auth: Fix a possible memory leak in the webserver

Also state clearly that we advise against running the webserver
without password protection.

Reported by mongo (thanks!).

(cherry picked from commit bea69e320e7f3ec4b9e607f6492a58f01b4fe9bf)

diff --git a/docs/markdown/common/logging.md b/docs/markdown/common/logging.md
index cbe90284a4ba569cf2fd90cb1d8681a85707308c..e54e8eaeb55b23050159b6c434c6cca29881fdfe 100644 (file)
--- a/docs/markdown/common/logging.md
+++ b/docs/markdown/common/logging.md
@@ -27,7 +27,7 @@ Be aware that syslog by default logs messages at the configured priority and hig
 Both PowerDNS daemons generate ample metrics which can be used to monitor performance. These metrics can be polled using the rec\_control and pdns\_control commands, and they are also available via the http-based API. Finally, they can be pushed to a Carbon/Graphite server, either native carbon, or our own Metronome implementation.
 
 ## Webserver
-To launch the internal webserver, add a [`webserver`](../authoritative/settings.md#webserver) statement to the `pdns.conf`. This will instruct the PowerDNS daemon to start a webserver on localhost at port 8081, without password protection. Only local users (on the same host) will be able to access the webserver by default. The webserver lists a lot of information about the PowerDNS process, including frequent queries, frequently failing queries, lists of remote hosts sending queries, hosts sending corrupt queries etc. The webserver does not allow remote management of the daemon. The following webserver related configuration items are available:
+To launch the internal webserver, add a [`webserver`](../authoritative/settings.md#webserver) statement to the `pdns.conf`. This will instruct the PowerDNS daemon to start a webserver on localhost at port 8081, without password protection. Only local users (on the same host) will be able to access the webserver by default, but we still strongly advise the use of a password protection. The webserver lists a lot of information about the PowerDNS process, including frequent queries, frequently failing queries, lists of remote hosts sending queries, hosts sending corrupt queries etc. The webserver does not allow remote management of the daemon. The following webserver related configuration items are available:
 
 * `webserver`: If set to anything but 'no', a webserver is launched.
 * `webserver-address`: Address to bind the webserver to. Defaults to 127.0.0.1, which implies that only the local computer is able to connect to the nameserver! To allow remote hosts to connect, change to 0.0.0.0 or the physical IP address of your nameserver.

diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 33f29687eef8853a80a59984eb6df4664d7fe76c..fd6c022b61dcb712c39995b77310560a9fa87a1d 100644 (file)
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -277,7 +277,7 @@ void AuthWebServer::indexfunction(HttpRequest* req, HttpResponse* resp)
     if(arg().mustDo("webserver-print-arguments"))
       printargs(ret);
   }
-  else
+  else if(S.ringExists(req->getvars["ring"]))
     printtable(ret,req->getvars["ring"],S.getRingTitle(req->getvars["ring"]),100);
 
   ret<<"</div></div>"<<endl;