Permalink
Browse files

auth: Fix a possible memory leak in the webserver

Also state clearly that we advise against running the webserver
without password protection.

Reported by mongo (thanks!).

(cherry picked from commit bea69e3)
  • Loading branch information...
1 parent f667604 commit c816fe332e2e5598f286f00687097f7f71529148 @rgacogne rgacogne committed Oct 7, 2016
Showing with 2 additions and 2 deletions.
  1. +1 −1 docs/markdown/common/logging.md
  2. +1 −1 pdns/ws-auth.cc
@@ -27,7 +27,7 @@ Be aware that syslog by default logs messages at the configured priority and hig
Both PowerDNS daemons generate ample metrics which can be used to monitor performance. These metrics can be polled using the rec\_control and pdns\_control commands, and they are also available via the http-based API. Finally, they can be pushed to a Carbon/Graphite server, either native carbon, or our own Metronome implementation.
## Webserver
-To launch the internal webserver, add a [`webserver`](../authoritative/settings.md#webserver) statement to the `pdns.conf`. This will instruct the PowerDNS daemon to start a webserver on localhost at port 8081, without password protection. Only local users (on the same host) will be able to access the webserver by default. The webserver lists a lot of information about the PowerDNS process, including frequent queries, frequently failing queries, lists of remote hosts sending queries, hosts sending corrupt queries etc. The webserver does not allow remote management of the daemon. The following webserver related configuration items are available:
+To launch the internal webserver, add a [`webserver`](../authoritative/settings.md#webserver) statement to the `pdns.conf`. This will instruct the PowerDNS daemon to start a webserver on localhost at port 8081, without password protection. Only local users (on the same host) will be able to access the webserver by default, but we still strongly advise the use of a password protection. The webserver lists a lot of information about the PowerDNS process, including frequent queries, frequently failing queries, lists of remote hosts sending queries, hosts sending corrupt queries etc. The webserver does not allow remote management of the daemon. The following webserver related configuration items are available:
* `webserver`: If set to anything but 'no', a webserver is launched.
* `webserver-address`: Address to bind the webserver to. Defaults to 127.0.0.1, which implies that only the local computer is able to connect to the nameserver! To allow remote hosts to connect, change to 0.0.0.0 or the physical IP address of your nameserver.
View
@@ -277,7 +277,7 @@ void AuthWebServer::indexfunction(HttpRequest* req, HttpResponse* resp)
if(arg().mustDo("webserver-print-arguments"))
printargs(ret);
}
- else
+ else if(S.ringExists(req->getvars["ring"]))
printtable(ret,req->getvars["ring"],S.getRingTitle(req->getvars["ring"]),100);
ret<<"</div></div>"<<endl;

0 comments on commit c816fe3

Please sign in to comment.