On Mon, Mar 25, 2013 at 10:56:05AM +0100, Petr Spacek wrote: > Hello, > > Harden update-policy processing. > > https://fedorahosted.org/bind-dyndb-ldap/ticket/111 > > This patch should prevent crashes similar to 'zonesub' problem > described in the ticket #111.
Ack > From 05d73392dc6c0f9f6f7a9e570e4382ccb3c66022 Mon Sep 17 00:00:00 2001 > From: Petr Spacek <pspa...@redhat.com> > Date: Mon, 25 Mar 2013 10:52:50 +0100 > Subject: [PATCH] Harden update-policy processing. > > https://fedorahosted.org/bind-dyndb-ldap/ticket/111 > > Signed-off-by: Petr Spacek <pspa...@redhat.com> > --- > src/acl.c | 41 ++++++++++++++++++++++++++++------------- > 1 file changed, 28 insertions(+), 13 deletions(-) > > diff --git a/src/acl.c b/src/acl.c > index > ed3bdebcc027f3f5b7b2e9e084cf328ed4f6b1dd..3b5de00f8a40cbc1a876ea2b74e9c2093e48774c > 100644 > --- a/src/acl.c > +++ b/src/acl.c > @@ -178,32 +178,48 @@ parse(cfg_parser_t *parser, const char *string, > cfg_type_t **type, > #define MATCH(string_rep, return_val) > \ > do { \ > if (!strcasecmp(str, string_rep)) { \ > - return return_val; \ > + *value = return_val; \ > + return ISC_R_SUCCESS; \ > } \ > } while (0) > > -static isc_boolean_t > -get_mode(const cfg_obj_t *obj) > +static isc_result_t > +get_mode(const cfg_obj_t *obj, isc_boolean_t *value) > { > const char *str; > > + if (!cfg_obj_istuple(obj)) { > + log_bug("tuple is expected"); > + return ISC_R_UNEXPECTED; > + } > obj = cfg_tuple_get(obj, "mode"); > + if (!cfg_obj_isstring(obj)) { > + log_bug("mode is not defined"); > + return ISC_R_UNEXPECTED; > + } > str = cfg_obj_asstring(obj); > > MATCH("grant", ISC_TRUE); > MATCH("deny", ISC_FALSE); > > - INSIST(0); > - /* Not reached. */ > - return ISC_FALSE; > + log_bug("unsupported ACL mode '%s'", str); > + return ISC_R_NOTIMPLEMENTED; > } > > -static unsigned int > -get_match_type(const cfg_obj_t *obj) > +static isc_result_t > +get_match_type(const cfg_obj_t *obj, unsigned int *value) > { > const char *str; > > + if (!cfg_obj_istuple(obj)) { > + log_bug("tuple is expected"); > + return ISC_R_UNEXPECTED; > + } > obj = cfg_tuple_get(obj, "matchtype"); > + if (!cfg_obj_isstring(obj)) { > + log_bug("matchtype is not defined"); > + return ISC_R_UNEXPECTED; > + } > str = cfg_obj_asstring(obj); > > MATCH("name", DNS_SSUMATCHTYPE_NAME); > @@ -232,9 +248,8 @@ get_match_type(const cfg_obj_t *obj) > MATCH("6to4-self", DNS_SSUMATCHTYPE_6TO4SELF); > #endif > > - INSIST(0); > - /* Not reached. */ > - return DNS_SSUMATCHTYPE_NAME; > + log_bug("unsupported match type '%s'", str); > + return ISC_R_NOTIMPLEMENTED; > } > > static isc_result_t > @@ -422,8 +437,8 @@ acl_configure_zone_ssutable(const char *policy_str, > dns_zone_t *zone) > types = NULL; > > stmt = cfg_listelt_value(el); > - grant = get_mode(stmt); > - match_type = get_match_type(stmt); > + CHECK(get_mode(stmt, &grant)); > + CHECK(get_match_type(stmt, &match_type)); > > CHECK(get_fixed_name(stmt, "identity", &fident)); > > -- > 1.7.11.7 > -- Adam Tkac, Red Hat, Inc. _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel