diff --git a/CHANGELOG.md b/CHANGELOG.md index acb51c66..9dfc3a95 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -46,7 +46,7 @@ Users may have to change how they access the system ### Minor changes -* Added filterexpr to xpath +* Added sanity check that a yang module name matches the filename ## 4.7.0 14 September 2020 diff --git a/lib/src/clixon_validate.c b/lib/src/clixon_validate.c index b605685c..0eb67e8c 100644 --- a/lib/src/clixon_validate.c +++ b/lib/src/clixon_validate.c @@ -179,20 +179,20 @@ validate_leafref(cxobj *xt, * @param[in] xt XML leaf node of type identityref * @param[in] ys Yang spec of leaf * @param[in] ytype Yang type field of type identityref - * @param[out] xret Error XML tree. Free with xml_free after use + * @param[out] xret Error XML tree. Free with xml_free after use * @retval 1 Validation OK * @retval 0 Validation failed * @retval -1 Error * @see ys_populate_identity where the derived types are set * @see yang_augment_node * @see RFC7950 Sec 9.10.2: + * @see xp_function_derived_from similar code other context */ static int validate_identityref(cxobj *xt, yang_stmt *ys, yang_stmt *ytype, cxobj **xret) - { int retval = -1; char *node = NULL; @@ -204,6 +204,7 @@ validate_identityref(cxobj *xt, cbuf *cberr = NULL; cbuf *cb = NULL; cvec *idrefvec; /* Derived identityref list: (module:id)**/ + yang_stmt *ymod; if ((cb = cbuf_new()) == NULL){ clicon_err(OE_UNIX, errno, "cbuf_new"); @@ -235,49 +236,22 @@ validate_identityref(cxobj *xt, goto fail; } - /* Assume proper namespace, otherwise we assume module prefixes, - * see IDENTITYREF_KLUDGE - */ - if (0){ - char *ns; - yang_stmt *ymod; - yang_stmt *yspec; - - /* Create an idref as : which is the format of the derived - * identityref list associated with the base identities. - */ - /* Get namespace (of idref) from xml */ - if (xml2ns(xt, prefix, &ns) < 0) - goto done; - yspec = ys_spec(ys); - /* Get module of that namespace */ - if ((ymod = yang_find_module_by_namespace(yspec, ns)) == NULL){ - clicon_err(OE_YANG, ENOENT, "No module found"); - goto done; - } - cprintf(cb, "%s:%s", yang_argument_get(ymod), id); - } -#if 1 - { - yang_stmt *ymod; - /* idref from prefix:id to module:id */ - if (prefix == NULL) - ymod = ys_module(ys); - else{ /* from prefix to name */ + /* idref from prefix:id to module:id */ + if (prefix == NULL) + ymod = ys_module(ys); + else{ /* from prefix to name */ #if 1 /* IDENTITYREF_KLUDGE */ - ymod = yang_find_module_by_prefix_yspec(ys_spec(ys), prefix); + ymod = yang_find_module_by_prefix_yspec(ys_spec(ys), prefix); #endif - } - if (ymod == NULL){ - cprintf(cberr, "Identityref validation failed, %s not derived from %s", - node, yang_argument_get(ybaseid)); - if (netconf_operation_failed_xml(xret, "application", cbuf_get(cberr)) < 0) - goto done; - goto fail; - } - cprintf(cb, "%s:%s", yang_argument_get(ymod), id); } -#endif + if (ymod == NULL){ + cprintf(cberr, "Identityref validation failed, %s not derived from %s", + node, yang_argument_get(ybaseid)); + if (xret && netconf_operation_failed_xml(xret, "application", cbuf_get(cberr)) < 0) + goto done; + goto fail; + } + cprintf(cb, "%s:%s", yang_argument_get(ymod), id); idref = cbuf_get(cb); /* Here check if node is in the derived node list of the base identity * The derived node list is a cvec computed XXX diff --git a/lib/src/clixon_yang_parse_lib.c b/lib/src/clixon_yang_parse_lib.c index adcc39f5..6427f089 100644 --- a/lib/src/clixon_yang_parse_lib.c +++ b/lib/src/clixon_yang_parse_lib.c @@ -847,6 +847,18 @@ yang_parse_module(clicon_handle h, filename = cbuf_get(fbuf); if ((ymod = yang_parse_filename(filename, yspec)) == NULL) goto done; + /* Sanity check that requested module name matches loaded module + * If this does not match, the filename and containing module do not match + * RFC 7950 Sec 5.2 + */ + if (strcmp(yang_argument_get(ymod), module) != 0){ + clicon_err(OE_YANG, EINVAL, "File %s contains yang module \"%s\" which does not expected module %s", + filename, + yang_argument_get(ymod), + module); + ymod = NULL; + goto done; + } if ((yrev = yang_find(ymod, Y_REVISION, NULL)) != NULL) revm = cv_uint32_get(yang_cv_get(yrev)); if (filename2revision(filename, NULL, &revf) < 0)