+11 March 2020: Ralph
+ - Add check to make sure RPZ records are subdomains of configured
+ zone origin.
+
11 March 2020: George
- Fix #189: mini_event.h:142:17: error: field 'ev_timeout' has incomplete
type, by noloader.
return 0;
}
if(z->rpz) {
- if(!(rpz_insert_rr(z->rpz, z->namelen, dname, dname_len,
- rr_type, rr_class, rr_ttl, rdata, rdatalen, rr,
- rr_len)))
+ if(!(rpz_insert_rr(z->rpz, z->name, z->namelen, dname,
+ dname_len, rr_type, rr_class, rr_ttl, rdata, rdatalen,
+ rr, rr_len)))
return 0;
}
return 1;
}
int
-rpz_insert_rr(struct rpz* r, size_t aznamelen, uint8_t* dname,
+rpz_insert_rr(struct rpz* r, uint8_t* azname, size_t aznamelen, uint8_t* dname,
size_t dnamelen, uint16_t rr_type, uint16_t rr_class, uint32_t rr_ttl,
uint8_t* rdatawl, size_t rdatalen, uint8_t* rr, size_t rr_len)
{
enum rpz_action a;
uint8_t* policydname;
+ if(!dname_subdomain_c(dname, azname)) {
+ log_err("RPZ: name of record to insert into RPZ is not a "
+ "subdomain of the configured name of the RPZ zone");
+ return 0;
+ }
+
log_assert(dnamelen >= aznamelen);
- if(!(policydname = calloc(1, (dnamelen-aznamelen)+1)))
+ if(!(policydname = calloc(1, (dnamelen-aznamelen)+1))) {
+ log_err("malloc error while inserting RPZ RR");
return 0;
+ }
a = rpz_rr_to_action(rr_type, rdatawl, rdatalen);
if(!(policydnamelen = strip_dname_origin(dname, dnamelen, aznamelen,
/**
* Create policy from RR and add to this RPZ.
* @param r: the rpz to add the policy to.
+ * @param azname: dname of the auth-zone
* @param aznamelen: the length of the auth-zone name
* @param dname: dname of the RR
* @param dnamelen: length of the dname
* @param rr_len: the length of the complete RR
* @return: 0 on error
*/
-int rpz_insert_rr(struct rpz* r, size_t aznamelen, uint8_t* dname,
+int rpz_insert_rr(struct rpz* r, uint8_t* azname, size_t aznamelen, uint8_t* dname,
size_t dnamelen, uint16_t rr_type, uint16_t rr_class, uint32_t rr_ttl,
uint8_t* rdatawl, size_t rdatalen, uint8_t* rr, size_t rr_len);
projects / thirdparty / unbound.git / commitdiff
