Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
9069215e
Commit
9069215e
authored
Jul 29, 2009
by
Evan Hunt
Browse files
2641. [bug] Fixed an error in parsing update-policy syntax,
added a regression test to check it. [RT #20007]
parent
95f36ad2
Changes
8
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
9069215e
--- 9.7.0a2 released ---
2641. [bug] Fixed an error in parsing update-policy syntax,
added a regression test to check it. [RT #20007]
2640. [security] A specially crafted update packet will cause named
to exit. [RT #20000]
...
...
bin/confgen/ddns-confgen.c
View file @
9069215e
...
...
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: ddns-confgen.c,v 1.
7
2009/07/
02 22:50:24 jinmei
Exp $ */
/* $Id: ddns-confgen.c,v 1.
8
2009/07/
29 17:52:00 each
Exp $ */
/*! \file */
...
...
@@ -234,13 +234,14 @@ update-policy {\n\
};
\n
"
,
keyname
);
}
}
printf
(
"
\n
\
printf
(
"
\n
\
# After the keyfile has been placed, the following command will
\n
\
# execute nsupdate using this key:
\n
\
nsupdate -k <keyfile>
\n
"
);
}
if
(
keybuf
!=
NULL
)
isc_mem_put
(
mctx
,
keybuf
,
len
);
...
...
bin/tests/system/conf.sh.in
View file @
9069215e
...
...
@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: conf.sh.in,v 1.
39
200
8
/0
1/10 23:47:01 tbox
Exp $
# $Id: conf.sh.in,v 1.
40
200
9
/0
7/29 17:52:00 each
Exp $
#
# Common configuration data for system tests, to be sourced into
...
...
@@ -35,6 +35,7 @@ LWRESD="$TOP/bin/named/named -l"
DIG
=
$TOP
/bin/dig/dig
RNDC
=
$TOP
/bin/rndc/rndc
NSUPDATE
=
$TOP
/bin/nsupdate/nsupdate
DDNSCONFGEN
=
$TOP
/bin/confgen/ddns-confgen
KEYGEN
=
$TOP
/bin/dnssec/dnssec-keygen
SIGNER
=
$TOP
/bin/dnssec/dnssec-signzone
CHECKZONE
=
$TOP
/bin/check/named-checkzone
...
...
bin/tests/system/nsupdate/clean.sh
View file @
9069215e
...
...
@@ -15,14 +15,14 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: clean.sh,v 1.1
2
200
7
/0
9
/2
6 03:22:44 marka
Exp $
# $Id: clean.sh,v 1.1
3
200
9
/0
7
/2
9 17:52:00 each
Exp $
#
# Clean up after zone transfer tests.
#
rm
-f
dig.out.ns1 dig.out.ns2 dig.out.ns1.after ns1/
*
.jnl ns2/
*
.jnl
\
ns1/example.db ns1/update.db
ns1/example.db ns1/update.db
ns1/other.db
rm
-f
ns2/example.bk
rm
-f
ns2/update.bk
rm
-f
*
/named.memstats
bin/tests/system/nsupdate/ns1/named.conf
View file @
9069215e
...
...
@@ -15,7 +15,7 @@
*
PERFORMANCE
OF
THIS
SOFTWARE
.
*/
/* $
Id
:
named
.
conf
,
v
1
.
1
7
200
7
/
0
6
/
19
23
:
47
:
04
tbox
Exp
$ */
/* $
Id
:
named
.
conf
,
v
1
.
1
8
200
9
/
0
7
/
29
17
:
52
:
00
each
Exp
$ */
controls
{ /*
empty
*/ };
...
...
@@ -25,7 +25,8 @@ options {
transfer
-
source
10
.
53
.
0
.
1
;
port
5300
;
pid
-
file
"named.pid"
;
listen
-
on
{
10
.
53
.
0
.
1
; };
session
-
keyfile
"session.key"
;
listen
-
on
{
10
.
53
.
0
.
1
;
127
.
0
.
0
.
1
; };
listen
-
on
-
v6
{
none
; };
recursion
no
;
notify
yes
;
...
...
@@ -40,11 +41,24 @@ controls {
inet
10
.
53
.
0
.
1
port
9953
allow
{
any
; }
keys
{
rndc_key
; };
};
include
"ddns.key"
;
zone
"example.nil"
{
type
master
;
file
"example.db"
;
check
-
integrity
no
;
allow
-
update
{
any
; };
update
-
policy
{
grant
ddns
-
key
.
example
.
nil
subdomain
example
.
nil
ANY
;
};
allow
-
transfer
{
any
; };
};
zone
"other.nil"
{
type
master
;
file
"other.db"
;
check
-
integrity
no
;
update
-
policy
local
;
allow
-
query
-
on
{
127
.
0
.
0
.
1
; };
allow
-
transfer
{
any
; };
};
...
...
bin/tests/system/nsupdate/setup.sh
View file @
9069215e
...
...
@@ -15,7 +15,10 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: setup.sh,v 1.10 2007/06/19 23:47:04 tbox Exp $
# $Id: setup.sh,v 1.11 2009/07/29 17:52:00 each Exp $
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
#
# jnl and database files MUST be removed before we start
...
...
