conf: disallow binding to port 0

src/knot/conf/schema.c

@@ -172,7 +172,7 @@ static const yp_item_t desc_server[] = {
 	{ C_UDP_MAX_PAYLOAD_IPV6, YP_TINT,  YP_VINT = { KNOT_EDNS_MIN_DNSSEC_PAYLOAD,
 	                                                KNOT_EDNS_MAX_UDP_PAYLOAD,
 	                                                1232, YP_SSIZE } },
-	{ C_LISTEN,               YP_TADDR, YP_VADDR = { 53 }, YP_FMULTI },
+	{ C_LISTEN,               YP_TADDR, YP_VADDR = { 53 }, YP_FMULTI, { check_listen } },
 	{ C_LISTEN_XDP,           YP_TADDR, YP_VADDR = { 53 }, YP_FMULTI, { check_xdp } },
 	{ C_ECS,                  YP_TBOOL, YP_VNONE },
 	{ C_ANS_ROTATION,         YP_TBOOL, YP_VNONE },

src/knot/conf/tools.c

@@ -33,6 +33,7 @@
 #include "knot/common/log.h"
 #include "libknot/errcode.h"
 #include "libknot/yparser/yptrafo.h"
+#include "contrib/sockaddr.h"
 #include "contrib/string.h"
 #include "contrib/wire_ctx.h"
 
@@ -227,6 +228,19 @@ int check_ref_dflt(
 	return KNOT_EOK;
 }
 
+int check_listen(
+	knotd_conf_check_args_t *args)
+{
+	bool no_port;
+	struct sockaddr_storage ss = yp_addr(args->data, &no_port);
+	if (!no_port && sockaddr_port(&ss) == 0) {
+		args->err_str = "invalid port";
+		return KNOT_EINVAL;
+	}
+
+	return KNOT_EOK;
+}
+
 int check_xdp(
 	knotd_conf_check_args_t *args)
 {

src/knot/conf/tools.h

@@ -66,6 +66,10 @@ int check_ref_dflt(
 	knotd_conf_check_args_t *args
 );
 
+int check_listen(
+	knotd_conf_check_args_t *args
+);
+
 int check_xdp(
 	knotd_conf_check_args_t *args
 );