]>
Commit | Line | Data |
---|---|---|
f831e573 MF |
1 | From d2aa7dfbb6d1088dcbea9fecc61b9293b320eb95 Mon Sep 17 00:00:00 2001 |
2 | From: Simon Kelley <simon@thekelleys.org.uk> | |
3 | Date: Mon, 3 Aug 2015 21:52:12 +0100 | |
4 | Subject: [PATCH] Include 0.0.0.0/8 in DNS rebind checks. | |
5 | ||
6 | --- | |
7 | CHANGELOG | 7 +++++++ | |
8 | src/rfc1035.c | 3 ++- | |
9 | 2 files changed, 9 insertions(+), 1 deletion(-) | |
10 | ||
11 | diff --git a/CHANGELOG b/CHANGELOG | |
12 | index 901da47..3f4026d 100644 | |
13 | --- a/CHANGELOG | |
14 | +++ b/CHANGELOG | |
15 | @@ -1,3 +1,10 @@ | |
16 | +version 2.76 | |
17 | + Include 0.0.0.0/8 in DNS rebind checks. This range | |
18 | + translates to hosts on the local network, or, at | |
19 | + least, 0.0.0.0 accesses the local host, so could | |
20 | + be targets for DNS rebinding. See RFC 5735 section 3 | |
21 | + for details. Thanks to Stephen Röttger for the bug report. | |
22 | + | |
23 | version 2.75 | |
24 | Fix reversion on 2.74 which caused 100% CPU use when a | |
25 | dhcp-script is configured. Thanks to Adrian Davey for | |
26 | diff --git a/src/rfc1035.c b/src/rfc1035.c | |
27 | index 56647b0..29e9e65 100644 | |
28 | --- a/src/rfc1035.c | |
29 | +++ b/src/rfc1035.c | |
30 | @@ -728,7 +728,8 @@ int private_net(struct in_addr addr, int ban_localhost) | |
31 | in_addr_t ip_addr = ntohl(addr.s_addr); | |
32 | ||
33 | return | |
34 | - (((ip_addr & 0xFF000000) == 0x7F000000) && ban_localhost) /* 127.0.0.0/8 (loopback) */ || | |
35 | + (((ip_addr & 0xFF000000) == 0x7F000000) && ban_localhost) /* 127.0.0.0/8 (loopback) */ || | |
36 | + ((ip_addr & 0xFF000000) == 0x00000000) /* RFC 5735 section 3. "here" network */ || | |
37 | ((ip_addr & 0xFFFF0000) == 0xC0A80000) /* 192.168.0.0/16 (private) */ || | |
38 | ((ip_addr & 0xFF000000) == 0x0A000000) /* 10.0.0.0/8 (private) */ || | |
39 | ((ip_addr & 0xFFF00000) == 0xAC100000) /* 172.16.0.0/12 (private) */ || | |
40 | -- | |
41 | 1.7.10.4 |