@@ -24,6 +27,7 @@
rm
-f
ns1/
*
.jnl ns1/example.db ns2/
*
.jnl ns2/example.bk
cp
-f
ns1/example1.db ns1/example.db
sed
's/example.nil/other.nil/g'
ns1/example1.db
>
ns1/other.db
# update_test.pl has its own zone file because it
# requires a specific NS record set.
...
...
@@ -40,3 +44,5 @@ update.nil IN SOA ns1.example.nil. hostmaster.example.nil. (
update.nil. NS ns1.update.nil.
ns1.update.nil. A 10.53.0.2
EOF
$DDNSCONFGEN
-q
-z
example.nil
>
ns1/ddns.key
bin/tests/system/nsupdate/tests.sh
View file @
9069215e
...
...
@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.2
5
200
7
/0
6/19 23:47:04 tbox
Exp $
# $Id: tests.sh,v 1.2
6
200
9
/0
7/29 17:52:00 each
Exp $
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
...
...
@@ -28,7 +28,7 @@ $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
echo
"I:fetching second copy of zone before update"
$DIG
+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.
\
@10.53.0.
1
axfr
-p
5300
>
dig.out.ns2
||
status
=
1
@10.53.0.
2
axfr
-p
5300
>
dig.out.ns2
||
status
=
1
echo
"I:comparing pre-update copies to known good data"
$PERL
../digcomp.pl knowngood.ns1.before dig.out.ns1
||
status
=
1
...
...
@@ -36,7 +36,7 @@ $PERL ../digcomp.pl knowngood.ns1.before dig.out.ns2 || status=1
echo
"I:updating zone"
# nsupdate will print a ">" prompt to stdout as it gets each input line.
$NSUPDATE
<<
END
> /dev/null || status=1
$NSUPDATE
-k
ns1/ddns.key
<<
END
> /dev/null || status=1
server 10.53.0.1 5300
update add updated.example.nil. 600 A 10.10.10.1
update add updated.example.nil. 600 TXT Foo
...
...
@@ -58,6 +58,28 @@ echo "I:comparing post-update copies to known good data"
$PERL
../digcomp.pl knowngood.ns1.after dig.out.ns1
||
status
=
1
$PERL
../digcomp.pl knowngood.ns1.after dig.out.ns2
||
status
=
1
echo
"I:testing local update policy"
pre
=
`
$DIG
+short new.other.nil. @10.53.0.1 a
-p
5300
`
||
status
=
1
[
-z
"
$pre
"
]
||
status
=
1
echo
"I:updating zone"
# nsupdate will print a ">" prompt to stdout as it gets each input line.
$NSUPDATE
-l
-p
5300
-k
ns1/session.key
>
/dev/null
<<
END
|| status=1
zone other.nil.
update add new.other.nil. 600 IN A 10.10.10.1
send
END
echo
"I:sleeping 5 seconds for server to incorporate changes"
sleep
5
echo
"I:checking result of update"
post
=
`
$DIG
+short new.other.nil. @10.53.0.1 a
-p
5300
`
||
status
=
1
[
"
$post
"
=
"10.10.10.1"
]
||
status
=
1
echo
"I:comparing post-update copy to known good data"
$PERL
../digcomp.pl knowngood.ns1.after dig.out.ns1
||
status
=
1
if
$PERL
-e
'use Net::DNS;'
2>/dev/null
then
echo
"I:running update.pl test"
...
...
@@ -103,7 +125,7 @@ $PERL ../digcomp.pl dig.out.ns1 dig.out.ns1.after || status=1
echo
"I:begin RT #482 regression test"
echo
"I:update master"
$NSUPDATE
<<
END
> /dev/null || status=1
$NSUPDATE
-k
ns1/ddns.key
<<
END
> /dev/null || status=1
server 10.53.0.1 5300
update add updated2.example.nil. 600 A 10.10.10.2
update add updated2.example.nil. 600 TXT Bar
...
...
@@ -119,7 +141,7 @@ kill -HUP `cat ns2/named.pid`
sleep
5
echo
"I:update master again"
$NSUPDATE
<<
END
> /dev/null || status=1
$NSUPDATE
-k
ns1/ddns.key
<<
END
> /dev/null || status=1
server 10.53.0.1 5300
update add updated3.example.nil. 600 A 10.10.10.3
update add updated3.example.nil. 600 TXT Zap
...
...
@@ -142,7 +164,7 @@ fi
echo
"I:end RT #482 regression test"
echo
"I:testing that rndc stop updates the master file"
$NSUPDATE
<<
END
> /dev/null || status=1
$NSUPDATE
-k
ns1/ddns.key
<<
END
> /dev/null || status=1
server 10.53.0.1 5300
update add updated4.example.nil. 600 A 10.10.10.3
send
...
...
lib/isccfg/namedconf.c
View file @
9069215e
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: namedconf.c,v 1.10
2
2009/07/
14 22:54:57
each Exp $ */
/* $Id: namedconf.c,v 1.10
3
2009/07/
29 17:52:00
each Exp $ */
/*! \file */
...
...
@@ -350,6 +350,7 @@ parse_updatepolicy(cfg_parser_t *pctx, const cfg_type_t *type,
CHECK
(
cfg_gettoken
(
pctx
,
0
));
if
(
pctx
->
token
.
type
==
isc_tokentype_special
&&
pctx
->
token
.
value
.
as_char
==
'{'
)
{
cfg_ungettoken
(
pctx
);
return
(
cfg_parse_bracketed_list
(
pctx
,
type
,
ret
));
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment