[Freeipa-devel] [PATCH 0128] Fix crash caused by 'zonesub' match-type in update ACL
Adam Tkac
atkac at redhat.com
Mon Mar 25 15:11:28 UTC 2013
On Fri, Mar 22, 2013 at 02:51:03PM +0100, Petr Spacek wrote:
> On 22.3.2013 14:26, Petr Spacek wrote:
> >Hello,
> >
> > Fix crash caused by 'zonesub' match-type in update ACL.
> >
> >Next patchset will improve overall error handling in ACL processing.
>
> I forgot to check return value from dns_name_copy(). Fixed patch is attached.
Ack
> From a76a7a2899e1e8b4335c012271f607e438ef0218 Mon Sep 17 00:00:00 2001
> From: Petr Spacek <pspacek at redhat.com>
> Date: Fri, 22 Mar 2013 13:54:39 +0100
> Subject: [PATCH] Fix crash caused by 'zonesub' match-type in update ACL.
>
> Signed-off-by: Petr Spacek <pspacek at redhat.com>
> ---
> src/acl.c | 23 ++++++++++++++++++++++-
> 1 file changed, 22 insertions(+), 1 deletion(-)
>
> diff --git a/src/acl.c b/src/acl.c
> index f95cf431b6363d82085e9cfec7e6c1d6ddd45d7a..ed3bdebcc027f3f5b7b2e9e084cf328ed4f6b1dd 100644
> --- a/src/acl.c
> +++ b/src/acl.c
> @@ -208,6 +208,7 @@ get_match_type(const cfg_obj_t *obj)
>
> MATCH("name", DNS_SSUMATCHTYPE_NAME);
> MATCH("subdomain", DNS_SSUMATCHTYPE_SUBDOMAIN);
> + MATCH("zonesub", DNS_SSUMATCHTYPE_SUBDOMAIN);
> MATCH("wildcard", DNS_SSUMATCHTYPE_WILDCARD);
> MATCH("self", DNS_SSUMATCHTYPE_SELF);
> #if defined(DNS_SSUMATCHTYPE_SELFSUB) && defined(DNS_SSUMATCHTYPE_SELFWILD)
> @@ -246,8 +247,16 @@ get_fixed_name(const cfg_obj_t *obj, const char *name, dns_fixedname_t *fname)
>
> REQUIRE(fname != NULL);
>
> + if (!cfg_obj_istuple(obj)) {
> + log_bug("configuration object is not a tuple");
> + return ISC_R_UNEXPECTED;
> + }
> obj = cfg_tuple_get(obj, name);
> +
> + if (!cfg_obj_isstring(obj))
> + return ISC_R_NOTFOUND;
> str = cfg_obj_asstring(obj);
> +
> len = strlen(str);
> isc_buffer_init(&buf, str, len);
>
> @@ -417,7 +426,19 @@ acl_configure_zone_ssutable(const char *policy_str, dns_zone_t *zone)
> match_type = get_match_type(stmt);
>
> CHECK(get_fixed_name(stmt, "identity", &fident));
> - CHECK(get_fixed_name(stmt, "name", &fname));
> +
> + /* Use zone name for 'zonesub' match type */
> + result = get_fixed_name(stmt, "name", &fname);
> + if (result == ISC_R_NOTFOUND &&
> + match_type == DNS_SSUMATCHTYPE_SUBDOMAIN) {
> + dns_fixedname_init(&fname);
> + CHECK(dns_name_copy(dns_zone_getorigin(zone),
> + dns_fixedname_name(&fname),
> + &fname.buffer));
> + }
> + else if (result != ISC_R_SUCCESS)
> + goto cleanup;
> +
> CHECK(get_types(mctx, stmt, &types, &n));
>
> if (match_type == DNS_SSUMATCHTYPE_WILDCARD &&
> --
> 1.7.11.7
>
--
Adam Tkac, Red Hat, Inc.
More information about the Freeipa-devel
mailing list