BIND 10 trac2427, updated. 694dda8c2b939cf29d8949693f40dd12439fab0c [2427] Don't leak $ORIGIN from included file

BIND 10 source code commits bind10-changes at lists.isc.org
Mon Dec 17 12:31:40 UTC 2012 

The branch, trac2427 has been updated
       via  694dda8c2b939cf29d8949693f40dd12439fab0c (commit)
      from  23a5c8f5a97538d51389303ebef46164f95cd317 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 694dda8c2b939cf29d8949693f40dd12439fab0c
Author: Michal 'vorner' Vaner <michal.vaner at nic.cz>
Date:   Mon Dec 17 13:30:36 2012 +0100

    [2427] Don't leak $ORIGIN from included file

-----------------------------------------------------------------------

Summary of changes:
 src/lib/dns/master_loader.cc                |   25 ++++++++++++++++++++++---
 src/lib/dns/tests/master_loader_unittest.cc |   17 +++++++++++++++++
 src/lib/dns/tests/testdata/Makefile.am      |    1 +
 src/lib/dns/tests/testdata/origincheck.txt  |    5 +++++
 4 files changed, 45 insertions(+), 3 deletions(-)
 create mode 100644 src/lib/dns/tests/testdata/origincheck.txt

-----------------------------------------------------------------------
diff --git a/src/lib/dns/master_loader.cc b/src/lib/dns/master_loader.cc
index 2c53449..00f0d7a 100644
--- a/src/lib/dns/master_loader.cc
+++ b/src/lib/dns/master_loader.cc
@@ -22,13 +22,16 @@
 
 #include <string>
 #include <memory>
+#include <vector>
 #include <boost/algorithm/string/predicate.hpp> // for iequals
-#include <boost/scoped_ptr.hpp>
+#include <boost/shared_ptr.hpp>
 
 using std::string;
 using std::auto_ptr;
+using std::vector;
+using std::pair;
 using boost::algorithm::iequals;
-using boost::scoped_ptr;
+using boost::shared_ptr;
 
 namespace isc {
 namespace dns {
@@ -95,6 +98,8 @@ public:
                 ok_ = false;
             }
         }
+        // Store the current status, so we can recover it upon popSource
+        include_info_.push_back(IncludeInfo(active_origin_, last_name_));
         initialized_ = true;
     }
 
@@ -103,6 +108,15 @@ public:
             return (false);
         }
         lexer_.popSource();
+        // Restore original origin and last seen name
+
+        // We move in tandem, there's an extra item included during the
+        // initialization, so we can never run out of them
+        assert(!include_info_.empty());
+        const IncludeInfo& info(include_info_.back());
+        active_origin_ = info.first;
+        last_name_ = info.second;
+        include_info_.pop_back();
         return (true);
     }
 
@@ -207,7 +221,7 @@ private:
     const Name zone_origin_;
     Name active_origin_; // The origin used during parsing
                          // (modifiable by $ORIGIN)
-    scoped_ptr<Name> last_name_; // Last seen name (for INITAL_WS handling)
+    shared_ptr<Name> last_name_; // Last seen name (for INITAL_WS handling)
     const RRClass zone_class_;
     MasterLoaderCallbacks callbacks_;
     AddRRCallback add_callback_;
@@ -218,6 +232,11 @@ private:
     bool ok_;                   // Is it OK to continue loading?
     const bool many_errors_;    // Are many errors allowed (or should we abort
                                 // on the first)
+    // Some info about the outer files from which we include.
+    // The first one is current origin, the second is the last seen name
+    // in that file.
+    typedef pair<Name, shared_ptr<Name> > IncludeInfo;
+    vector<IncludeInfo> include_info_;
 public:
     bool complete_;             // All work done.
     bool seen_error_;           // Was there at least one error during the
diff --git a/src/lib/dns/tests/master_loader_unittest.cc b/src/lib/dns/tests/master_loader_unittest.cc
index 8b29929..55588a2 100644
--- a/src/lib/dns/tests/master_loader_unittest.cc
+++ b/src/lib/dns/tests/master_loader_unittest.cc
@@ -468,6 +468,23 @@ TEST_F(MasterLoaderTest, includeAndOrigin) {
     checkARR("www.example.org");
 }
 
+// Check the origin doesn't get outside of the included file.
+TEST_F(MasterLoaderTest, includeOriginRestore) {
+    const string include_string = "$INCLUDE " TEST_DATA_SRCDIR "/origincheck.txt\n"
+        "@  1H  IN  A   192.0.2.1\n";
+    stringstream ss(include_string);
+    setLoader(ss, Name("example.org"), RRClass::IN(),
+              MasterLoader::MANY_ERRORS);
+    // Successfully load the data
+    loader_->load();
+    EXPECT_TRUE(loader_->loadedSucessfully());
+    EXPECT_TRUE(errors_.empty());
+    EXPECT_TRUE(warnings_.empty());
+    // And check it's the correct data
+    checkARR("www.example.org");
+    checkARR("example.org");
+}
+
 // Test the constructor rejects empty add callback.
 TEST_F(MasterLoaderTest, emptyCallback) {
     EXPECT_THROW(MasterLoader(TEST_DATA_SRCDIR "/example.org",
diff --git a/src/lib/dns/tests/testdata/Makefile.am b/src/lib/dns/tests/testdata/Makefile.am
index 9494117..b72afff 100644
--- a/src/lib/dns/tests/testdata/Makefile.am
+++ b/src/lib/dns/tests/testdata/Makefile.am
@@ -172,6 +172,7 @@ EXTRA_DIST += tsig_verify7.spec tsig_verify8.spec tsig_verify9.spec
 EXTRA_DIST += tsig_verify10.spec
 EXTRA_DIST += example.org
 EXTRA_DIST += broken.zone
+EXTRA_DIST += origincheck.txt
 
 .spec.wire:
 	$(PYTHON) $(top_builddir)/src/lib/util/python/gen_wiredata.py -o $@ $<
diff --git a/src/lib/dns/tests/testdata/origincheck.txt b/src/lib/dns/tests/testdata/origincheck.txt
new file mode 100644
index 0000000..c370ed2
--- /dev/null
+++ b/src/lib/dns/tests/testdata/origincheck.txt
@@ -0,0 +1,5 @@
+; We change the origin here. We want to check it is not propagated
+; outside of the included file.
+$ORIGIN www.example.org.
+
+@   1H  IN  A   192.0.2.1

More information about the bind10-changes mailing list