allow-from-file= parser needs review #331

Closed
Habbie opened this Issue Apr 26, 2013 · 1 comment

Projects

None yet

1 participant

@Habbie
Member
Habbie commented Apr 26, 2013

When ACL file has normal stuff in it:

gimre@voy:/tmp/pdns-recursor-3.3.1$ cat /tmp/foo.lst
1.2.3.4
gimre@voy:/tmp/pdns-recursor-3.3.1$ dig +short www.yahoo.com @127.0.0.1
;; connection timed out; no servers could be reached

One can write almost anything after the slash:

gimre@voy:/tmp/pdns-recursor-3.3.1$ echo "1.2.3.4/moo" > /tmp/foo.lst
gimre@voy:/tmp/pdns-recursor-3.3.1$ cat /tmp/foo.lst
1.2.3.4/moo
gimre@voy:/tmp/pdns-recursor-3.3.1$ sudo ./rec_control --config-dir=/tmp reload-acls
ok

Seems like this leaves the recursor open to be queried from anywhere (NOT just from localhost):

gimre@voy:/tmp/pdns-recursor-3.3.1$ dig +short www.yahoo.com @127.0.0.1
fp.wg1.b.yahoo.com.
eu-fp.wa1.b.yahoo.com.
87.248.122.122

@Habbie Habbie was assigned Apr 26, 2013
@Habbie Habbie closed this Apr 26, 2013
@Habbie Habbie added a commit that referenced this issue Apr 26, 2013
@Habbie Habbie be stricter about parsing netmask prefix lengths, fixes #331
git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2629 d19b8d6e-7fed-0310-83ef-9ca221ded41b
8ac6bd6
@Habbie
Member
Habbie commented Apr 26, 2013

Author: peter
fixed in r2629

@mind04 mind04 pushed a commit to mind04/pdns that referenced this issue Apr 26, 2013
peter be stricter about parsing netmask prefix lengths, fixes #331
git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2629 d19b8d6e-7fed-0310-83ef-9ca221ded41b
4d22088
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment