]> granicus.if.org Git - pdns/commitdiff
projects / pdns / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0bdeb13)
auth: make sure Lua axfrfilter() does not insert out of zone data
authorKees Monshouwer <mind04@monshouwer.org>
Sun, 4 Jun 2017 11:31:54 +0000 (13:31 +0200)
committermind04 <mind04@monshouwer.org>
Sun, 4 Jun 2017 23:21:31 +0000 (01:21 +0200)
pdns/slavecommunicator.cc patch | blob | history

diff --git a/pdns/slavecommunicator.cc b/pdns/slavecommunicator.cc
index 72f71688704bc1aac56b78e8662ba9a2da42a9f2..0f854d27ea71cf644abac64afe13252035071e2e 100644 (file)
--- a/pdns/slavecommunicator.cc
+++ b/pdns/slavecommunicator.cc
@@ -262,6 +262,10 @@ vector<DNSResourceRecord> doAxfr(const ComboAddress& raddr, const DNSName& domai
       }
 
       for(DNSResourceRecord& rr :  out) {
+        if(!rr.qname.isPartOf(domain)) {
+          L<<Logger::Error<<"Lua axfrfilter() filter tried to sneak in out-of-zone data '"<<i->qname<<"'|"<<i->qtype.getName()<<" during AXFR of zone '"<<domain<<"', ignoring"<<endl;
+          continue;
+        }
         if(!processRecordForZS(domain, firstNSEC3, rr, zs))
           continue;
         if(rr.qtype.getCode() == QType::SOA) {
Unnamed repository; edit this file 'description' to name the repository.