Fix allocation for "none" ACL that caused assertion failure (#41745)

author Mukund Sivaraman <muks@isc.org>

Tue, 23 Feb 2016 07:21:34 +0000 (12:51 +0530)

committer Mukund Sivaraman <muks@isc.org>

Tue, 23 Feb 2016 07:31:16 +0000 (13:01 +0530)
author Mukund Sivaraman <muks@isc.org>
Tue, 23 Feb 2016 07:21:34 +0000 (12:51 +0530)
committer Mukund Sivaraman <muks@isc.org>
Tue, 23 Feb 2016 07:31:16 +0000 (13:01 +0530)
diff --git a/CHANGES b/CHANGES

index 2638e8a936f9b2bc3244ab6e62372d01ed2e9c50..4753c69e9c3655d7cf4ef4ebda59f58648c288bc 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+4320.  [bug]           Insufficient memory allocation when handling
+                       "none" ACL could cause an assertion failure in
+                       named when parsing ACL configuration. [RT #41745]
+
  4319.  [security]      Fix resolver assertion failure due to improper
                         DNAME handling when parsing fetch reply messages.
                         (CVE-2016-1286) [RT #41753]
diff --git a/bin/tests/system/checkconf/good-acl.conf b/bin/tests/system/checkconf/good-acl.conf

new file mode 100644 (file)

index 0000000..84ff712
--- /dev/null
+++ b/bin/tests/system/checkconf/good-acl.conf
@@ -0,0 +1,8 @@
+acl a {
+       { "none"; };
+       { !19.0.0.0/0; };
+};
+
+options {
+       allow-query { a; };
+};
diff --git a/lib/isccfg/aclconf.c b/lib/isccfg/aclconf.c

index e1b68971738affeeeaf5167a6d0bdd054d6efa69..c1c34ceae273add0849ba3fa1a017cd38ddc076b 100644 (file)
--- a/lib/isccfg/aclconf.c
+++ b/lib/isccfg/aclconf.c
@@ -254,10 +254,11 @@ count_acl_elements(const cfg_obj_t *caml, const cfg_obj_t *cctx,
                 } else if (cfg_obj_isstring(ce)) {
                         const char *name = cfg_obj_asstring(ce);
                         if (strcasecmp(name, "localhost") == 0 ||
-                           strcasecmp(name, "localnets") == 0) {
+                           strcasecmp(name, "localnets") == 0 ||
+                           strcasecmp(name, "none") == 0)
+                       {
                                 n++;
-                       } else if (strcasecmp(name, "any") != 0 &&
-                                  strcasecmp(name, "none") != 0) {
+                       } else if (strcasecmp(name, "any") != 0) {
                                 dns_acl_t *inneracl = NULL;
                                 /*
                                  * Convert any named acls we reference now if
author	Mukund Sivaraman <muks@isc.org>
	Tue, 23 Feb 2016 07:21:34 +0000 (12:51 +0530)
committer	Mukund Sivaraman <muks@isc.org>
	Tue, 23 Feb 2016 07:31:16 +0000 (13:01 +0530)
CHANGES		patch \| blob \| blame \| history
bin/tests/system/checkconf/good-acl.conf	[new file with mode: 0644]	patch \| blob
lib/isccfg/aclconf.c		patch \| blob \| blame \| history