[Freeipa-devel] [PATCH 0117] Fix crash caused by invalid query/transfer policy
Adam Tkac
atkac at redhat.com
Mon Mar 25 15:08:43 UTC 2013
On Mon, Mar 04, 2013 at 02:22:34PM +0100, Petr Spacek wrote:
> Hello,
>
> Fix crash caused by invalid query/transfer policy.
>
> Please double-check correctness. The ISC parser is really complex beast!
>
> Thank you.
Ack
> From 41061726684211924e453f74d1db3bec6c2e32d6 Mon Sep 17 00:00:00 2001
> From: Petr Spacek <pspacek at redhat.com>
> Date: Mon, 4 Mar 2013 14:20:56 +0100
> Subject: [PATCH] Fix crash caused by invalid query/transfer policy.
>
> Signed-off-by: Petr Spacek <pspacek at redhat.com>
> ---
> src/acl.c | 45 +++++++++++++++++++++++++++++++++++----------
> 1 file changed, 35 insertions(+), 10 deletions(-)
>
> diff --git a/src/acl.c b/src/acl.c
> index f95cf431b6363d82085e9cfec7e6c1d6ddd45d7a..076a50375ae1fd132c143aa96379f7c80cc78cb8 100644
> --- a/src/acl.c
> +++ b/src/acl.c
> @@ -71,6 +71,19 @@ static cfg_type_t *allow_query;
> static cfg_type_t *allow_transfer;
> static cfg_type_t *forwarders;
>
> +/* Following definitions are necessary for context ("map" configuration object)
> + * required during ACL parsing. */
> +static cfg_clausedef_t * empty_map_clausesets[] = {
> + NULL
> +};
> +
> +static cfg_type_t cfg_type_empty_map = {
> + "empty_map", cfg_parse_map, cfg_print_map, cfg_doc_map, &cfg_rep_map,
> + empty_map_clausesets
> +};
> +
> +static cfg_type_t *empty_map_p = &cfg_type_empty_map;
> +
> static cfg_type_t *
> get_type_from_tuplefield(const cfg_type_t *cfg_type, const char *name)
> {
> @@ -469,44 +482,56 @@ acl_from_ldap(isc_mem_t *mctx, const char *aclstr, acl_type_t type,
> cfg_parser_t *parser = NULL;
> cfg_obj_t *aclobj = NULL;
> cfg_aclconfctx_t *aclctx = NULL;
> + /* ACL parser requires "configuration context". The parser looks for
> + * undefined names in this context. We create empty context ("map" type),
> + * i.e. only built-in named lists "any", "none" etc. are supported. */
> + cfg_obj_t *cctx = NULL;
> + cfg_parser_t *parser_empty = NULL;
>
> REQUIRE(aclp != NULL && *aclp == NULL);
>
> CHECK(bracket_str(mctx, aclstr, &new_aclstr));
>
> CHECK(cfg_parser_create(mctx, dns_lctx, &parser));
> + CHECK(cfg_parser_create(mctx, dns_lctx, &parser_empty));
> + CHECK(parse(parser_empty, "{}", &empty_map_p, &cctx));
> +
> switch (type) {
> case acl_type_query:
> - result = parse(parser, str_buf(new_aclstr), &allow_query,
> - &aclobj);
> + CHECK(parse(parser, str_buf(new_aclstr), &allow_query,
> + &aclobj));
> break;
> case acl_type_transfer:
> - result = parse(parser, str_buf(new_aclstr), &allow_transfer,
> - &aclobj);
> + CHECK(parse(parser, str_buf(new_aclstr), &allow_transfer,
> + &aclobj));
> break;
> default:
> /* This is a bug */
> REQUIRE("Unhandled ACL type in acl_from_ldap" == NULL);
> }
>
> - if (result != ISC_R_SUCCESS) {
> - log_error("Failed to parse ACL (%s)", aclstr);
> - goto cleanup;
> - }
> -
> CHECK(cfg_aclconfctx_create(mctx, &aclctx));
> - CHECK(cfg_acl_fromconfig(aclobj, NULL, dns_lctx, aclctx, mctx, 0, &acl));
> + CHECK(cfg_acl_fromconfig(aclobj, cctx, dns_lctx, aclctx, mctx, 0, &acl));
>
> *aclp = acl;
> result = ISC_R_SUCCESS;
>
> cleanup:
> + if (result != ISC_R_SUCCESS)
> + log_error_r("%s ACL parsing failed: '%s'",
> + type == acl_type_query ? "query" : "transfer",
> + aclstr);
> +
> if (aclctx != NULL)
> cfg_aclconfctx_detach(&aclctx);
> if (aclobj != NULL)
> cfg_obj_destroy(parser, &aclobj);
> if (parser != NULL)
> cfg_parser_destroy(&parser);
> + if (cctx != NULL)
> + cfg_obj_destroy(parser_empty, &cctx);
> + if (parser_empty != NULL)
> + cfg_parser_destroy(&parser_empty);
> str_destroy(&new_aclstr);
>
> return result;
> --
> 1.7.11.7
>
--
Adam Tkac, Red Hat, Inc.
More information about the Freeipa-devel
mailing list