+29 January 2008: Wouter
+ - check trailing / on chrootdir in checkconf.
+ - check if root hints and anchor files are in chrootdir.
+
28 January 2008: Wouter
- fixup uninit use of buffer by libunbound (query id, flags) for
local_zone answers.
for(p = cfg->root_hints; p; p = p->next) {
log_assert(p->str);
if(p->str && p->str[0]) {
- if(!read_root_hints(hints, p->str))
+ char* f = p->str;
+ if(cfg->chrootdir && cfg->chrootdir[0] &&
+ strncmp(p->str, cfg->chrootdir,
+ strlen(cfg->chrootdir)) == 0)
+ f += strlen(cfg->chrootdir);
+ if(!read_root_hints(hints, f))
return 0;
}
}
}
}
+/** check file list, every file must be inside the chroot location */
+static void
+check_chroot_filelist(const char* desc, struct config_strlist* list,
+ const char* chrootdir)
+{
+ struct config_strlist* p;
+ if(!chrootdir) return;
+ for(p=list; p; p=p->next) {
+ if(p->str && p->str[0] && strncmp(chrootdir, p->str,
+ strlen(chrootdir)) != 0) {
+ fatal_exit("%s: \"%s\" not in chrootdir %s",
+ desc, p->str, chrootdir);
+ }
+ }
+}
+
/** check configuration for errors */
static void
morechecks(struct config_file* cfg)
if(!cfg->do_udp && !cfg->do_tcp)
fatal_exit("udp and tcp are both disabled, pointless");
+ if(cfg->chrootdir && cfg->chrootdir[0] &&
+ cfg->chrootdir[strlen(cfg->chrootdir)-1] == '/')
+ fatal_exit("chootdir %s has trailing slash '/' please remove.",
+ cfg->chrootdir);
if(cfg->chrootdir && strncmp(cfg->chrootdir, cfg->directory,
strlen(cfg->chrootdir)) != 0)
fatal_exit("working directory %s not in chrootdir %s",
strlen(cfg->chrootdir)) != 0)
fatal_exit("log file %s not in chrootdir %s",
cfg->logfile, cfg->chrootdir);
+ check_chroot_filelist("file with root-hints",
+ cfg->root_hints, cfg->chrootdir);
+ check_chroot_filelist("trust-anchor-file",
+ cfg->trust_anchor_file_list, cfg->chrootdir);
+ check_chroot_filelist("trusted-keys-file",
+ cfg->trusted_keys_file_list, cfg->chrootdir);
if(strcmp(cfg->module_conf, "iterator") != 0 &&
strcmp(cfg->module_conf, "validator iterator") != 0) {
struct config_file* cfg = config_create();
if(!cfg) return NULL;
/* modifications for library use, less verbose, less memory */
+ free(cfg->chrootdir);
+ cfg->chrootdir = NULL;
cfg->verbosity = 0;
cfg->outgoing_num_tcp = 2;
cfg->msg_cache_size = 1024*1024;
anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg)
{
struct config_strlist* f;
+ char* nm;
ldns_buffer* parsebuf = ldns_buffer_new(65535);
for(f = cfg->trust_anchor_file_list; f; f = f->next) {
if(!f->str || f->str[0] == 0) /* empty "" */
continue;
- if(!anchor_read_file(anchors, parsebuf, f->str)) {
+ nm = f->str;
+ if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm,
+ cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
+ nm += strlen(cfg->chrootdir);
+ if(!anchor_read_file(anchors, parsebuf, nm)) {
log_err("error reading trust-anchor-file: %s", f->str);
ldns_buffer_free(parsebuf);
return 0;
for(f = cfg->trusted_keys_file_list; f; f = f->next) {
if(!f->str || f->str[0] == 0) /* empty "" */
continue;
- if(!anchor_read_bind_file(anchors, parsebuf, f->str)) {
+ nm = f->str;
+ if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm,
+ cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
+ nm += strlen(cfg->chrootdir);
+ if(!anchor_read_bind_file(anchors, parsebuf, nm)) {
log_err("error reading trusted-keys-file: %s", f->str);
ldns_buffer_free(parsebuf);
return 0;
projects / thirdparty / unbound.git / commitdiff
