Package: opendnssec-signer Version: 1.2.1.dfsg-1~bpo60+1 Severity: normal
Hi Ondrej, Thanks for your quick reply. I have tried out the backport, and it seems that it didn't support different origins after an $INCLUDE directive at all. I have attached a patch that will support these, wasn't sure whether that warranted a seperate bug, let me know if it does. With this patch, the auditor will still fail, due to bug #633427. The patch supplied there won't apply directly upstream for this version though. I will work on a patch for that and submit to that bug. Cheers, Hugh -- System Information: Debian Release: 6.0 APT prefers stable APT policy: (950, 'stable'), (850, 'stable-updates'), (50, 'testing'), (25, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages opendnssec-signer depends on: ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libldns1 1.6.9-2~bpo60+1 ldns library for DNS programming ii libxml2 2.7.8.dfsg-2+squeeze1 GNOME XML library pn opendnssec-common <none> (no description available) Versions of packages opendnssec-signer recommends: pn opendnssec-auditor <none> (no description available) pn opendnssec-enforcer <none> (no description available) Versions of packages opendnssec-signer suggests: pn opendnssec <none> (no description available) ii softhsm 1.2.0-2~bpo60+1 a cryptographic store accessible t
--- Begin Message ------ signer/src/adapter/adfile.c | 81 +++++++++++++++++++++++++++++++++++++++++-- 1 files changed, 78 insertions(+), 3 deletions(-) diff --git a/signer/src/adapter/adfile.c b/signer/src/adapter/adfile.c index bc1b120..d210097 100644 --- a/signer/src/adapter/adfile.c +++ b/signer/src/adapter/adfile.c @@ -301,27 +301,102 @@ adfile_read_line: } else if (strncmp(line, "$INCLUDE", 8) == 0 && isspace(line[8])) { /* dive into this file */ + char tmpc; offset = 9; while (isspace(line[offset])) { offset++; } - fd_include = se_fopen(line + offset, NULL, "r"); + char* filename = (line + offset); + while (line[offset] && !isspace(line[offset])) { + offset++; + } + if (line[offset]) { + tmpc = line[offset]; + line[offset] = 0; /* terminate filename */ + filename = strdup(filename); + line[offset] = tmpc; + if (!filename) { + se_log_error("Can't allocate memory for filename\n"); + *status = LDNS_STATUS_MEM_ERR; + return NULL; + } + offset++; + while (isspace(line[offset])) { + offset++; + } + } + else { + filename = strdup(filename); + if (!filename) { + se_log_error("Can't allocate memory for filename\n"); + *status = LDNS_STATUS_MEM_ERR; + return NULL; + } + } + + fd_include = se_fopen(filename, NULL, "r"); if (fd_include) { + ldns_rdf* domain = NULL; + ldns_rdf* orig = zone_in->dname; + if (line[offset] && line[offset] != ';') { + char* domainname = line + offset; + while (line[offset] && !isspace(line[offset])) { + offset++; + } + tmpc = line[offset]; + line[offset] = 0; /* terminate domain */ + domain = ldns_dname_new_frm_str(domainname); + line[offset] = tmpc; + if (!domain) { + se_log_error("Couldn't creaate dname from string"); + *status = LDNS_STATUS_SYNTAX_DNAME_ERR; + free(filename); + return NULL; + } + if (line[offset - 1] != '.') { + ldns_rdf* tmp = ldns_dname_cat_clone(domain, + orig); + ldns_rdf_free(domain); + if (!tmp) { + se_log_error("Couldn't append dname to origin"); + *status = LDNS_STATUS_SYNTAX_DNAME_ERR; + free(filename); + return NULL; + } + domain = tmp; + } + else if (!ldns_dname_is_subdomain(domain, orig)) { + se_log_error("domain is not a subdomain of origin"); + *status = LDNS_STATUS_SYNTAX_DNAME_ERR; + ldns_rdf_free(domain); + free(filename); + return NULL; + } + zone_in->dname = domain; + } + error = adfile_read_file(fd_include, zone_in, 1, recover); se_fclose(fd_include); + if (domain != NULL) { + zone_in->dname = orig; + ldns_rdf_free(domain); + } } else { se_log_error("unable to open include file %s", - (line+offset)?(line+offset):"(null)"); + (filename)?(filename):"(null)"); *status = LDNS_STATUS_SYNTAX_ERR; + free(filename); return NULL; } if (error) { *status = LDNS_STATUS_ERR; se_log_error("error in include file %s", - (line+offset)?(line+offset):"(null)"); + (filename)?(filename):"(null)"); + free(filename); return NULL; } + free(filename); /* restore current ttl */ *ttl = new_ttl; goto adfile_read_line; /* perhaps next line is rr */ --
--- End Message ---
