Re: [Freeipa-devel] [PATCH 0116] Fix crash caused by invalid wildcard in update policy string
On 4.3.2013 15:15, Adam Tkac wrote: On Mon, Feb 25, 2013 at 03:28:57PM +0100, Petr Spacek wrote: Hello, Fix crash caused by invalid wildcard in update policy string. https://fedorahosted.org/bind-dyndb-ldap/ticket/108 Question: What we should do if update policy string contains an error? Should we disable all updates? Or let the old policy in place? I vote for disallowing all updates. +1. In my opinion disallowing all updates is correct. I will prepare separate patch for this. Ack for the patch. Pushed to master and v2: 33bad9e66f346d40dc3510719898d03ccb79b2f4 -- Petr^2 Spacek ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0116] Fix crash caused by invalid wildcard in update policy string
On Mon, Feb 25, 2013 at 03:28:57PM +0100, Petr Spacek wrote:
Hello,
Fix crash caused by invalid wildcard in update policy string.
https://fedorahosted.org/bind-dyndb-ldap/ticket/108
Question:
What we should do if update policy string contains an error?
Should we disable all updates?
Or let the old policy in place?
I vote for disallowing all updates.
+1. In my opinion disallowing all updates is correct.
Ack for the patch.
From 9265430d94cb4997188583b8e4c2befe7b28ba4b Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Mon, 25 Feb 2013 15:24:07 +0100
Subject: [PATCH] Fix crash caused by invalid wildcard in update policy
string.
https://fedorahosted.org/bind-dyndb-ldap/ticket/108
Signed-off-by: Petr Spacek pspa...@redhat.com
---
src/acl.c | 12
1 file changed, 12 insertions(+)
diff --git a/src/acl.c b/src/acl.c
index
c62a8cb9e867b658b65ce05a07fc31377b2356c2..f95cf431b6363d82085e9cfec7e6c1d6ddd45d7a
100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -420,6 +420,18 @@ acl_configure_zone_ssutable(const char *policy_str,
dns_zone_t *zone)
CHECK(get_fixed_name(stmt, name, fname));
CHECK(get_types(mctx, stmt, types, n));
+ if (match_type == DNS_SSUMATCHTYPE_WILDCARD
+ !dns_name_iswildcard(dns_fixedname_name(fname))) {
+ char name[DNS_NAME_FORMATSIZE];
+ dns_name_format(dns_fixedname_name(fname), name,
+ DNS_NAME_FORMATSIZE);
+ dns_zone_log(zone, ISC_LOG_ERROR,
+ invalid update policy:
+ name '%s' is expected to be a wildcard,
+ name);
+ CLEANUP_WITH(DNS_R_BADNAME);
+ }
+
result = dns_ssutable_addrule(table, grant,
dns_fixedname_name(fident),
match_type,
--
1.7.11.7
--
Adam Tkac, Red Hat, Inc.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH 0116] Fix crash caused by invalid wildcard in update policy string
Hello,
Fix crash caused by invalid wildcard in update policy string.
https://fedorahosted.org/bind-dyndb-ldap/ticket/108
Question:
What we should do if update policy string contains an error?
Should we disable all updates?
Or let the old policy in place?
I vote for disallowing all updates.
--
Petr^2 Spacek
From 9265430d94cb4997188583b8e4c2befe7b28ba4b Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Mon, 25 Feb 2013 15:24:07 +0100
Subject: [PATCH] Fix crash caused by invalid wildcard in update policy
string.
https://fedorahosted.org/bind-dyndb-ldap/ticket/108
Signed-off-by: Petr Spacek pspa...@redhat.com
---
src/acl.c | 12
1 file changed, 12 insertions(+)
diff --git a/src/acl.c b/src/acl.c
index c62a8cb9e867b658b65ce05a07fc31377b2356c2..f95cf431b6363d82085e9cfec7e6c1d6ddd45d7a 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -420,6 +420,18 @@ acl_configure_zone_ssutable(const char *policy_str, dns_zone_t *zone)
CHECK(get_fixed_name(stmt, name, fname));
CHECK(get_types(mctx, stmt, types, n));
+ if (match_type == DNS_SSUMATCHTYPE_WILDCARD
+ !dns_name_iswildcard(dns_fixedname_name(fname))) {
+ char name[DNS_NAME_FORMATSIZE];
+ dns_name_format(dns_fixedname_name(fname), name,
+ DNS_NAME_FORMATSIZE);
+ dns_zone_log(zone, ISC_LOG_ERROR,
+ invalid update policy:
+ name '%s' is expected to be a wildcard,
+ name);
+ CLEANUP_WITH(DNS_R_BADNAME);
+ }
+
result = dns_ssutable_addrule(table, grant,
dns_fixedname_name(fident),
match_type,
--
1.7.11.7
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
