From: W.C.A. Wijngaards Date: Mon, 16 Jun 2025 10:43:31 +0000 (+0200) Subject: - Fix to check control-interface addresses in unbound-checkconf. X-Git-Tag: release-1.24.0rc1~79 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a04bd5da2906003bf90fe931240cdce6c68f7a1b;p=thirdparty%2Funbound.git - Fix to check control-interface addresses in unbound-checkconf. --- diff --git a/doc/Changelog b/doc/Changelog index 24b7e1a19..2b7c7d578 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +16 June 2025: Wouter + - Fix to check control-interface addresses in unbound-checkconf. + 12 June 2025: Wouter - Fix header return value description for skip_pkt_rrs and parse_edns_from_query_pkt. diff --git a/smallapp/unbound-checkconf.c b/smallapp/unbound-checkconf.c index 07892fc4d..2ca69e9e6 100644 --- a/smallapp/unbound-checkconf.c +++ b/smallapp/unbound-checkconf.c @@ -454,6 +454,39 @@ ifautomaticportschecks(char* ifautomaticports) } } +/** check control interface strings */ +static void +controlinterfacechecks(struct config_file* cfg) +{ + struct config_strlist* p; + for(p = cfg->control_ifs.first; p; p = p->next) { + struct sockaddr_storage a; + socklen_t alen; + char** rcif = NULL; + int i, num_rcif = 0; + /* See if it is a local socket, starts with a '/'. */ + if(p->str && p->str[0] == '/') + continue; + if(!resolve_interface_names(&p->str, 1, NULL, &rcif, + &num_rcif)) { + fatal_exit("could not resolve interface names, for control-interface: %s", + p->str); + } + for(i=0; icontrol_port)) { + if(strcmp(p->str, rcif[i])!=0) + fatal_exit("cannot parse control-interface address '%s' from the control-interface specified as '%s'", + rcif[i], p->str); + else + fatal_exit("cannot parse control-interface specified as '%s'", + p->str); + } + } + config_del_strarray(rcif, num_rcif); + } +} + /** check acl ips */ static void aclchecks(struct config_file* cfg) @@ -932,6 +965,8 @@ morechecks(struct config_file* cfg) fatal_exit("control-cert-file: \"%s\" does not exist", cfg->control_cert_file); } + if(cfg->remote_control_enable) + controlinterfacechecks(cfg); donotquerylocalhostcheck(cfg); localzonechecks(cfg);