]>
Commit | Line | Data |
---|---|---|
d54a2ce4 MT |
1 | From ad4a8ff7d9097008d7623df8543df435bfddeac8 Mon Sep 17 00:00:00 2001 |
2 | From: Simon Kelley <simon@thekelleys.org.uk> | |
3 | Date: Thu, 9 Apr 2015 21:48:00 +0100 | |
697b4f04 MT |
4 | Subject: [PATCH 073/113] Fix crash on receipt of certain malformed DNS |
5 | requests. | |
d54a2ce4 MT |
6 | |
7 | --- | |
8 | CHANGELOG | 3 +++ | |
9 | src/rfc1035.c | 9 ++++++--- | |
10 | 2 files changed, 9 insertions(+), 3 deletions(-) | |
11 | ||
12 | diff --git a/CHANGELOG b/CHANGELOG | |
13 | index 6aa3d851a297..9af617056f1f 100644 | |
14 | --- a/CHANGELOG | |
15 | +++ b/CHANGELOG | |
16 | @@ -125,6 +125,9 @@ version 2.72 | |
17 | Fix problem with --local-service option on big-endian platforms | |
18 | Thanks to Richard Genoud for the patch. | |
19 | ||
20 | + Fix crash on receipt of certain malformed DNS requests. Thanks | |
21 | + to Nick Sampanis for spotting the problem. | |
22 | + | |
23 | ||
24 | version 2.71 | |
25 | Subtle change to error handling to help DNSSEC validation | |
26 | diff --git a/src/rfc1035.c b/src/rfc1035.c | |
27 | index 7a07b0cee906..a995ab50d74a 100644 | |
28 | --- a/src/rfc1035.c | |
29 | +++ b/src/rfc1035.c | |
30 | @@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name, | |
31 | size_t setup_reply(struct dns_header *header, size_t qlen, | |
32 | struct all_addr *addrp, unsigned int flags, unsigned long ttl) | |
33 | { | |
34 | - unsigned char *p = skip_questions(header, qlen); | |
35 | + unsigned char *p; | |
36 | + | |
37 | + if (!(p = skip_questions(header, qlen))) | |
38 | + return 0; | |
39 | ||
40 | /* clear authoritative and truncated flags, set QR flag */ | |
41 | header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR; | |
42 | @@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen, | |
43 | SET_RCODE(header, NOERROR); /* empty domain */ | |
44 | else if (flags == F_NXDOMAIN) | |
45 | SET_RCODE(header, NXDOMAIN); | |
46 | - else if (p && flags == F_IPV4) | |
47 | + else if (flags == F_IPV4) | |
48 | { /* we know the address */ | |
49 | SET_RCODE(header, NOERROR); | |
50 | header->ancount = htons(1); | |
51 | @@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen, | |
52 | add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp); | |
53 | } | |
54 | #ifdef HAVE_IPV6 | |
55 | - else if (p && flags == F_IPV6) | |
56 | + else if (flags == F_IPV6) | |
57 | { | |
58 | SET_RCODE(header, NOERROR); | |
59 | header->ancount = htons(1); | |
60 | -- | |
61 | 2.1.0 | |
62 |