4636. [bug] Normalize rpz policy zone names when checking for

existence. [RT #45358]

4636. [bug] Normalize rpz policy zone names when checking for
existence. [RT #45358]
e85e95c1 · Mark Andrews · 2c11da84 · e85e95c1 · e85e95c1 · e85e95c1
Commit e85e95c1 authored Jun 13, 2017 by Mark Andrews
Hide whitespace changes
Inline Side-by-side

Showing with 39 additions and 2 deletions

CHANGES CHANGES +3 -0

bin/tests/system/checkconf/good-response-dot.conf bin/tests/system/checkconf/good-response-dot.conf +18 -0

lib/bind9/check.c lib/bind9/check.c +18 -2

No files found.
--- a/CHANGES
+++ b/CHANGES
+4636.	[bug]		Normalize rpz policy zone names when checking for
+			existence. [RT #45358]
+
 4635.	[bug]		Fix RPZ NSDNAME logging that was logging
 			failures as NSIP. [RT #45052]


--- a/bin/tests/system/checkconf/good-response-dot.conf
+++ b/bin/tests/system/checkconf/good-response-dot.conf
+/*
+ * Copyright (C) 2016  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+zone "example.com." {
+	type master;
+	file "example.com.zone";
+};
+
+options {
+	response-policy {
+		zone "example.com." policy given;
+	};
+};
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -2944,6 +2944,9 @@ check_rpz_catz(const char *rpz_catz, const cfg_obj_t *rpz_obj,
 	const char *forview = " for view ";
 	isc_symvalue_t value;
 	isc_result_t result, tresult;
+	dns_fixedname_t fixed;
+	dns_name_t *name;
+	char namebuf[DNS_NAME_FORMATSIZE];

 	if (viewname == NULL) {
 		viewname = "";
@@ -2951,6 +2954,8 @@ check_rpz_catz(const char *rpz_catz, const cfg_obj_t *rpz_obj,
 	}
 	result = ISC_R_SUCCESS;

+	dns_fixedname_init(&fixed);
+	name = dns_fixedname_name(&fixed);
 	obj = cfg_tuple_get(rpz_obj, "zone list");
 	for (element = cfg_list_first(obj);
 	     element != NULL;
@@ -2959,7 +2964,17 @@ check_rpz_catz(const char *rpz_catz, const cfg_obj_t *rpz_obj,
 		nameobj = cfg_tuple_get(obj, "zone name");
 		zonename = cfg_obj_asstring(nameobj);
 		zonetype = "";
-		tresult = isc_symtab_lookup(symtab, zonename, 3, &value);
+
+		tresult = dns_name_fromstring(name, zonename, 0, NULL);
+		if (tresult != ISC_R_SUCCESS) {
+			cfg_obj_log(nameobj, logctx, ISC_LOG_ERROR,
+				   "bad domain name '%s'", zonename);
+			if (result == ISC_R_SUCCESS)
+				result = tresult;
+			continue;
+		}
+		dns_name_format(name, namebuf, sizeof(namebuf));
+		tresult = isc_symtab_lookup(symtab, namebuf, 3, &value);
 		if (tresult == ISC_R_SUCCESS) {
 			obj = NULL;
 			zoneobj = value.as_cpointer;
@@ -2975,7 +2990,8 @@ check_rpz_catz(const char *rpz_catz, const cfg_obj_t *rpz_obj,
 			cfg_obj_log(nameobj, logctx, ISC_LOG_ERROR,
 				    "%s '%s'%s%s is not a master or slave zone",
 				    rpz_catz, zonename, forview, viewname);
-			result = ISC_R_FAILURE;
+			if (result == ISC_R_SUCCESS)
+				result = ISC_R_FAILURE;
 		}
 	}
 	return (result);