]>
Commit | Line | Data |
---|---|---|
d54a2ce4 MT |
1 | From ad4a8ff7d9097008d7623df8543df435bfddeac8 Mon Sep 17 00:00:00 2001 |
2 | From: Simon Kelley <simon@thekelleys.org.uk> | |
3 | Date: Thu, 9 Apr 2015 21:48:00 +0100 | |
5f206778 | 4 | Subject: [PATCH 73/87] Fix crash on receipt of certain malformed DNS requests. |
d54a2ce4 MT |
5 | |
6 | --- | |
7 | CHANGELOG | 3 +++ | |
8 | src/rfc1035.c | 9 ++++++--- | |
9 | 2 files changed, 9 insertions(+), 3 deletions(-) | |
10 | ||
11 | diff --git a/CHANGELOG b/CHANGELOG | |
12 | index 6aa3d851a297..9af617056f1f 100644 | |
13 | --- a/CHANGELOG | |
14 | +++ b/CHANGELOG | |
15 | @@ -125,6 +125,9 @@ version 2.72 | |
16 | Fix problem with --local-service option on big-endian platforms | |
17 | Thanks to Richard Genoud for the patch. | |
18 | ||
19 | + Fix crash on receipt of certain malformed DNS requests. Thanks | |
20 | + to Nick Sampanis for spotting the problem. | |
21 | + | |
22 | ||
23 | version 2.71 | |
24 | Subtle change to error handling to help DNSSEC validation | |
25 | diff --git a/src/rfc1035.c b/src/rfc1035.c | |
26 | index 7a07b0cee906..a995ab50d74a 100644 | |
27 | --- a/src/rfc1035.c | |
28 | +++ b/src/rfc1035.c | |
29 | @@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name, | |
30 | size_t setup_reply(struct dns_header *header, size_t qlen, | |
31 | struct all_addr *addrp, unsigned int flags, unsigned long ttl) | |
32 | { | |
33 | - unsigned char *p = skip_questions(header, qlen); | |
34 | + unsigned char *p; | |
35 | + | |
36 | + if (!(p = skip_questions(header, qlen))) | |
37 | + return 0; | |
38 | ||
39 | /* clear authoritative and truncated flags, set QR flag */ | |
40 | header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR; | |
41 | @@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen, | |
42 | SET_RCODE(header, NOERROR); /* empty domain */ | |
43 | else if (flags == F_NXDOMAIN) | |
44 | SET_RCODE(header, NXDOMAIN); | |
45 | - else if (p && flags == F_IPV4) | |
46 | + else if (flags == F_IPV4) | |
47 | { /* we know the address */ | |
48 | SET_RCODE(header, NOERROR); | |
49 | header->ancount = htons(1); | |
50 | @@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen, | |
51 | add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp); | |
52 | } | |
53 | #ifdef HAVE_IPV6 | |
54 | - else if (p && flags == F_IPV6) | |
55 | + else if (flags == F_IPV6) | |
56 | { | |
57 | SET_RCODE(header, NOERROR); | |
58 | header->ancount = htons(1); | |
59 | -- | |
60 | 2.1.0 | |
61 |