Commit c5d4cfc8 authored by Mark Andrews's avatar Mark Andrews
Browse files

4483. [func] Check prefixes in acls to make sure the address and

                        prefix lengths are consistent.  Warn only in
                        BIND 9.11 and earlier. [RT #43367]
parent 61463ab7
4483. [func] Check prefixes in acls to make sure the address and
prefix lengths are consistent. Warn only in
BIND 9.11 and earlier. [RT #43367]
4482. [bug] Address use before require check and remove extraneous
dns_message_gettsigkey call in dns_tsig_sign.
[RT #43374]
......
/*
* Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
acl a {
{ "none"; };
{ !19.0.0.0/7; };
};
options {
allow-query { a; };
};
......@@ -8,7 +8,7 @@
acl a {
{ "none"; };
{ !19.0.0.0/0; };
{ !19.0.0.0/8; };
};
options {
......
......@@ -36,7 +36,7 @@ options {
hostname none;
interface-interval 30;
keep-response-order {
10.0.0.10/24;
10.0.10.0/24;
};
listen-on port 90 {
"any";
......
......@@ -41,7 +41,7 @@ zone "example" {
zone "example.com" {
type master;
file "example.com.db.signed";
allow-update { 10.53.0.0/8; };
allow-update { 10.53.0.0/16; };
};
zone "good" {
......
......@@ -6,8 +6,6 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
/* $Id$ */
#include <config.h>
#include <isc/mem.h>
......@@ -712,6 +710,15 @@ cfg_acl_fromconfig2(const cfg_obj_t *caml, const cfg_obj_t *cctx,
dns_acl_detach(&de->nestedacl);
continue;
}
result = isc_netaddr_prefixok(&addr, bitlen);
if (result != ISC_R_SUCCESS) {
char buf[ISC_NETADDR_FORMATSIZE + 1];
isc_netaddr_format(&addr, buf, sizeof(buf));
cfg_obj_log(ce, lctx, ISC_LOG_WARNING,
"'%s/%u': address/prefix length "
"mismatch", buf, bitlen);
goto cleanup;
}
/*
* If nesting ACLs (nest_level != 0), we negate
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment