[Freeipa-devel] [PATCH 0128] Fix crash caused by 'zonesub' match-type in update ACL

Adam Tkac atkac at redhat.com
Mon Mar 25 15:11:28 UTC 2013


On Fri, Mar 22, 2013 at 02:51:03PM +0100, Petr Spacek wrote:
> On 22.3.2013 14:26, Petr Spacek wrote:
> >Hello,
> >
> >     Fix crash caused by 'zonesub' match-type in update ACL.
> >
> >Next patchset will improve overall error handling in ACL processing.
> 
> I forgot to check return value from dns_name_copy(). Fixed patch is attached.

Ack

> From a76a7a2899e1e8b4335c012271f607e438ef0218 Mon Sep 17 00:00:00 2001
> From: Petr Spacek <pspacek at redhat.com>
> Date: Fri, 22 Mar 2013 13:54:39 +0100
> Subject: [PATCH] Fix crash caused by 'zonesub' match-type in update ACL.
> 
> Signed-off-by: Petr Spacek <pspacek at redhat.com>
> ---
>  src/acl.c | 23 ++++++++++++++++++++++-
>  1 file changed, 22 insertions(+), 1 deletion(-)
> 
> diff --git a/src/acl.c b/src/acl.c
> index f95cf431b6363d82085e9cfec7e6c1d6ddd45d7a..ed3bdebcc027f3f5b7b2e9e084cf328ed4f6b1dd 100644
> --- a/src/acl.c
> +++ b/src/acl.c
> @@ -208,6 +208,7 @@ get_match_type(const cfg_obj_t *obj)
>  
>  	MATCH("name", DNS_SSUMATCHTYPE_NAME);
>  	MATCH("subdomain", DNS_SSUMATCHTYPE_SUBDOMAIN);
> +	MATCH("zonesub", DNS_SSUMATCHTYPE_SUBDOMAIN);
>  	MATCH("wildcard", DNS_SSUMATCHTYPE_WILDCARD);
>  	MATCH("self", DNS_SSUMATCHTYPE_SELF);
>  #if defined(DNS_SSUMATCHTYPE_SELFSUB) && defined(DNS_SSUMATCHTYPE_SELFWILD)
> @@ -246,8 +247,16 @@ get_fixed_name(const cfg_obj_t *obj, const char *name, dns_fixedname_t *fname)
>  
>  	REQUIRE(fname != NULL);
>  
> +	if (!cfg_obj_istuple(obj)) {
> +		log_bug("configuration object is not a tuple");
> +		return ISC_R_UNEXPECTED;
> +	}
>  	obj = cfg_tuple_get(obj, name);
> +
> +	if (!cfg_obj_isstring(obj))
> +		return ISC_R_NOTFOUND;
>  	str = cfg_obj_asstring(obj);
> +
>  	len = strlen(str);
>  	isc_buffer_init(&buf, str, len);
>  
> @@ -417,7 +426,19 @@ acl_configure_zone_ssutable(const char *policy_str, dns_zone_t *zone)
>  		match_type = get_match_type(stmt);
>  
>  		CHECK(get_fixed_name(stmt, "identity", &fident));
> -		CHECK(get_fixed_name(stmt, "name", &fname));
> +
> +		/* Use zone name for 'zonesub' match type */
> +		result = get_fixed_name(stmt, "name", &fname);
> +		if (result == ISC_R_NOTFOUND &&
> +		    match_type == DNS_SSUMATCHTYPE_SUBDOMAIN) {
> +			dns_fixedname_init(&fname);
> +			CHECK(dns_name_copy(dns_zone_getorigin(zone),
> +					    dns_fixedname_name(&fname),
> +					    &fname.buffer));
> +		}
> +		else if (result != ISC_R_SUCCESS)
> +			goto cleanup;
> +
>  		CHECK(get_types(mctx, stmt, &types, &n));
>  
>  		if (match_type == DNS_SSUMATCHTYPE_WILDCARD &&
> -- 
> 1.7.11.7
> 


-- 
Adam Tkac, Red Hat, Inc.




More information about the Freeipa-devel mailing list