diff options
Diffstat (limited to 'contrib/bind9/bin/named/aclconf.c')
| -rw-r--r-- | contrib/bind9/bin/named/aclconf.c | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/contrib/bind9/bin/named/aclconf.c b/contrib/bind9/bin/named/aclconf.c index ef36c5681f48..8b6d0c767d4f 100644 --- a/contrib/bind9/bin/named/aclconf.c +++ b/contrib/bind9/bin/named/aclconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: aclconf.c,v 1.27.12.3 2004/03/08 04:04:18 marka Exp $ */ +/* $Id: aclconf.c,v 1.27.12.5 2005/03/17 03:58:25 marka Exp $ */ #include <config.h> @@ -31,6 +31,8 @@ #include <named/aclconf.h> +#define LOOP_MAGIC ISC_MAGIC('L','O','O','P') + void ns_aclconfctx_init(ns_aclconfctx_t *ctx) { ISC_LIST_INIT(ctx->named_acl_cache); @@ -81,6 +83,7 @@ convert_named_acl(cfg_obj_t *nameobj, cfg_obj_t *cctx, isc_result_t result; cfg_obj_t *cacl = NULL; dns_acl_t *dacl; + dns_acl_t loop; char *aclname = cfg_obj_asstring(nameobj); /* Look for an already-converted version. */ @@ -89,6 +92,11 @@ convert_named_acl(cfg_obj_t *nameobj, cfg_obj_t *cctx, dacl = ISC_LIST_NEXT(dacl, nextincache)) { if (strcasecmp(aclname, dacl->name) == 0) { + if (ISC_MAGIC_VALID(dacl, LOOP_MAGIC)) { + cfg_obj_log(nameobj, dns_lctx, ISC_LOG_ERROR, + "acl loop detected: %s", aclname); + return (ISC_R_FAILURE); + } dns_acl_attach(dacl, target); return (ISC_R_SUCCESS); } @@ -100,7 +108,18 @@ convert_named_acl(cfg_obj_t *nameobj, cfg_obj_t *cctx, "undefined ACL '%s'", aclname); return (result); } + /* + * Add a loop detection element. + */ + memset(&loop, 0, sizeof(loop)); + ISC_LINK_INIT(&loop, nextincache); + loop.name = aclname; + loop.magic = LOOP_MAGIC; + ISC_LIST_APPEND(ctx->named_acl_cache, &loop, nextincache); result = ns_acl_fromconfig(cacl, cctx, ctx, mctx, &dacl); + ISC_LIST_UNLINK(ctx->named_acl_cache, &loop, nextincache); + loop.magic = 0; + loop.name = NULL; if (result != ISC_R_SUCCESS) return (result); dacl->name = isc_mem_strdup(dacl->mctx, aclname); |