From 5f8108e998bc1079a156159cd3f0525c329cdc7f Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Mon, 17 Jul 2017 19:21:01 +0200 Subject: [PATCH] rec: Sanitize values received from the API before writing them to the conf --- pdns/ws-recursor.cc | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/pdns/ws-recursor.cc b/pdns/ws-recursor.cc index 4bbd59c64f..fb48f43181 100644 --- a/pdns/ws-recursor.cc +++ b/pdns/ws-recursor.cc @@ -76,10 +76,11 @@ static void apiServerConfigAllowFrom(HttpRequest* req, HttpResponse* resp) throw ApiException("'value' must be an array"); } + NetmaskGroup nmg; for (auto value : jlist.array_items()) { try { - Netmask(value.string_value()); - } catch (NetmaskException &e) { + nmg.addMask(value.string_value()); + } catch (const NetmaskException &e) { throw ApiException(e.reason); } } @@ -91,9 +92,7 @@ static void apiServerConfigAllowFrom(HttpRequest* req, HttpResponse* resp) // Clear allow-from, and provide a "parent" value ss << "allow-from=" << endl; - for (auto value : jlist.array_items()) { - ss << "allow-from+=" << value.string_value() << endl; - } + ss << "allow-from+=" << nmg.toString() << endl; apiWriteConfigFile("allow-from", ss.str()); @@ -201,10 +200,15 @@ static void doCreateZone(const Json document) if (server == "") { throw ApiException("Forwarded-to server must not be an empty string"); } - if (!serverlist.empty()) { - serverlist += ";"; + try { + ComboAddress ca = parseIPAndPort(server, 53); + if (!serverlist.empty()) { + serverlist += ";"; + } + serverlist += ca.toStringWithPort(); + } catch (const PDNSException &e) { + throw ApiException(e.reason); } - serverlist += server; } if (serverlist == "") throw ApiException("Need at least one upstream server when forwarding"); -- 2.47.2