Skip to content
GitHub no longer supports this web browser. Learn more about the browsers we support.
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rpz #73

Merged
merged 59 commits into from Jan 30, 2020
Merged

Rpz #73

merged 59 commits into from Jan 30, 2020

Conversation

@ralphdolmans
Copy link
Member

ralphdolmans commented Sep 9, 2019

No description provided.

ralphdolmans added 30 commits Apr 5, 2019
bring fork up-to-date with upstream
- Fixes for compiler warnings
bring fork up to date
 - Added RPZ policy apply logging
 - Fix memory leak
 - IANA ports update
 - merge littlehash ASAN changes
- Fix potential memory leak
- Fix rpz memory leak
- Fix memory leak
 - use localzone's memory layout when removing rr from rrset
@spirillen

This comment has been minimized.

Copy link

spirillen commented Jan 16, 2020

What a shame All checks have failed I'm still hoping you prioritize this MR as it would move you way up to the top of my choice of selection in recursors 😃

if((enum rpz_action)s->svr.rpz_action[i] == RPZ_NO_OVERRIDE_ACTION)
continue;
Comment on lines 378 to 379

This comment has been minimized.

Copy link
@wcawijngaards

wcawijngaards Jan 28, 2020

Member

This must be wrong, the value is a statistics counter, it is never assigned to this variable and the enum is a valid value for the statistics counter.

This comment has been minimized.

Copy link
@wcawijngaards

wcawijngaards Jan 28, 2020

Member

It is also wrong in remote.c, where the same line is copied from.

if(*dname == 0)
return NULL;

while(*dname) {
dname = dname+*dname+1;
dnamelen += ((size_t)*dname)+1;
Comment on lines 121 to 125

This comment has been minimized.

Copy link
@wcawijngaards

wcawijngaards Jan 28, 2020

Member

The if(dnamelen > maxdnamelen) check needs to be before the *dname parts above, in the if(..==0) and while() and in the dnamelen+= statements, you first need to check that the label length byte fits in the maxdnamelen. With an added statement like if(dnamelen+1 > maxdnamelen) return NULL; at the start of the routine. I don't think it is needed at the end of the while loop.

This comment has been minimized.

Copy link
@wcawijngaards

wcawijngaards Jan 28, 2020

Member

Actually I think it is also needed before the *dname in the != 0 comparison below, an if statement to check if dnamelen+1 > maxdnamelen.

This comment has been minimized.

Copy link
@ralphdolmans

ralphdolmans Jan 29, 2020

Author Member

Ack on the check at the start of the routine, in case of a maxdnamelen of 0.

For the second check (in the while) I don't think a new if is needed, changing the existing one from if(dnamelen > maxdnamelen) to if(dnamelen+1 > maxdnamelen) should do the trick.

This comment has been minimized.

Copy link
@ralphdolmans
services/rpz.c Outdated Show resolved Hide resolved
services/rpz.c Outdated Show resolved Hide resolved
if(dname_is_wild(ctarget)) {
/* synthesize cname target */
struct packed_rrset_data* d;
uint8_t newtarget[LDNS_MAX_DOMAINLEN];

This comment has been minimized.

Copy link
@wcawijngaards

wcawijngaards Jan 28, 2020

Member

Other buffers are LDNS_MAX_DOMAINLEN+1. Also for rpz.c:646 wc[LDNS_MAX_DOMAINLEN], the +1 is elsewhere but not here.

This comment has been minimized.

Copy link
@ralphdolmans

ralphdolmans Jan 28, 2020

Author Member

The newtarget[] is actually not used at all and removed in a later commit (344f12d)

This comment has been minimized.

Copy link
@ralphdolmans

ralphdolmans Jan 29, 2020

Author Member

added +1 for the wc[] in rpz.c (7da16fe)

len = *dname;
lablen = *dname++;
Comment on lines 303 to 304

This comment has been minimized.

Copy link
@wcawijngaards

wcawijngaards Jan 29, 2020

Member

ipdnametoaddr and netblockdnametoaddr also have dnamelen == 0 check needed. And perhaps also check if labellengthbyte fits in dnamelen, and if the label length fits in dnamelen.

This comment has been minimized.

Copy link
@ralphdolmans

ralphdolmans Jan 29, 2020

Author Member

Added in 88a706a

Also subtracting the netblock label (incl. length byte) from length passed to ipdnametoaddr.

Copy link
Member

wcawijngaards left a comment

Reviewed (change commits since previous), and it looks good! (I think this comment allows later github diffs to be made as well, hence).

@ralphdolmans ralphdolmans merged commit b9c9fc0 into master Jan 30, 2020
2 checks passed
2 checks passed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
@ralphdolmans ralphdolmans deleted the rpz branch Jan 30, 2020
@spirillen

This comment has been minimized.

Copy link

spirillen commented Jan 30, 2020

👏 👏 👏 👏 👏

Is there are release date for this? like 1.9.7?

@ralphdolmans

This comment has been minimized.

Copy link
Member Author

ralphdolmans commented Jan 30, 2020

Is there are release date for this? like 1.9.7?

This will be part of the upcoming Unbound 1.10 release, which is scheduled to happen in February.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.