From: Baptiste Assmann Date: Wed, 19 Feb 2020 00:08:51 +0000 (+0100) Subject: BUG/MEDIUM: dns: improper parsing of aditional records X-Git-Tag: v2.2-dev6~78 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=37950c8d271ea7191f958299f79e4306f6db8506;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: dns: improper parsing of aditional records 13a9232ebc63fdf357ffcf4fa7a1a5e77a1eac2b introduced parsing of Additionnal DNS response section to pick up IP address when available. That said, this introduced a side effect for other query types (A and AAAA) leading to consider those responses invalid when parsing the Additional section. This patch avoids this situation by ensuring the Additional section is parsed only for SRV queries. --- diff --git a/src/dns.c b/src/dns.c index 3e52e1731b..953f9414c4 100644 --- a/src/dns.c +++ b/src/dns.c @@ -1028,7 +1028,9 @@ static int dns_validate_dns_response(unsigned char *resp, unsigned char *bufend, /* Save the number of records we really own */ dns_p->header.ancount = nb_saved_records; - /* now parsing additional records */ + /* now parsing additional records for SRV queries only */ + if (dns_query->type != DNS_RTYPE_SRV) + goto skip_parsing_additional_records; nb_saved_records = 0; for (i = 0; i < dns_p->header.arcount; i++) { if (reader >= bufend) @@ -1043,25 +1045,7 @@ static int dns_validate_dns_response(unsigned char *resp, unsigned char *bufend, if (len == 0) { pool_free(dns_answer_item_pool, dns_answer_record); - return DNS_RESP_INVALID; - } - - /* Check if the current record dname is valid. previous_dname - * points either to queried dname or last CNAME target */ - if (dns_query->type != DNS_RTYPE_SRV && memcmp(previous_dname, tmpname, len) != 0) { - pool_free(dns_answer_item_pool, dns_answer_record); - if (i == 0) { - /* First record, means a mismatch issue between - * queried dname and dname found in the first - * record */ - return DNS_RESP_INVALID; - } - else { - /* If not the first record, this means we have a - * CNAME resolution error */ - return DNS_RESP_CNAME_ERROR; - } - + continue; } memcpy(dns_answer_record->name, tmpname, len); @@ -1206,6 +1190,8 @@ static int dns_validate_dns_response(unsigned char *resp, unsigned char *bufend, } } /* for i 0 to arcount */ + skip_parsing_additional_records: + /* Save the number of records we really own */ dns_p->header.arcount = nb_saved_records;