Merge branch '2461-named-checkconf-fails-to-detect-illegal-key-names-in-primaries-lists' into 'main'

Resolve "Named-checkconf fails to detect illegal key names in primaries lists" Closes #2461 See merge request isc-projects/bind9!5314
2025-08-31 14:35:26 +00:00 · 2021-08-25 05:55:02 +00:00
parent d66439b939 5d2183c450
commit 99f847d1e9
4 changed files with 71 additions and 0 deletions
--- a/3
+++ b/3
@@ -1,3 +1,6 @@
+5701.	[bug]		named-checkconf failed to detect syntactically invalid
+			key and tls names. [GL #2461]
+
 5700.	[bug]		Journals where not being removed when a catalog zone
 			was removed. [GL #2842]

--- a/bin/tests/system/checkconf/bad-primaries-key.conf
+++ b/bin/tests/system/checkconf/bad-primaries-key.conf
@@ -0,0 +1,15 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+zone example {
+        type secondary;
+        primaries { 1.2.3.4 key a..b; };
+};
--- a/bin/tests/system/checkconf/bad-primaries-tls.conf
+++ b/bin/tests/system/checkconf/bad-primaries-tls.conf
@@ -0,0 +1,15 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+zone example {
+        type secondary;
+        primaries { 1.2.3.4 tls a..b; };
+};
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -2114,13 +2114,43 @@ resume:
 		const char *listname;
 		const cfg_obj_t *addr;
 		const cfg_obj_t *key;
+		const cfg_obj_t *tls;

 		addr = cfg_tuple_get(cfg_listelt_value(element),
 				     "remoteselement");
 		key = cfg_tuple_get(cfg_listelt_value(element), "key");
+		tls = cfg_tuple_get(cfg_listelt_value(element), "tls");

 		if (cfg_obj_issockaddr(addr)) {
 			count++;
+			if (cfg_obj_isstring(key)) {
+				const char *str = cfg_obj_asstring(key);
+				dns_fixedname_t fname;
+				dns_name_t *nm = dns_fixedname_initname(&fname);
+				tresult = dns_name_fromstring(nm, str, 0, NULL);
+				if (tresult != ISC_R_SUCCESS) {
+					cfg_obj_log(key, logctx, ISC_LOG_ERROR,
+						    "'%s' is not a valid name",
+						    str);
+					if (result == ISC_R_SUCCESS) {
+						result = tresult;
+					}
+				}
+			}
+			if (cfg_obj_isstring(tls)) {
+				const char *str = cfg_obj_asstring(tls);
+				dns_fixedname_t fname;
+				dns_name_t *nm = dns_fixedname_initname(&fname);
+				tresult = dns_name_fromstring(nm, str, 0, NULL);
+				if (tresult != ISC_R_SUCCESS) {
+					cfg_obj_log(tls, logctx, ISC_LOG_ERROR,
+						    "'%s' is not a valid name",
+						    str);
+					if (result == ISC_R_SUCCESS) {
+						result = tresult;
+					}
+				}
+			}
 			continue;
 		}
 		if (!cfg_obj_isvoid(key)) {
@@ -2131,6 +2161,14 @@ resume:
 				result = ISC_R_FAILURE;
 			}
 		}
+		if (!cfg_obj_isvoid(tls)) {
+			cfg_obj_log(key, logctx, ISC_LOG_ERROR,
+				    "unexpected token '%s'",
+				    cfg_obj_asstring(tls));
+			if (result == ISC_R_SUCCESS) {
+				result = ISC_R_FAILURE;
+			}
+		}
 		listname = cfg_obj_asstring(addr);
 		symvalue.as_cpointer = addr;
 		tresult = isc_symtab_define(symtab, listname, 1, symvalue,