Hello, Fix crash caused by 'zonesub' match-type in update ACL.
Next patchset will improve overall error handling in ACL processing. -- Petr^2 Spacek
From 5f8481da390298a2bc8616abae3b8aca3d432bfe Mon Sep 17 00:00:00 2001 From: Petr Spacek <pspa...@redhat.com> Date: Fri, 22 Mar 2013 13:54:39 +0100 Subject: [PATCH] Fix crash caused by 'zonesub' match-type in update ACL. Signed-off-by: Petr Spacek <pspa...@redhat.com> --- src/acl.c | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/src/acl.c b/src/acl.c index f95cf431b6363d82085e9cfec7e6c1d6ddd45d7a..f08b7019eaa8c4893c800c4629a1d5fd4223dd0c 100644 --- a/src/acl.c +++ b/src/acl.c @@ -208,6 +208,7 @@ get_match_type(const cfg_obj_t *obj) MATCH("name", DNS_SSUMATCHTYPE_NAME); MATCH("subdomain", DNS_SSUMATCHTYPE_SUBDOMAIN); + MATCH("zonesub", DNS_SSUMATCHTYPE_SUBDOMAIN); MATCH("wildcard", DNS_SSUMATCHTYPE_WILDCARD); MATCH("self", DNS_SSUMATCHTYPE_SELF); #if defined(DNS_SSUMATCHTYPE_SELFSUB) && defined(DNS_SSUMATCHTYPE_SELFWILD) @@ -246,8 +247,16 @@ get_fixed_name(const cfg_obj_t *obj, const char *name, dns_fixedname_t *fname) REQUIRE(fname != NULL); + if (!cfg_obj_istuple(obj)) { + log_bug("configuration object is not a tuple"); + return ISC_R_UNEXPECTED; + } obj = cfg_tuple_get(obj, name); + + if (!cfg_obj_isstring(obj)) + return ISC_R_NOTFOUND; str = cfg_obj_asstring(obj); + len = strlen(str); isc_buffer_init(&buf, str, len); @@ -417,7 +426,19 @@ acl_configure_zone_ssutable(const char *policy_str, dns_zone_t *zone) match_type = get_match_type(stmt); CHECK(get_fixed_name(stmt, "identity", &fident)); - CHECK(get_fixed_name(stmt, "name", &fname)); + + /* Use zone name for 'zonesub' match type */ + result = get_fixed_name(stmt, "name", &fname); + if (result == ISC_R_NOTFOUND && + match_type == DNS_SSUMATCHTYPE_SUBDOMAIN) { + dns_fixedname_init(&fname); + dns_name_copy(dns_zone_getorigin(zone), + dns_fixedname_name(&fname), + &fname.buffer); + } + else if (result != ISC_R_SUCCESS) + goto cleanup; + CHECK(get_types(mctx, stmt, &types, &n)); if (match_type == DNS_SSUMATCHTYPE_WILDCARD && -- 1.7.11.7
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel