Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
API: be more strict when parsing record contents
Fixes #2113.
  • Loading branch information
zeha committed Feb 7, 2015
1 parent 24cd86c commit 1e5b9ab
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 1 deletion.
13 changes: 12 additions & 1 deletion pdns/ws-auth.cc
Expand Up @@ -403,10 +403,21 @@ static void gatherRecords(const Value& container, vector<DNSResourceRecord>& new
try {
shared_ptr<DNSRecordContent> drc(DNSRecordContent::mastermake(rr.qtype.getCode(), 1, rr.content));
string tmp = drc->serialize(rr.qname);
if (rr.qtype.getCode() != QType::AAAA) {
tmp = drc->getZoneRepresentation();
if (!pdns_iequals(tmp, rr.content)) {
throw std::runtime_error("Not in expected format (parsed as '"+tmp+"')");
}
} else {
struct in6_addr tmpbuf;
if (inet_pton(AF_INET6, rr.content.c_str(), &tmpbuf) != 1 || rr.content.find('.') != string::npos) {
throw std::runtime_error("Invalid IPv6 address");
}
}
}
catch(std::exception& e)
{
throw ApiException("Record "+rr.qname+"/"+rr.qtype.getName()+" "+rr.content+": "+e.what());
throw ApiException("Record "+rr.qname+"/"+rr.qtype.getName()+" '"+rr.content+"': "+e.what());
}

if ((rr.qtype.getCode() == QType::A || rr.qtype.getCode() == QType::AAAA) &&
Expand Down
24 changes: 24 additions & 0 deletions regression-tests.api/test_Zones.py
Expand Up @@ -727,6 +727,30 @@ def test_rrset_unknown_type(self):
self.assertEquals(r.status_code, 422)
self.assertIn('unknown type', r.json()['error'])

def test_create_zone_with_leading_space(self):
# Actual regression.
payload, zone = self.create_zone()
name = payload['name']
rrset = {
'changetype': 'replace',
'name': name,
'type': 'A',
'records': [
{
"name": name,
"type": "A",
"ttl": 3600,
"content": " 4.3.2.1",
"disabled": False
}
]
}
payload = {'rrsets': [rrset]}
r = self.session.patch(self.url("/servers/localhost/zones/" + name), data=json.dumps(payload),
headers={'content-type': 'application/json'})
self.assertEquals(r.status_code, 422)
self.assertIn('Not in expected format', r.json()['error'])

def test_zone_rr_delete_out_of_zone(self):
payload, zone = self.create_zone()
name = payload['name']
Expand Down

0 comments on commit 1e5b9ab

Please sign in to comment.