_name(&fname), name, > + DNS_NAME_FORMATSIZE); > + dns_zone_log(zone, ISC_LOG_ERROR, > + "invalid update policy: " > + "name '%s' is expected to be a wildcard", > + name); > + CLEANUP_WITH(DNS_R_BADNAME); > + } > + > result = dns_ssutable_addrule(table, grant, > dns_fixedname_name(&fident), > match_type, > -- > 1.7.11.7 > -- Adam Tkac, Red Hat, Inc. _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
