[people/arne_f/ipfire-2.x.git] / src / patches / dnsmasq / 0101-Correctly-sanitise-DNS-header-bits-in-answer-when-re.patch

From bd7bfa21c4500fca8b18bc7f68890bf51cd737e3 Mon Sep 17 00:00:00 2001
From: swigger <swigger@gmail.com>
Date: Mon, 1 Jun 2015 20:54:59 +0100
Subject: [PATCH 101/113] Correctly sanitise DNS header bits in answer when
 recreating query for retry.

---
 src/dns-protocol.h | 14 +++++++-------
 src/forward.c      |  3 ++-
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/src/dns-protocol.h b/src/dns-protocol.h
index 4b71746f8d26..6cf515881c17 100644
--- a/src/dns-protocol.h
+++ b/src/dns-protocol.h
@@ -84,15 +84,15 @@ struct dns_header {
   u16 qdcount,ancount,nscount,arcount;
 };
 
-#define HB3_QR       0x80
+#define HB3_QR       0x80 /* Query */
 #define HB3_OPCODE   0x78
-#define HB3_AA       0x04
-#define HB3_TC       0x02
-#define HB3_RD       0x01
+#define HB3_AA       0x04 /* Authoritative Answer */
+#define HB3_TC       0x02 /* TrunCated */
+#define HB3_RD       0x01 /* Recursion Desired */
 
-#define HB4_RA       0x80
-#define HB4_AD       0x20
-#define HB4_CD       0x10
+#define HB4_RA       0x80 /* Recursion Available */
+#define HB4_AD       0x20 /* Authenticated Data */
+#define HB4_CD       0x10 /* Checking Disabled */
 #define HB4_RCODE    0x0f
 
 #define OPCODE(x)          (((x)->hb3 & HB3_OPCODE) >> 3)
diff --git a/src/forward.c b/src/forward.c
index 74e5ab66c423..8c3e71cebe87 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -769,7 +769,8 @@ void reply_query(int fd, int family, time_t now)
 	  header->arcount = htons(0);
 	  if ((nn = resize_packet(header, (size_t)n, pheader, plen)))
 	    {
-	      header->hb3 &= ~(HB3_QR | HB3_TC);
+	      header->hb3 &= ~(HB3_QR | HB3_AA | HB3_TC);
+	      header->hb4 &= ~(HB4_RA | HB4_RCODE);
 	      forward_query(-1, NULL, NULL, 0, header, nn, now, forward, 0, 0);
 	      return;
 	    }
-- 
2.1.0
Commit	Line	Data
697b4f04 MT	1	From bd7bfa21c4500fca8b18bc7f68890bf51cd737e3 Mon Sep 17 00:00:00 2001
	2	From: swigger <swigger@gmail.com>
	3	Date: Mon, 1 Jun 2015 20:54:59 +0100
	4	Subject: [PATCH 101/113] Correctly sanitise DNS header bits in answer when
	5	recreating query for retry.
	6
	7	---
	8	src/dns-protocol.h \| 14 +++++++-------
	9	src/forward.c \| 3 ++-
	10	2 files changed, 9 insertions(+), 8 deletions(-)
	11
	12	diff --git a/src/dns-protocol.h b/src/dns-protocol.h
	13	index 4b71746f8d26..6cf515881c17 100644
	14	--- a/src/dns-protocol.h
	15	+++ b/src/dns-protocol.h
	16	@@ -84,15 +84,15 @@ struct dns_header {
	17	u16 qdcount,ancount,nscount,arcount;
	18	};
	19
	20	-#define HB3_QR 0x80
	21	+#define HB3_QR 0x80 /* Query */
	22	#define HB3_OPCODE 0x78
	23	-#define HB3_AA 0x04
	24	-#define HB3_TC 0x02
	25	-#define HB3_RD 0x01
	26	+#define HB3_AA 0x04 /* Authoritative Answer */
	27	+#define HB3_TC 0x02 /* TrunCated */
	28	+#define HB3_RD 0x01 /* Recursion Desired */
	29
	30	-#define HB4_RA 0x80
	31	-#define HB4_AD 0x20
	32	-#define HB4_CD 0x10
	33	+#define HB4_RA 0x80 /* Recursion Available */
	34	+#define HB4_AD 0x20 /* Authenticated Data */
	35	+#define HB4_CD 0x10 /* Checking Disabled */
	36	#define HB4_RCODE 0x0f
	37
	38	#define OPCODE(x) (((x)->hb3 & HB3_OPCODE) >> 3)
	39	diff --git a/src/forward.c b/src/forward.c
	40	index 74e5ab66c423..8c3e71cebe87 100644
	41	--- a/src/forward.c
	42	+++ b/src/forward.c
	43	@@ -769,7 +769,8 @@ void reply_query(int fd, int family, time_t now)
	44	header->arcount = htons(0);
	45	if ((nn = resize_packet(header, (size_t)n, pheader, plen)))
	46	{
	47	- header->hb3 &= ~(HB3_QR \| HB3_TC);
	48	+ header->hb3 &= ~(HB3_QR \| HB3_AA \| HB3_TC);
	49	+ header->hb4 &= ~(HB4_RA \| HB4_RCODE);
	50	forward_query(-1, NULL, NULL, 0, header, nn, now, forward, 0, 0);
	51	return;
	52	}
	53	--
	54	2.1.0
	55