From: Ralph Dolmans <ralph@nlnetlabs.nl>
Date: Thu, 11 Apr 2019 13:07:49 +0000 (+0200)
Subject: - apply chroot to auth-zone zonefile in unbound-checkconf
X-Git-Tag: release-1.10.0rc1~28^2~28^2~25
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=74f11b852c4602008a40caaacec020fc64216d9e;p=thirdparty%2Funbound.git

- apply chroot to auth-zone zonefile in unbound-checkconf
---

diff --git a/smallapp/unbound-checkconf.c b/smallapp/unbound-checkconf.c
index eddd3e172..0cf3d35aa 100644
--- a/smallapp/unbound-checkconf.c
+++ b/smallapp/unbound-checkconf.c
@@ -433,6 +433,7 @@ check_modules_exist(const char* module_conf)
 static void
 morechecks(struct config_file* cfg)
 {
+	struct config_auth* auth;
 	warn_hosts("stub-host", cfg->stubs);
 	warn_hosts("forward-host", cfg->forwards);
 	interfacechecks(cfg);
@@ -498,6 +499,12 @@ morechecks(struct config_file* cfg)
 		cfg->trusted_keys_file_list, cfg->chrootdir, cfg);
 	check_chroot_string("dlv-anchor-file", &cfg->dlv_anchor_file,
 		cfg->chrootdir, cfg);
+	for(auth = cfg->auths; auth; auth = auth->next) {
+		char* az = (auth->isrpz) ? "rpz zonefile" :
+			"auth-zone zonefile";
+		check_chroot_string(az, &auth->zonefile,
+			cfg->chrootdir, cfg);
+	}
 #ifdef USE_IPSECMOD
 	if(cfg->ipsecmod_enabled && strstr(cfg->module_conf, "ipsecmod")) {
 		/* only check hook if enabled */