Commit 293a9e99 authored by Mukund Sivaraman's avatar Mukund Sivaraman

Fix allocation for "none" ACL that caused assertion failure (#41745)

parent a125381c
4320. [bug] Insufficient memory allocation when handling
"none" ACL could cause an assertion failure in
named when parsing ACL configuration. [RT #41745]
4319. [security] Fix resolver assertion failure due to improper
DNAME handling when parsing fetch reply messages.
(CVE-2016-1286) [RT #41753]
......
acl a {
{ "none"; };
{ !19.0.0.0/0; };
};
options {
allow-query { a; };
};
......@@ -273,10 +273,11 @@ count_acl_elements(const cfg_obj_t *caml, const cfg_obj_t *cctx,
} else if (cfg_obj_isstring(ce)) {
const char *name = cfg_obj_asstring(ce);
if (strcasecmp(name, "localhost") == 0 ||
strcasecmp(name, "localnets") == 0) {
strcasecmp(name, "localnets") == 0 ||
strcasecmp(name, "none") == 0)
{
n++;
} else if (strcasecmp(name, "any") != 0 &&
strcasecmp(name, "none") != 0) {
} else if (strcasecmp(name, "any") != 0) {
dns_acl_t *inneracl = NULL;
/*
* Convert any named acls we reference now if
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment