]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
projects / thirdparty / bind9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d392679)
Change the invalid CIDR from parser error to warning
authorOndřej Surý <ondrej@isc.org>
Wed, 3 Jun 2020 12:42:11 +0000 (14:42 +0200)
committerOndřej Surý <ondrej@isc.org>
Wed, 3 Jun 2020 20:17:02 +0000 (22:17 +0200)
In [RT #43367], the BIND 9 changed the strictness of address / prefix
length checks:

    Check prefixes in acls to make sure the address and
    prefix lengths are consistent.  Warn only in
    BIND 9.11 and earlier.

Unfortunately, a regression slipped in and the check was made an error
also in the BIND 9.11.  This commit fixes the regression, but turning
the error into a warning.

bin/tests/system/checkconf/tests.sh patch | blob | blame | history
bin/tests/system/checkconf/warn-address-prefix-length-mismatch.conf [moved from bin/tests/system/checkconf/bad-ipv4-prefix-dotted2.conf with 70% similarity] patch | blob | blame | history
lib/isccfg/parser.c patch | blob | blame | history
util/copyrights patch | blob | blame | history

diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh
index 85fb4839e987e8646777671205ccf2be6ec6209c..d2b0daa35c647a49a65e888a78b860334ea6ca43 100644 (file)
--- a/bin/tests/system/checkconf/tests.sh
+++ b/bin/tests/system/checkconf/tests.sh
@@ -386,6 +386,15 @@ grep "dlv.isc.org has been shut down" < checkconf.out$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
 
+n=`expr $n + 1`
+echo_i "check that invalid address/prefix length generates a warning ($n)"
+ret=0
+$CHECKCONF warn-address-prefix-length-mismatch.conf > checkconf.out$n 2>/dev/null || ret=1
+LINES=$(grep -c "address/prefix length mismatch" < checkconf.out$n) || ret=1
+[ "$LINES" -eq 8 ] || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
+status=`expr $status + $ret`
+
 n=`expr $n + 1`
 echo_i "check that 'dnssec-lookaside . trust-anchor dlv.example.com;' doesn't generates a warning ($n)"
 ret=0
diff --git a/bin/tests/system/checkconf/bad-ipv4-prefix-dotted2.conf b/bin/tests/system/checkconf/warn-address-prefix-length-mismatch.conf
similarity index 70%
rename from bin/tests/system/checkconf/bad-ipv4-prefix-dotted2.conf
rename to bin/tests/system/checkconf/warn-address-prefix-length-mismatch.conf
index 2c768c7e1a8aeabf509b49f7a21ad64bcf8b9f34..5e3bc3f6ee24a2c132e704d0abe941dd7990e9b2 100644 (file)
--- a/bin/tests/system/checkconf/bad-ipv4-prefix-dotted2.conf
+++ b/bin/tests/system/checkconf/warn-address-prefix-length-mismatch.conf
@@ -9,6 +9,14 @@
  * information regarding copyright ownership.
  */
 
-acl myacl {
-       127.1/8; /* No-zero bits */
+zone example {
+       type master;
+       file "example.db";
+       auto-dnssec maintain;
+       allow-update {
+               192.0.2.64/24;
+               192.0.2.128/24;
+               198.51.100.255/24;
+               203.0.113.2/24;
+       };
 };
diff --git a/lib/isccfg/parser.c b/lib/isccfg/parser.c
index e2af054661736777ea4227c2893223a8f129ad4c..44a1dfc37a163f126211fff33ab90d30db4333bb 100644 (file)
--- a/lib/isccfg/parser.c
+++ b/lib/isccfg/parser.c
@@ -2634,15 +2634,6 @@ cfg_parse_netprefix(cfg_parser_t *pctx, const cfg_type_t *type,
                                         "invalid prefix length");
                        return (ISC_R_RANGE);
                }
-               result = isc_netaddr_prefixok(&netaddr, prefixlen);
-               if (result != ISC_R_SUCCESS) {
-                       char buf[ISC_NETADDR_FORMATSIZE + 1];
-                       isc_netaddr_format(&netaddr, buf, sizeof(buf));
-                       cfg_parser_error(pctx, CFG_LOG_NOPREP,
-                                        "'%s/%u': address/prefix length "
-                                        "mismatch", buf, prefixlen);
-                       return (ISC_R_FAILURE);
-               }
        } else {
                if (expectprefix) {
                        cfg_parser_error(pctx, CFG_LOG_NEAR,
diff --git a/util/copyrights b/util/copyrights
index 614a03f1040e7bfc456a2583ffda277f85095bd2..8671fdb1577e82c3909a8e6bc68dc50599ce0250 100644 (file)
--- a/util/copyrights
+++ b/util/copyrights
@@ -709,7 +709,6 @@
 ./bin/tests/system/checkconf/bad-in-view-dup.conf      CONF-C  2018,2019,2020
 ./bin/tests/system/checkconf/bad-inline-slave.conf     CONF-C  2013,2016,2018,2019,2020
 ./bin/tests/system/checkconf/bad-ipv4-prefix-dotted1.conf      CONF-C  2019,2020
-./bin/tests/system/checkconf/bad-ipv4-prefix-dotted2.conf      CONF-C  2019,2020
 ./bin/tests/system/checkconf/bad-ipv4-prefix2.conf     CONF-C  2019,2020
 ./bin/tests/system/checkconf/bad-keep-response-order.conf      CONF-C  2015,2016,2018,2019,2020
 ./bin/tests/system/checkconf/bad-lifetime.conf CONF-C  2014,2016,2018,2019,2020
@@ -822,6 +821,7 @@
 ./bin/tests/system/checkconf/view-class-any2.conf      CONF-C  2016,2018,2019,2020
 ./bin/tests/system/checkconf/view-class-in1.conf       CONF-C  2016,2018,2019,2020
 ./bin/tests/system/checkconf/view-class-in2.conf       CONF-C  2016,2018,2019,2020
+./bin/tests/system/checkconf/warn-address-prefix-length-mismatch.conf  CONF-C  2020
 ./bin/tests/system/checkconf/warn-dlv-auto.conf        CONF-C  2017,2018,2019,2020
 ./bin/tests/system/checkconf/warn-dlv-dlv.isc.org.conf CONF-C  2017,2018,2019,2020
 ./bin/tests/system/checkconf/warn-duplicate-key.conf   CONF-C  2019,2020
Mirror of https://gitlab.isc.org/isc-projects/bind9.git