summaryrefslogtreecommitdiff
path: root/lib/bind9/check.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/bind9/check.c')
-rw-r--r--lib/bind9/check.c70
1 files changed, 55 insertions, 15 deletions
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index ddc546733b147..b43bb7076ad63 100644
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -287,10 +287,6 @@ disabled_algorithms(const cfg_obj_t *disabled, isc_log_t *logctx) {
tresult = dns_secalg_fromtext(&alg, &r);
if (tresult != ISC_R_SUCCESS) {
- isc_uint8_t ui;
- result = isc_parse_uint8(&ui, r.base, 10);
- }
- if (tresult != ISC_R_SUCCESS) {
cfg_obj_log(cfg_listelt_value(element), logctx,
ISC_LOG_ERROR, "invalid algorithm '%s'",
r.base);
@@ -1028,6 +1024,29 @@ typedef struct {
} optionstable;
static isc_result_t
+check_nonzero(const cfg_obj_t *options, isc_log_t *logctx) {
+ isc_result_t result = ISC_R_SUCCESS;
+ const cfg_obj_t *obj = NULL;
+ unsigned int i;
+
+ static const char *nonzero[] = { "max-retry-time", "min-retry-time",
+ "max-refresh-time", "min-refresh-time" };
+ /*
+ * Check if value is zero.
+ */
+ for (i = 0; i < sizeof(nonzero) / sizeof(nonzero[0]); i++) {
+ obj = NULL;
+ if (cfg_map_get(options, nonzero[i], &obj) == ISC_R_SUCCESS &&
+ cfg_obj_asuint32(obj) == 0) {
+ cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+ "'%s' must not be zero", nonzero[i]);
+ result = ISC_R_FAILURE;
+ }
+ }
+ return (result);
+}
+
+static isc_result_t
check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
const cfg_obj_t *config, isc_symtab_t *symtab,
dns_rdataclass_t defclass, cfg_aclconfctx_t *actx,
@@ -1036,7 +1055,7 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
const char *zname;
const char *typestr;
unsigned int ztype;
- const cfg_obj_t *zoptions;
+ const cfg_obj_t *zoptions, *goptions = NULL;
const cfg_obj_t *obj = NULL;
isc_result_t result = ISC_R_SUCCESS;
isc_result_t tresult;
@@ -1105,9 +1124,11 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
};
zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
-
zoptions = cfg_tuple_get(zconfig, "options");
+ if (config != NULL)
+ cfg_map_get(config, "options", &goptions);
+
obj = NULL;
(void)cfg_map_get(zoptions, "type", &obj);
if (obj == NULL) {
@@ -1188,6 +1209,12 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
}
/*
+ * Check if value is zero.
+ */
+ if (check_nonzero(zoptions, logctx) != ISC_R_SUCCESS)
+ result = ISC_R_FAILURE;
+
+ /*
* Look for inappropriate options for the given zone type.
* Check that ACLs expand correctly.
*/
@@ -1760,10 +1787,16 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
isc_result_t result = ISC_R_SUCCESS;
isc_result_t tresult = ISC_R_SUCCESS;
cfg_aclconfctx_t actx;
+ const cfg_obj_t *options = NULL;
const cfg_obj_t *obj;
isc_boolean_t enablednssec, enablevalidation;
/*
+ * Get global options block.
+ */
+ (void)cfg_map_get(config, "options", &options);
+
+ /*
* Check that all zone statements are syntactically correct and
* there are no duplicate zones.
*/
@@ -1798,8 +1831,6 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
* Check that forwarding is reasonable.
*/
if (voptions == NULL) {
- const cfg_obj_t *options = NULL;
- (void)cfg_map_get(config, "options", &options);
if (options != NULL)
if (check_forward(options, NULL,
logctx) != ISC_R_SUCCESS)
@@ -1810,11 +1841,17 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
}
/*
+ * Check non-zero options at the global and view levels.
+ */
+ if (options != NULL && check_nonzero(options, logctx) != ISC_R_SUCCESS)
+ result = ISC_R_FAILURE;
+ if (voptions != NULL &&check_nonzero(voptions, logctx) != ISC_R_SUCCESS)
+ result = ISC_R_FAILURE;
+
+ /*
* Check that dual-stack-servers is reasonable.
*/
if (voptions == NULL) {
- const cfg_obj_t *options = NULL;
- (void)cfg_map_get(config, "options", &options);
if (options != NULL)
if (check_dual_stack(options, logctx) != ISC_R_SUCCESS)
result = ISC_R_FAILURE;
@@ -1838,15 +1875,15 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
tresult = isc_symtab_create(mctx, 1000, freekey, mctx,
ISC_FALSE, &symtab);
if (tresult != ISC_R_SUCCESS)
- return (ISC_R_NOMEMORY);
+ goto cleanup;
(void)cfg_map_get(config, "key", &keys);
tresult = check_keylist(keys, symtab, mctx, logctx);
if (tresult == ISC_R_EXISTS)
result = ISC_R_FAILURE;
else if (tresult != ISC_R_SUCCESS) {
- isc_symtab_destroy(&symtab);
- return (tresult);
+ result = tresult;
+ goto cleanup;
}
if (voptions != NULL) {
@@ -1856,8 +1893,8 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
if (tresult == ISC_R_EXISTS)
result = ISC_R_FAILURE;
else if (tresult != ISC_R_SUCCESS) {
- isc_symtab_destroy(&symtab);
- return (tresult);
+ result = tresult;
+ goto cleanup;
}
}
@@ -1939,6 +1976,9 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
if (tresult != ISC_R_SUCCESS)
result = tresult;
+ cleanup:
+ if (symtab != NULL)
+ isc_symtab_destroy(&symtab);
cfg_aclconfctx_destroy(&actx);
return (result);
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 23:02:19 +0000