Package: opendnssec-signer
Version: 1.2.1.dfsg-1~bpo60+1
Severity: normal
Hi Ondrej,
Thanks for your quick reply.
I have tried out the backport, and it seems that it didn't support
different origins after an $INCLUDE directive at all. I have attached a
patch that will support these, wasn't sure whether that warranted a
seperate bug, let me know if it does.
With this patch, the auditor will still fail, due to bug #633427. The
patch supplied there won't apply directly upstream for this version
though. I will work on a patch for that and submit to that bug.
Cheers,
Hugh
-- System Information:
Debian Release: 6.0
APT prefers stable
APT policy: (950, 'stable'), (850, 'stable-updates'), (50, 'testing'), (25,
'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages opendnssec-signer depends on:
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libldns1 1.6.9-2~bpo60+1 ldns library for DNS programming
ii libxml2 2.7.8.dfsg-2+squeeze1 GNOME XML library
pn opendnssec-common <none> (no description available)
Versions of packages opendnssec-signer recommends:
pn opendnssec-auditor <none> (no description available)
pn opendnssec-enforcer <none> (no description available)
Versions of packages opendnssec-signer suggests:
pn opendnssec <none> (no description available)
ii softhsm 1.2.0-2~bpo60+1 a cryptographic store accessible t
--- Begin Message ---
---
signer/src/adapter/adfile.c | 81 +++++++++++++++++++++++++++++++++++++++++--
1 files changed, 78 insertions(+), 3 deletions(-)
diff --git a/signer/src/adapter/adfile.c b/signer/src/adapter/adfile.c
index bc1b120..d210097 100644
--- a/signer/src/adapter/adfile.c
+++ b/signer/src/adapter/adfile.c
@@ -301,27 +301,102 @@ adfile_read_line:
} else if (strncmp(line, "$INCLUDE", 8) == 0 &&
isspace(line[8])) {
/* dive into this file */
+ char tmpc;
offset = 9;
while (isspace(line[offset])) {
offset++;
}
- fd_include = se_fopen(line + offset, NULL, "r");
+ char* filename = (line + offset);
+ while (line[offset] && !isspace(line[offset])) {
+ offset++;
+ }
+ if (line[offset]) {
+ tmpc = line[offset];
+ line[offset] = 0; /* terminate filename */
+ filename = strdup(filename);
+ line[offset] = tmpc;
+ if (!filename) {
+ se_log_error("Can't allocate memory for
filename\n");
+ *status = LDNS_STATUS_MEM_ERR;
+ return NULL;
+ }
+ offset++;
+ while (isspace(line[offset])) {
+ offset++;
+ }
+ }
+ else {
+ filename = strdup(filename);
+ if (!filename) {
+ se_log_error("Can't allocate memory for
filename\n");
+ *status = LDNS_STATUS_MEM_ERR;
+ return NULL;
+ }
+ }
+
+ fd_include = se_fopen(filename, NULL, "r");
if (fd_include) {
+ ldns_rdf* domain = NULL;
+ ldns_rdf* orig = zone_in->dname;
+ if (line[offset] && line[offset] != ';') {
+ char* domainname = line + offset;
+ while (line[offset] && !isspace(line[offset])) {
+ offset++;
+ }
+ tmpc = line[offset];
+ line[offset] = 0; /* terminate domain */
+ domain = ldns_dname_new_frm_str(domainname);
+ line[offset] = tmpc;
+ if (!domain) {
+ se_log_error("Couldn't creaate dname from
string");
+ *status = LDNS_STATUS_SYNTAX_DNAME_ERR;
+ free(filename);
+ return NULL;
+ }
+ if (line[offset - 1] != '.') {
+ ldns_rdf* tmp = ldns_dname_cat_clone(domain,
+ orig);
+ ldns_rdf_free(domain);
+ if (!tmp) {
+ se_log_error("Couldn't append dname to
origin");
+ *status = LDNS_STATUS_SYNTAX_DNAME_ERR;
+ free(filename);
+ return NULL;
+ }
+ domain = tmp;
+ }
+ else if (!ldns_dname_is_subdomain(domain, orig)) {
+ se_log_error("domain is not a subdomain of
origin");
+ *status = LDNS_STATUS_SYNTAX_DNAME_ERR;
+ ldns_rdf_free(domain);
+ free(filename);
+ return NULL;
+ }
+ zone_in->dname = domain;
+ }
+
error = adfile_read_file(fd_include, zone_in, 1,
recover);
se_fclose(fd_include);
+ if (domain != NULL) {
+ zone_in->dname = orig;
+ ldns_rdf_free(domain);
+ }
} else {
se_log_error("unable to open include file %s",
- (line+offset)?(line+offset):"(null)");
+ (filename)?(filename):"(null)");
*status = LDNS_STATUS_SYNTAX_ERR;
+ free(filename);
return NULL;
}
if (error) {
*status = LDNS_STATUS_ERR;
se_log_error("error in include file %s",
- (line+offset)?(line+offset):"(null)");
+ (filename)?(filename):"(null)");
+ free(filename);
return NULL;
}
+ free(filename);
/* restore current ttl */
*ttl = new_ttl;
goto adfile_read_line; /* perhaps next line is rr */
--
--- End Message ---