dnsdist: Add checks for the masks set on a Dynamic Block

author Remi Gacogne <remi.gacogne@powerdns.com>

Wed, 20 Oct 2021 16:23:52 +0000 (18:23 +0200)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Thu, 21 Oct 2021 08:23:22 +0000 (10:23 +0200)
author Remi Gacogne <remi.gacogne@powerdns.com>
Wed, 20 Oct 2021 16:23:52 +0000 (18:23 +0200)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Thu, 21 Oct 2021 08:23:22 +0000 (10:23 +0200)
diff --git a/pdns/dnsdist-lua-inspection.cc b/pdns/dnsdist-lua-inspection.cc

index 0677bf684d9944372b340ea9c2f2576db4c2bb92..967c294c1c6f9c11c901751939fab5eca6de7b74 100644 (file)
--- a/pdns/dnsdist-lua-inspection.cc
+++ b/pdns/dnsdist-lua-inspection.cc
@@ -798,6 +798,15 @@ void setupLuaInspection(LuaContext& luaCtx)
      });
    luaCtx.registerFunction<void(std::shared_ptr<DynBlockRulesGroup>::*)(uint8_t, uint8_t, uint8_t)>("setMasks", [](std::shared_ptr<DynBlockRulesGroup>& group, uint8_t v4, uint8_t v6, uint8_t port) {
        if (group) {
+        if (v4 > 32) {
+          throw std::runtime_error("Trying to set an invalid IPv4 mask (" + std::to_string(v4) + ") to a Dynamic Block object");
+        }
+        if (v6 > 128) {
+          throw std::runtime_error("Trying to set an invalid IPv6 mask (" + std::to_string(v6) + ") to a Dynamic Block object");
+        }
+        if (port > 16) {
+          throw std::runtime_error("Trying to set an invalid port mask (" + std::to_string(port) + ") to a Dynamic Block object");
+        }
          if (port > 0 && v4 != 32) {
            throw std::runtime_error("Setting a non-zero port mask for Dynamic Blocks while only considering parts of IPv4 addresses does not make sense");
          }
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Wed, 20 Oct 2021 16:23:52 +0000 (18:23 +0200)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Thu, 21 Oct 2021 08:23:22 +0000 (10:23 +0200)