Re: [Freeipa-devel] [PATCH 0116] Fix crash caused by invalid wildcard in update policy string
On 4.3.2013 15:15, Adam Tkac wrote: On Mon, Feb 25, 2013 at 03:28:57PM +0100, Petr Spacek wrote: Hello, Fix crash caused by invalid wildcard in update policy string. https://fedorahosted.org/bind-dyndb-ldap/ticket/108 Question: What we should do if update policy string contains an error? Should we disable all updates? Or let the old policy in place? I vote for disallowing all updates. +1. In my opinion disallowing all updates is correct. I will prepare separate patch for this. Ack for the patch. Pushed to master and v2: 33bad9e66f346d40dc3510719898d03ccb79b2f4 -- Petr^2 Spacek ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0116] Fix crash caused by invalid wildcard in update policy string
On Mon, Feb 25, 2013 at 03:28:57PM +0100, Petr Spacek wrote: Hello, Fix crash caused by invalid wildcard in update policy string. https://fedorahosted.org/bind-dyndb-ldap/ticket/108 Question: What we should do if update policy string contains an error? Should we disable all updates? Or let the old policy in place? I vote for disallowing all updates. +1. In my opinion disallowing all updates is correct. Ack for the patch. From 9265430d94cb4997188583b8e4c2befe7b28ba4b Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Mon, 25 Feb 2013 15:24:07 +0100 Subject: [PATCH] Fix crash caused by invalid wildcard in update policy string. https://fedorahosted.org/bind-dyndb-ldap/ticket/108 Signed-off-by: Petr Spacek pspa...@redhat.com --- src/acl.c | 12 1 file changed, 12 insertions(+) diff --git a/src/acl.c b/src/acl.c index c62a8cb9e867b658b65ce05a07fc31377b2356c2..f95cf431b6363d82085e9cfec7e6c1d6ddd45d7a 100644 --- a/src/acl.c +++ b/src/acl.c @@ -420,6 +420,18 @@ acl_configure_zone_ssutable(const char *policy_str, dns_zone_t *zone) CHECK(get_fixed_name(stmt, name, fname)); CHECK(get_types(mctx, stmt, types, n)); + if (match_type == DNS_SSUMATCHTYPE_WILDCARD + !dns_name_iswildcard(dns_fixedname_name(fname))) { + char name[DNS_NAME_FORMATSIZE]; + dns_name_format(dns_fixedname_name(fname), name, + DNS_NAME_FORMATSIZE); + dns_zone_log(zone, ISC_LOG_ERROR, + invalid update policy: + name '%s' is expected to be a wildcard, + name); + CLEANUP_WITH(DNS_R_BADNAME); + } + result = dns_ssutable_addrule(table, grant, dns_fixedname_name(fident), match_type, -- 1.7.11.7 -- Adam Tkac, Red Hat, Inc. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH 0116] Fix crash caused by invalid wildcard in update policy string
Hello, Fix crash caused by invalid wildcard in update policy string. https://fedorahosted.org/bind-dyndb-ldap/ticket/108 Question: What we should do if update policy string contains an error? Should we disable all updates? Or let the old policy in place? I vote for disallowing all updates. -- Petr^2 Spacek From 9265430d94cb4997188583b8e4c2befe7b28ba4b Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Mon, 25 Feb 2013 15:24:07 +0100 Subject: [PATCH] Fix crash caused by invalid wildcard in update policy string. https://fedorahosted.org/bind-dyndb-ldap/ticket/108 Signed-off-by: Petr Spacek pspa...@redhat.com --- src/acl.c | 12 1 file changed, 12 insertions(+) diff --git a/src/acl.c b/src/acl.c index c62a8cb9e867b658b65ce05a07fc31377b2356c2..f95cf431b6363d82085e9cfec7e6c1d6ddd45d7a 100644 --- a/src/acl.c +++ b/src/acl.c @@ -420,6 +420,18 @@ acl_configure_zone_ssutable(const char *policy_str, dns_zone_t *zone) CHECK(get_fixed_name(stmt, name, fname)); CHECK(get_types(mctx, stmt, types, n)); + if (match_type == DNS_SSUMATCHTYPE_WILDCARD + !dns_name_iswildcard(dns_fixedname_name(fname))) { + char name[DNS_NAME_FORMATSIZE]; + dns_name_format(dns_fixedname_name(fname), name, + DNS_NAME_FORMATSIZE); + dns_zone_log(zone, ISC_LOG_ERROR, + invalid update policy: + name '%s' is expected to be a wildcard, + name); + CLEANUP_WITH(DNS_R_BADNAME); + } + result = dns_ssutable_addrule(table, grant, dns_fixedname_name(fident), match_type, -- 1.7.11.7 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel