Rpz #73
Rpz #73
Conversation
bring fork up-to-date with upstream
- Fixes for compiler warnings
bring fork up to date
- Added RPZ policy apply logging
- Fix memory leak - IANA ports update - merge littlehash ASAN changes
- Fix potential memory leak
- Fix rpz memory leak
- Fix memory leak
- use localzone's memory layout when removing rr from rrset
|
What a shame |
smallapp/unbound-control.c
Outdated
| if((enum rpz_action)s->svr.rpz_action[i] == RPZ_NO_OVERRIDE_ACTION) | ||
| continue; |
There was a problem hiding this comment.
This must be wrong, the value is a statistics counter, it is never assigned to this variable and the enum is a valid value for the statistics counter.
There was a problem hiding this comment.
It is also wrong in remote.c, where the same line is copied from.
services/rpz.c
Outdated
| if(*dname == 0) | ||
| return NULL; | ||
|
|
||
| while(*dname) { | ||
| dname = dname+*dname+1; | ||
| dnamelen += ((size_t)*dname)+1; |
There was a problem hiding this comment.
The if(dnamelen > maxdnamelen) check needs to be before the *dname parts above, in the if(..==0) and while() and in the dnamelen+= statements, you first need to check that the label length byte fits in the maxdnamelen. With an added statement like if(dnamelen+1 > maxdnamelen) return NULL; at the start of the routine. I don't think it is needed at the end of the while loop.
There was a problem hiding this comment.
Actually I think it is also needed before the *dname in the != 0 comparison below, an if statement to check if dnamelen+1 > maxdnamelen.
There was a problem hiding this comment.
Ack on the check at the start of the routine, in case of a maxdnamelen of 0.
For the second check (in the while) I don't think a new if is needed, changing the existing one from if(dnamelen > maxdnamelen) to if(dnamelen+1 > maxdnamelen) should do the trick.
services/localzone.c
Outdated
| if(dname_is_wild(ctarget)) { | ||
| /* synthesize cname target */ | ||
| struct packed_rrset_data* d; | ||
| uint8_t newtarget[LDNS_MAX_DOMAINLEN]; |
There was a problem hiding this comment.
Other buffers are LDNS_MAX_DOMAINLEN+1. Also for rpz.c:646 wc[LDNS_MAX_DOMAINLEN], the +1 is elsewhere but not here.
There was a problem hiding this comment.
The newtarget[] is actually not used at all and removed in a later commit (344f12d)
There was a problem hiding this comment.
added +1 for the wc[] in rpz.c (7da16fe)
util/net_help.c
Outdated
| len = *dname; | ||
| lablen = *dname++; |
There was a problem hiding this comment.
ipdnametoaddr and netblockdnametoaddr also have dnamelen == 0 check needed. And perhaps also check if labellengthbyte fits in dnamelen, and if the label length fits in dnamelen.
There was a problem hiding this comment.
Added in 88a706a
Also subtracting the netblock label (incl. length byte) from length passed to ipdnametoaddr.
|
👏 👏 👏 👏 👏 Is there are release date for this? like 1.9.7? |
This will be part of the upcoming Unbound 1.10 release, which is scheduled to happen in February. |
No description provided.