From: Mukund Sivaraman Date: Fri, 9 Mar 2018 09:15:14 +0000 (+0530) Subject: Check for more than 64 policy zones X-Git-Tag: v9.13.0~85^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d20d86e37d37ba57e1a9e4b8ef539becb383ce40;p=thirdparty%2Fbind9.git Check for more than 64 policy zones --- diff --git a/bin/tests/system/checkconf/bad-rpz-too-many-zones.conf b/bin/tests/system/checkconf/bad-rpz-too-many-zones.conf new file mode 100644 index 00000000000..92a13bed390 --- /dev/null +++ b/bin/tests/system/checkconf/bad-rpz-too-many-zones.conf @@ -0,0 +1,146 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + response-policy { + zone "max1"; + zone "max2"; + zone "max3"; + zone "max4"; + zone "max5"; + zone "max6"; + zone "max7"; + zone "max8"; + zone "max9"; + zone "max10"; + zone "max11"; + zone "max12"; + zone "max13"; + zone "max14"; + zone "max15"; + zone "max16"; + zone "max17"; + zone "max18"; + zone "max19"; + zone "max20"; + zone "max21"; + zone "max22"; + zone "max23"; + zone "max24"; + zone "max25"; + zone "max26"; + zone "max27"; + zone "max28"; + zone "max29"; + zone "max30"; + zone "max31"; + zone "max32"; + zone "max33"; + zone "max34"; + zone "max35"; + zone "max36"; + zone "max37"; + zone "max38"; + zone "max39"; + zone "max40"; + zone "max41"; + zone "max42"; + zone "max43"; + zone "max44"; + zone "max45"; + zone "max46"; + zone "max47"; + zone "max48"; + zone "max49"; + zone "max50"; + zone "max51"; + zone "max52"; + zone "max53"; + zone "max54"; + zone "max55"; + zone "max56"; + zone "max57"; + zone "max58"; + zone "max59"; + zone "max60"; + zone "max61"; + zone "max62"; + zone "max63"; + zone "max64"; + zone "max65"; + }; +}; + +zone "max1" { type master; file "rpz.db"; }; +zone "max2" { type master; file "rpz.db"; }; +zone "max3" { type master; file "rpz.db"; }; +zone "max4" { type master; file "rpz.db"; }; +zone "max5" { type master; file "rpz.db"; }; +zone "max6" { type master; file "rpz.db"; }; +zone "max7" { type master; file "rpz.db"; }; +zone "max8" { type master; file "rpz.db"; }; +zone "max9" { type master; file "rpz.db"; }; +zone "max10" { type master; file "rpz.db"; }; +zone "max11" { type master; file "rpz.db"; }; +zone "max12" { type master; file "rpz.db"; }; +zone "max13" { type master; file "rpz.db"; }; +zone "max14" { type master; file "rpz.db"; }; +zone "max15" { type master; file "rpz.db"; }; +zone "max16" { type master; file "rpz.db"; }; +zone "max17" { type master; file "rpz.db"; }; +zone "max18" { type master; file "rpz.db"; }; +zone "max19" { type master; file "rpz.db"; }; +zone "max20" { type master; file "rpz.db"; }; +zone "max21" { type master; file "rpz.db"; }; +zone "max22" { type master; file "rpz.db"; }; +zone "max23" { type master; file "rpz.db"; }; +zone "max24" { type master; file "rpz.db"; }; +zone "max25" { type master; file "rpz.db"; }; +zone "max26" { type master; file "rpz.db"; }; +zone "max27" { type master; file "rpz.db"; }; +zone "max28" { type master; file "rpz.db"; }; +zone "max29" { type master; file "rpz.db"; }; +zone "max30" { type master; file "rpz.db"; }; +zone "max31" { type master; file "rpz.db"; }; +zone "max32" { type master; file "rpz.db"; }; +zone "max33" { type master; file "rpz.db"; }; +zone "max34" { type master; file "rpz.db"; }; +zone "max35" { type master; file "rpz.db"; }; +zone "max36" { type master; file "rpz.db"; }; +zone "max37" { type master; file "rpz.db"; }; +zone "max38" { type master; file "rpz.db"; }; +zone "max39" { type master; file "rpz.db"; }; +zone "max40" { type master; file "rpz.db"; }; +zone "max41" { type master; file "rpz.db"; }; +zone "max42" { type master; file "rpz.db"; }; +zone "max43" { type master; file "rpz.db"; }; +zone "max44" { type master; file "rpz.db"; }; +zone "max45" { type master; file "rpz.db"; }; +zone "max46" { type master; file "rpz.db"; }; +zone "max47" { type master; file "rpz.db"; }; +zone "max48" { type master; file "rpz.db"; }; +zone "max49" { type master; file "rpz.db"; }; +zone "max50" { type master; file "rpz.db"; }; +zone "max51" { type master; file "rpz.db"; }; +zone "max52" { type master; file "rpz.db"; }; +zone "max53" { type master; file "rpz.db"; }; +zone "max54" { type master; file "rpz.db"; }; +zone "max55" { type master; file "rpz.db"; }; +zone "max56" { type master; file "rpz.db"; }; +zone "max57" { type master; file "rpz.db"; }; +zone "max58" { type master; file "rpz.db"; }; +zone "max59" { type master; file "rpz.db"; }; +zone "max60" { type master; file "rpz.db"; }; +zone "max61" { type master; file "rpz.db"; }; +zone "max62" { type master; file "rpz.db"; }; +zone "max63" { type master; file "rpz.db"; }; +zone "max64" { type master; file "rpz.db"; }; +zone "max65" { type master; file "rpz.db"; }; diff --git a/lib/bind9/check.c b/lib/bind9/check.c index 48beb59a5d5..0d39db10a3a 100644 --- a/lib/bind9/check.c +++ b/lib/bind9/check.c @@ -3141,6 +3141,7 @@ check_rpz_catz(const char *rpz_catz, const cfg_obj_t *rpz_obj, dns_fixedname_t fixed; dns_name_t *name; char namebuf[DNS_NAME_FORMATSIZE]; + unsigned int num_zones = 0; if (viewname == NULL) { viewname = ""; @@ -3151,9 +3152,18 @@ check_rpz_catz(const char *rpz_catz, const cfg_obj_t *rpz_obj, dns_fixedname_init(&fixed); name = dns_fixedname_name(&fixed); obj = cfg_tuple_get(rpz_obj, "zone list"); + for (element = cfg_list_first(obj); element != NULL; - element = cfg_list_next(element)) { + element = cfg_list_next(element)) + { + if (++num_zones > 64) { + cfg_obj_log(nameobj, logctx, ISC_LOG_ERROR, + "more than 64 response policy zones " + "in view '%s'", viewname); + return (ISC_R_FAILURE); + } + obj = cfg_listelt_value(element); nameobj = cfg_tuple_get(obj, "zone name"); zonename = cfg_obj_asstring(nameobj);