Re: [Freeipa-devel] [PATCH 0128] Fix crash caused by 'zonesub' match-type in update ACL

[Petr Spacek]

On 22.3.2013 14:26, Petr Spacek wrote:

Hello,

     Fix crash caused by 'zonesub' match-type in update ACL.

Next patchset will improve overall error handling in ACL processing.

I forgot to check return value from dns_name_copy(). Fixed patch is attached.

--
Petr^2 Spacek

From a76a7a2899e1e8b4335c012271f607e438ef0218 Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspa...@redhat.com>
Date: Fri, 22 Mar 2013 13:54:39 +0100
Subject: [PATCH] Fix crash caused by 'zonesub' match-type in update ACL.

Signed-off-by: Petr Spacek <pspa...@redhat.com>
---
 src/acl.c | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/src/acl.c b/src/acl.c
index f95cf431b6363d82085e9cfec7e6c1d6ddd45d7a..ed3bdebcc027f3f5b7b2e9e084cf328ed4f6b1dd 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -208,6 +208,7 @@ get_match_type(const cfg_obj_t *obj)
 
 	MATCH("name", DNS_SSUMATCHTYPE_NAME);
 	MATCH("subdomain", DNS_SSUMATCHTYPE_SUBDOMAIN);
+	MATCH("zonesub", DNS_SSUMATCHTYPE_SUBDOMAIN);
 	MATCH("wildcard", DNS_SSUMATCHTYPE_WILDCARD);
 	MATCH("self", DNS_SSUMATCHTYPE_SELF);
 #if defined(DNS_SSUMATCHTYPE_SELFSUB) && defined(DNS_SSUMATCHTYPE_SELFWILD)
@@ -246,8 +247,16 @@ get_fixed_name(const cfg_obj_t *obj, const char *name, dns_fixedname_t *fname)
 
 	REQUIRE(fname != NULL);
 
+	if (!cfg_obj_istuple(obj)) {
+		log_bug("configuration object is not a tuple");
+		return ISC_R_UNEXPECTED;
+	}
 	obj = cfg_tuple_get(obj, name);
+
+	if (!cfg_obj_isstring(obj))
+		return ISC_R_NOTFOUND;
 	str = cfg_obj_asstring(obj);
+
 	len = strlen(str);
 	isc_buffer_init(&buf, str, len);
 
@@ -417,7 +426,19 @@ acl_configure_zone_ssutable(const char *policy_str, dns_zone_t *zone)
 		match_type = get_match_type(stmt);
 
 		CHECK(get_fixed_name(stmt, "identity", &fident));
-		CHECK(get_fixed_name(stmt, "name", &fname));
+
+		/* Use zone name for 'zonesub' match type */
+		result = get_fixed_name(stmt, "name", &fname);
+		if (result == ISC_R_NOTFOUND &&
+		    match_type == DNS_SSUMATCHTYPE_SUBDOMAIN) {
+			dns_fixedname_init(&fname);
+			CHECK(dns_name_copy(dns_zone_getorigin(zone),
+					    dns_fixedname_name(&fname),
+					    &fname.buffer));
+		}
+		else if (result != ISC_R_SUCCESS)
+			goto cleanup;
+
 		CHECK(get_types(mctx, stmt, &types, &n));
 
 		if (match_type == DNS_SSUMATCHTYPE_WILDCARD &&
-- 
1.7.11.7


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel