From 85243e01894043327a1ac1d4d1a14ac2194a0ffe Mon Sep 17 00:00:00 2001
From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Tue, 12 Jul 2016 19:20:34 +0200
Subject: [PATCH] Add some sanity checking to rec_control wipe-cache

Closes #4098
---
 pdns/rec_channel_rec.cc | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/pdns/rec_channel_rec.cc b/pdns/rec_channel_rec.cc
index aefce242de..2b96b2a5f1 100644
--- a/pdns/rec_channel_rec.cc
+++ b/pdns/rec_channel_rec.cc
@@ -242,8 +242,22 @@ template<typename T>
 string doWipeCache(T begin, T end)
 {
   int count=0, countNeg=0;
+
+  vector<string> toWipe;
+
   for(T i=begin; i != end; ++i) {
     string canon=toCanonic("", *i);
+
+    if (canon[0] == '.')
+      return "dot found in the first place of " + canon + ". Nothing wiped.\n";
+
+    if (canon.find("..") != string::npos)
+      return "double dot found in " + canon + ". Nothing wiped.\n";
+
+    toWipe.push_back(canon);
+  }
+
+  BOOST_FOREACH(const string& canon, toWipe) {
     count+= broadcastAccFunction<uint64_t>(boost::bind(pleaseWipeCache, canon));
     countNeg+=broadcastAccFunction<uint64_t>(boost::bind(pleaseWipeAndCountNegCache, canon));
   }
-- 
2.47.2