4636. [bug] Normalize rpz policy zone names when checking for

                        existence. [RT #45358]

(cherry picked from commit e85e95c19e5655952f3c4208043760445da93e54)

diff --git a/CHANGES b/CHANGES
index 06d271cba6e8bd59819da692bc6734d0abe27766..92ce50abbb141ed40dbcca87126b982bc6fe8463 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+4636.  [bug]           Normalize rpz policy zone names when checking for
+                       existence. [RT #45358]
+
 4635.  [bug]           Fix RPZ NSDNAME logging that was logging
                        failures as NSIP. [RT #45052]
 

diff --git a/bin/tests/system/checkconf/good-response-dot.conf b/bin/tests/system/checkconf/good-response-dot.conf
new file mode 100644 (file)
index 0000000..5c348eb
--- /dev/null
+++ b/bin/tests/system/checkconf/good-response-dot.conf
@@ -0,0 +1,18 @@
+/*
+ * Copyright (C) 2016  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+zone "example.com." {
+       type master;
+       file "example.com.zone";
+};
+
+options {
+       response-policy {
+               zone "example.com." policy given;
+       };
+};

diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index 5637e008834456a2fc13dfe21a728b3c88770cd8..600c6d6418698ba0831018822e3f4284000a52f3 100644 (file)
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -2758,6 +2758,9 @@ check_rpz(const char *rpz_catz, const cfg_obj_t *rpz_obj,
        const char *forview = " for view ";
        isc_symvalue_t value;
        isc_result_t result, tresult;
+       dns_fixedname_t fixed;
+       dns_name_t *name;
+       char namebuf[DNS_NAME_FORMATSIZE];
 
        if (viewname == NULL) {
                viewname = "";
@@ -2765,6 +2768,8 @@ check_rpz(const char *rpz_catz, const cfg_obj_t *rpz_obj,
        }
        result = ISC_R_SUCCESS;
 
+       dns_fixedname_init(&fixed);
+       name = dns_fixedname_name(&fixed);
        obj = cfg_tuple_get(rpz_obj, "zone list");
        for (element = cfg_list_first(obj);
             element != NULL;
@@ -2773,7 +2778,17 @@ check_rpz(const char *rpz_catz, const cfg_obj_t *rpz_obj,
                nameobj = cfg_tuple_get(obj, "zone name");
                zonename = cfg_obj_asstring(nameobj);
                zonetype = "";
-               tresult = isc_symtab_lookup(symtab, zonename, 3, &value);
+
+               tresult = dns_name_fromstring(name, zonename, 0, NULL);
+               if (tresult != ISC_R_SUCCESS) {
+                       cfg_obj_log(nameobj, logctx, ISC_LOG_ERROR,
+                                  "bad domain name '%s'", zonename);
+                       if (result == ISC_R_SUCCESS)
+                               result = tresult;
+                       continue;
+               }
+               dns_name_format(name, namebuf, sizeof(namebuf));
+               tresult = isc_symtab_lookup(symtab, namebuf, 3, &value);
                if (tresult == ISC_R_SUCCESS) {
                        obj = NULL;
                        zoneobj = value.as_cpointer;
@@ -2789,7 +2804,8 @@ check_rpz(const char *rpz_catz, const cfg_obj_t *rpz_obj,
                        cfg_obj_log(nameobj, logctx, ISC_LOG_ERROR,
                                    "%s '%s'%s%s is not a master or slave zone",
                                    rpz_catz, zonename, forview, viewname);
-                       result = ISC_R_FAILURE;
+                       if (result == ISC_R_SUCCESS)
+                               result = ISC_R_FAILURE;
                }
        }
        return (result);