4636. [bug] Normalize rpz policy zone names when checking for

existence. [RT #45358]
2025-08-29 13:38:26 +00:00 · 2017-06-13 13:06:47 +10:00 · 2017-06-13 13:06:47 +10:00 · e85e95c19e
commit e85e95c19e
parent 2c11da8441
3 changed files with 39 additions and 2 deletions
--- a/3
+++ b/3
@ -1,3 +1,6 @@
+4636.	[bug]		Normalize rpz policy zone names when checking for
+			existence. [RT #45358]
+
 4635.	[bug]		Fix RPZ NSDNAME logging that was logging
 			failures as NSIP. [RT #45052]

--- a/bin/tests/system/checkconf/good-response-dot.conf
+++ b/bin/tests/system/checkconf/good-response-dot.conf
@ -0,0 +1,18 @@
+/*
+ * Copyright (C) 2016  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+zone "example.com." {
+	type master;
+	file "example.com.zone";
+};
+
+options {
+	response-policy {
+		zone "example.com." policy given;
+	};
+};
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@ -2944,6 +2944,9 @@ check_rpz_catz(const char *rpz_catz, const cfg_obj_t *rpz_obj,
 	const char *forview = " for view ";
 	isc_symvalue_t value;
 	isc_result_t result, tresult;
+	dns_fixedname_t fixed;
+	dns_name_t *name;
+	char namebuf[DNS_NAME_FORMATSIZE];

 	if (viewname == NULL) {
 		viewname = "";
@ -2951,6 +2954,8 @@ check_rpz_catz(const char *rpz_catz, const cfg_obj_t *rpz_obj,
 	}
 	result = ISC_R_SUCCESS;

+	dns_fixedname_init(&fixed);
+	name = dns_fixedname_name(&fixed);
 	obj = cfg_tuple_get(rpz_obj, "zone list");
 	for (element = cfg_list_first(obj);
 	     element != NULL;
@ -2959,7 +2964,17 @@ check_rpz_catz(const char *rpz_catz, const cfg_obj_t *rpz_obj,
 		nameobj = cfg_tuple_get(obj, "zone name");
 		zonename = cfg_obj_asstring(nameobj);
 		zonetype = "";
-		tresult = isc_symtab_lookup(symtab, zonename, 3, &value);
+
+		tresult = dns_name_fromstring(name, zonename, 0, NULL);
+		if (tresult != ISC_R_SUCCESS) {
+			cfg_obj_log(nameobj, logctx, ISC_LOG_ERROR,
+				   "bad domain name '%s'", zonename);
+			if (result == ISC_R_SUCCESS)
+				result = tresult;
+			continue;
+		}
+		dns_name_format(name, namebuf, sizeof(namebuf));
+		tresult = isc_symtab_lookup(symtab, namebuf, 3, &value);
 		if (tresult == ISC_R_SUCCESS) {
 			obj = NULL;
 			zoneobj = value.as_cpointer;
@ -2975,6 +2990,7 @@ check_rpz_catz(const char *rpz_catz, const cfg_obj_t *rpz_obj,
 			cfg_obj_log(nameobj, logctx, ISC_LOG_ERROR,
 				    "%s '%s'%s%s is not a master or slave zone",
 				    rpz_catz, zonename, forview, viewname);
+			if (result == ISC_R_SUCCESS)
 				result = ISC_R_FAILURE;
 		}
 	}