From: Charles-Henri Bruyand Date: Thu, 17 May 2018 09:36:55 +0000 (+0200) Subject: auth-api: refactor checks of RRsets types while importing them X-Git-Tag: dnsdist-1.3.1~90^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=24ded6cc4f4d13be7ec257e20cd12829f7866890;p=pdns auth-api: refactor checks of RRsets types while importing them --- diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc index 518360e11..63214bddb 100644 --- a/pdns/ws-auth.cc +++ b/pdns/ws-auth.cc @@ -306,7 +306,7 @@ static Json::object getZoneInfo(const DomainInfo& di, DNSSECKeeper *dk) { vector masters; for(const auto& m : di.masters) masters.push_back(m.toStringWithPortExcept(53)); - + return Json::object { // id is the canonical lookup key, which doesn't actually match the name (in some cases) { "id", zoneId }, @@ -462,6 +462,12 @@ void productServerStatisticsFetch(map& out) out["uptime"] = std::to_string(time(0) - s_starttime); } +static void validateGatheredRRType(const DNSResourceRecord& rr) { + if (rr.qtype.getCode() == QType::OPT || rr.qtype.getCode() == QType::TSIG) { + throw ApiException("RRset "+rr.qname.toString()+" IN "+rr.qtype.getName()+": invalid type given"); + } +} + static void gatherRecords(const Json container, const DNSName& qname, const QType qtype, const int ttl, vector& new_records, vector& new_ptrs) { UeberBackend B; DNSResourceRecord rr; @@ -469,6 +475,8 @@ static void gatherRecords(const Json container, const DNSName& qname, const QTyp rr.qtype = qtype; rr.auth = 1; rr.ttl = ttl; + + validateGatheredRRType(rr); for(auto record : container["records"].array_items()) { string content = stringFromJson(record, "content"); rr.disabled = boolFromJson(record, "disabled"); @@ -1181,6 +1189,7 @@ static void gatherRecordsFromZone(const std::string& zonestring, vector