91 lines
3.4 KiB
Diff
91 lines
3.4 KiB
Diff
From 7e2d9531a79d289ee99dd436da14efb6d9a505fc Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
|
|
Date: Wed, 3 Jun 2020 14:42:11 +0200
|
|
Subject: [PATCH] Change the invalid CIDR from parser error to warning
|
|
|
|
In [RT #43367], the BIND 9 changed the strictness of address / prefix
|
|
length checks:
|
|
|
|
Check prefixes in acls to make sure the address and
|
|
prefix lengths are consistent. Warn only in
|
|
BIND 9.11 and earlier.
|
|
|
|
Unfortunately, a regression slipped in and the check was made an error
|
|
also in the BIND 9.11. This commit fixes the regression, but turning
|
|
the error into a warning.
|
|
---
|
|
bin/tests/system/checkconf/tests.sh | 9 +++++++++
|
|
...conf => warn-address-prefix-length-mismatch.conf} | 12 ++++++++++--
|
|
lib/isccfg/parser.c | 9 ---------
|
|
util/copyrights | 2 +-
|
|
4 files changed, 20 insertions(+), 12 deletions(-)
|
|
rename bin/tests/system/checkconf/{bad-ipv4-prefix-dotted2.conf => warn-address-prefix-length-mismatch.conf} (70%)
|
|
|
|
diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh
|
|
index 85fb4839e9..d2b0daa35c 100644
|
|
--- a/bin/tests/system/checkconf/tests.sh
|
|
+++ b/bin/tests/system/checkconf/tests.sh
|
|
@@ -386,6 +386,15 @@ grep "dlv.isc.org has been shut down" < checkconf.out$n > /dev/null || ret=1
|
|
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
|
|
status=`expr $status + $ret`
|
|
|
|
+n=`expr $n + 1`
|
|
+echo_i "check that invalid address/prefix length generates a warning ($n)"
|
|
+ret=0
|
|
+$CHECKCONF warn-address-prefix-length-mismatch.conf > checkconf.out$n 2>/dev/null || ret=1
|
|
+LINES=$(grep -c "address/prefix length mismatch" < checkconf.out$n) || ret=1
|
|
+[ "$LINES" -eq 8 ] || ret=1
|
|
+if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
|
|
+status=`expr $status + $ret`
|
|
+
|
|
n=`expr $n + 1`
|
|
echo_i "check that 'dnssec-lookaside . trust-anchor dlv.example.com;' doesn't generates a warning ($n)"
|
|
ret=0
|
|
diff --git a/bin/tests/system/checkconf/bad-ipv4-prefix-dotted2.conf b/bin/tests/system/checkconf/warn-address-prefix-length-mismatch.conf
|
|
similarity index 70%
|
|
rename from bin/tests/system/checkconf/bad-ipv4-prefix-dotted2.conf
|
|
rename to bin/tests/system/checkconf/warn-address-prefix-length-mismatch.conf
|
|
index 2c768c7e1a..5e3bc3f6ee 100644
|
|
--- a/bin/tests/system/checkconf/bad-ipv4-prefix-dotted2.conf
|
|
+++ b/bin/tests/system/checkconf/warn-address-prefix-length-mismatch.conf
|
|
@@ -9,6 +9,14 @@
|
|
* information regarding copyright ownership.
|
|
*/
|
|
|
|
-acl myacl {
|
|
- 127.1/8; /* No-zero bits */
|
|
+zone example {
|
|
+ type master;
|
|
+ file "example.db";
|
|
+ auto-dnssec maintain;
|
|
+ allow-update {
|
|
+ 192.0.2.64/24;
|
|
+ 192.0.2.128/24;
|
|
+ 198.51.100.255/24;
|
|
+ 203.0.113.2/24;
|
|
+ };
|
|
};
|
|
diff --git a/lib/isccfg/parser.c b/lib/isccfg/parser.c
|
|
index e2af054661..44a1dfc37a 100644
|
|
--- a/lib/isccfg/parser.c
|
|
+++ b/lib/isccfg/parser.c
|
|
@@ -2634,15 +2634,6 @@ cfg_parse_netprefix(cfg_parser_t *pctx, const cfg_type_t *type,
|
|
"invalid prefix length");
|
|
return (ISC_R_RANGE);
|
|
}
|
|
- result = isc_netaddr_prefixok(&netaddr, prefixlen);
|
|
- if (result != ISC_R_SUCCESS) {
|
|
- char buf[ISC_NETADDR_FORMATSIZE + 1];
|
|
- isc_netaddr_format(&netaddr, buf, sizeof(buf));
|
|
- cfg_parser_error(pctx, CFG_LOG_NOPREP,
|
|
- "'%s/%u': address/prefix length "
|
|
- "mismatch", buf, prefixlen);
|
|
- return (ISC_R_FAILURE);
|
|
- }
|
|
} else {
|
|
if (expectprefix) {
|
|
cfg_parser_error(pctx, CFG_LOG_NEAR,
|
|
--
|
|
GitLab
|
|
|