[Freeipa-devel] [PATCH 0116] Fix crash caused by invalid wildcard in update policy string
Adam Tkac
atkac at redhat.com
Mon Mar 4 14:15:50 UTC 2013
On Mon, Feb 25, 2013 at 03:28:57PM +0100, Petr Spacek wrote:
> Hello,
>
> Fix crash caused by invalid wildcard in update policy string.
>
> https://fedorahosted.org/bind-dyndb-ldap/ticket/108
>
> Question:
> What we should do if update policy string contains an error?
> Should we disable all updates?
> Or let the old policy in place?
> I vote for disallowing all updates.
+1. In my opinion disallowing all updates is correct.
Ack for the patch.
> From 9265430d94cb4997188583b8e4c2befe7b28ba4b Mon Sep 17 00:00:00 2001
> From: Petr Spacek <pspacek at redhat.com>
> Date: Mon, 25 Feb 2013 15:24:07 +0100
> Subject: [PATCH] Fix crash caused by invalid wildcard in update policy
> string.
>
> https://fedorahosted.org/bind-dyndb-ldap/ticket/108
>
> Signed-off-by: Petr Spacek <pspacek at redhat.com>
> ---
> src/acl.c | 12 ++++++++++++
> 1 file changed, 12 insertions(+)
>
> diff --git a/src/acl.c b/src/acl.c
> index c62a8cb9e867b658b65ce05a07fc31377b2356c2..f95cf431b6363d82085e9cfec7e6c1d6ddd45d7a 100644
> --- a/src/acl.c
> +++ b/src/acl.c
> @@ -420,6 +420,18 @@ acl_configure_zone_ssutable(const char *policy_str, dns_zone_t *zone)
> CHECK(get_fixed_name(stmt, "name", &fname));
> CHECK(get_types(mctx, stmt, &types, &n));
>
> + if (match_type == DNS_SSUMATCHTYPE_WILDCARD &&
> + !dns_name_iswildcard(dns_fixedname_name(&fname))) {
> + char name[DNS_NAME_FORMATSIZE];
> + dns_name_format(dns_fixedname_name(&fname), name,
> + DNS_NAME_FORMATSIZE);
> + dns_zone_log(zone, ISC_LOG_ERROR,
> + "invalid update policy: "
> + "name '%s' is expected to be a wildcard",
> + name);
> + CLEANUP_WITH(DNS_R_BADNAME);
> + }
> +
> result = dns_ssutable_addrule(table, grant,
> dns_fixedname_name(&fident),
> match_type,
> --
> 1.7.11.7
>
--
Adam Tkac, Red Hat, Inc.
More information about the Freeipa-devel
mailing list