[ipfire-2.x.git] / src / patches / dnsmasq / 0073-Fix-crash-on-receipt-of-certain-malformed-DNS-reques.patch

From ad4a8ff7d9097008d7623df8543df435bfddeac8 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Thu, 9 Apr 2015 21:48:00 +0100
Subject: [PATCH 073/113] Fix crash on receipt of certain malformed DNS
 requests.

---
 CHANGELOG     | 3 +++
 src/rfc1035.c | 9 ++++++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 6aa3d851a297..9af617056f1f 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -125,6 +125,9 @@ version 2.72
             Fix problem with --local-service option on big-endian platforms
 	    Thanks to Richard Genoud for the patch.
 
+	    Fix crash on receipt of certain malformed DNS requests. Thanks
+	    to Nick Sampanis for spotting the problem.
+	
 
 version 2.71
             Subtle change to error handling to help DNSSEC validation 
diff --git a/src/rfc1035.c b/src/rfc1035.c
index 7a07b0cee906..a995ab50d74a 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name,
 size_t setup_reply(struct dns_header *header, size_t qlen,
 		struct all_addr *addrp, unsigned int flags, unsigned long ttl)
 {
-  unsigned char *p = skip_questions(header, qlen);
+  unsigned char *p;
+
+  if (!(p = skip_questions(header, qlen)))
+    return 0;
   
   /* clear authoritative and truncated flags, set QR flag */
   header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
@@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
     SET_RCODE(header, NOERROR); /* empty domain */
   else if (flags == F_NXDOMAIN)
     SET_RCODE(header, NXDOMAIN);
-  else if (p && flags == F_IPV4)
+  else if (flags == F_IPV4)
     { /* we know the address */
       SET_RCODE(header, NOERROR);
       header->ancount = htons(1);
@@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
       add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp);
     }
 #ifdef HAVE_IPV6
-  else if (p && flags == F_IPV6)
+  else if (flags == F_IPV6)
     {
       SET_RCODE(header, NOERROR);
       header->ancount = htons(1);
-- 
2.1.0
Commit	Line	Data
d54a2ce4 MT	1	From ad4a8ff7d9097008d7623df8543df435bfddeac8 Mon Sep 17 00:00:00 2001
	2	From: Simon Kelley <simon@thekelleys.org.uk>
	3	Date: Thu, 9 Apr 2015 21:48:00 +0100
697b4f04 MT	4	Subject: [PATCH 073/113] Fix crash on receipt of certain malformed DNS
697b4f04 MT	5	requests.
d54a2ce4 MT	6
	7	---
	8	CHANGELOG \| 3 +++
	9	src/rfc1035.c \| 9 ++++++---
	10	2 files changed, 9 insertions(+), 3 deletions(-)
	11
	12	diff --git a/CHANGELOG b/CHANGELOG
	13	index 6aa3d851a297..9af617056f1f 100644
	14	--- a/CHANGELOG
	15	+++ b/CHANGELOG
	16	@@ -125,6 +125,9 @@ version 2.72
	17	Fix problem with --local-service option on big-endian platforms
	18	Thanks to Richard Genoud for the patch.
	19
	20	+ Fix crash on receipt of certain malformed DNS requests. Thanks
	21	+ to Nick Sampanis for spotting the problem.
	22	+
	23
	24	version 2.71
	25	Subtle change to error handling to help DNSSEC validation
	26	diff --git a/src/rfc1035.c b/src/rfc1035.c
	27	index 7a07b0cee906..a995ab50d74a 100644
	28	--- a/src/rfc1035.c
	29	+++ b/src/rfc1035.c
	30	@@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header header, size_t qlen, char name,
	31	size_t setup_reply(struct dns_header *header, size_t qlen,
	32	struct all_addr *addrp, unsigned int flags, unsigned long ttl)
	33	{
	34	- unsigned char *p = skip_questions(header, qlen);
	35	+ unsigned char *p;
	36	+
	37	+ if (!(p = skip_questions(header, qlen)))
	38	+ return 0;
	39
	40	/* clear authoritative and truncated flags, set QR flag */
	41	header->hb3 = (header->hb3 & ~(HB3_AA \| HB3_TC)) \| HB3_QR;
	42	@@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
	43	SET_RCODE(header, NOERROR); /* empty domain */
	44	else if (flags == F_NXDOMAIN)
	45	SET_RCODE(header, NXDOMAIN);
	46	- else if (p && flags == F_IPV4)
	47	+ else if (flags == F_IPV4)
	48	{ /* we know the address */
	49	SET_RCODE(header, NOERROR);
	50	header->ancount = htons(1);
	51	@@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
	52	add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp);
	53	}
	54	#ifdef HAVE_IPV6
	55	- else if (p && flags == F_IPV6)
	56	+ else if (flags == F_IPV6)
	57	{
	58	SET_RCODE(header, NOERROR);
	59	header->ancount = htons(1);
	60	--
	61	2.1.0
	62