add finer-grained errors

diff --git a/src/protocols/dns/base.c b/src/protocols/dns/base.c
index 8a233f8ac799f212f3c0436c0786aa281d995c3f..282616e00ee7b88069c8375876552ff36c27b1f9 100644 (file)
--- a/src/protocols/dns/base.c
+++ b/src/protocols/dns/base.c
@@ -176,8 +176,8 @@ bool fr_dns_packet_ok(uint8_t const *packet, size_t packet_len, bool query, fr_d
                        if (*p >= 0xc0) {
                                size_t offset;
 
-                               if ((p + 2) >= end) {
-                                       DECODE_FAIL(INVALID_RR_LABEL);
+                               if ((p + 2) > end) {
+                                       DECODE_FAIL(POINTER_OVERFLOWS_PACKET);
                                        return false;
                                }
 
@@ -188,7 +188,7 @@ bool fr_dns_packet_ok(uint8_t const *packet, size_t packet_len, bool query, fr_d
                                 *      Can't point to the header.
                                 */
                                if (offset < 12) {
-                                       DECODE_FAIL(INVALID_RR_LABEL);
+                                       DECODE_FAIL(POINTER_TO_HEADER);
                                        return false;
                                }
 
@@ -196,7 +196,7 @@ bool fr_dns_packet_ok(uint8_t const *packet, size_t packet_len, bool query, fr_d
                                 *      Can't point to the current label.
                                 */
                                if ((packet + offset) >= start) {
-                                       DECODE_FAIL(INVALID_RR_LABEL);
+                                       DECODE_FAIL(POINTER_LOOPS);
                                        return false;
                                }
 
@@ -211,15 +211,15 @@ bool fr_dns_packet_ok(uint8_t const *packet, size_t packet_len, bool query, fr_d
                         *      0b10 and 0b10 are forbidden
                         */
                        if (*p > 63) {
-                               DECODE_FAIL(INVALID_RR_LABEL);
+                               DECODE_FAIL(INVALID_POINTER);
                                return false;
                        }
 
                        /*
                         *      It must be a length byte, which doesn't cause overflow.
                         */
-                       if ((p + *p + 1) >= end) {
-                               DECODE_FAIL(INVALID_RR_LABEL);
+                       if ((p + *p + 1) > end) {
+                               DECODE_FAIL(LABEL_OVERFLOWS_PACKET);
                                return false;
                        }
 
@@ -228,7 +228,7 @@ bool fr_dns_packet_ok(uint8_t const *packet, size_t packet_len, bool query, fr_d
                         */
                        len += *p;
                        if (len >= 256) {
-                               DECODE_FAIL(INVALID_RR_LABEL);
+                               DECODE_FAIL(LABEL_TOO_LONG);
                                return false;
                        }
 
@@ -243,7 +243,7 @@ bool fr_dns_packet_ok(uint8_t const *packet, size_t packet_len, bool query, fr_d
                         *      qtype + qclass
                         */
                        if ((p + 4) > end) {
-                               DECODE_FAIL(MISSING_RR_HEADER);
+                               DECODE_FAIL(MISSING_QD_HEADER);
                                return false;
                        }
 

diff --git a/src/protocols/dns/decode.c b/src/protocols/dns/decode.c
index 83148871a2efb3a545d5660a42804098187cda8f..5cfdcbd9517a68e3b22db4d9e00865d4ba869e5d 100644 (file)
--- a/src/protocols/dns/decode.c
+++ b/src/protocols/dns/decode.c
@@ -674,6 +674,13 @@ static fr_table_num_ordered_t reason_fail_table[] = {
        { L("resource record length overflows the packet"),     DECODE_FAIL_RR_OVERFLOWS_PACKET },
        { L("more resource records than indicated in header"),  DECODE_FAIL_TOO_MANY_RRS        },
        { L("fewer resource records than indicated in header"), DECODE_FAIL_TOO_FEW_RRS         },
+       { L("pointer overflows packet"),                        DECODE_FAIL_POINTER_OVERFLOWS_PACKET    },
+       { L("pointer points to packet header"),                 DECODE_FAIL_POINTER_TO_HEADER           },
+       { L("pointer creates a loop"),                          DECODE_FAIL_POINTER_LOOPS               },
+       { L("invalid pointer"),                                 DECODE_FAIL_INVALID_POINTER             },
+       { L("label overflows the packet"),                      DECODE_FAIL_LABEL_OVERFLOWS_PACKET      },
+       { L("too many characters in label"),                    DECODE_FAIL_LABEL_TOO_LONG              },
+       { L("query record header is missing"),                  DECODE_FAIL_MISSING_QD_HEADER           },
 };
 static size_t reason_fail_table_len = NUM_ELEMENTS(reason_fail_table);
 

diff --git a/src/protocols/dns/dns.h b/src/protocols/dns/dns.h
index dc8ab2ef0efb45e12bc0b99ac57e1bea8815d112..a0ed04d822a5742dc8daa97be66eba3392c6d5cf 100644 (file)
--- a/src/protocols/dns/dns.h
+++ b/src/protocols/dns/dns.h
@@ -118,6 +118,13 @@ typedef enum {
        DECODE_FAIL_RR_OVERFLOWS_PACKET,
        DECODE_FAIL_TOO_MANY_RRS,
        DECODE_FAIL_TOO_FEW_RRS,
+       DECODE_FAIL_POINTER_OVERFLOWS_PACKET,
+       DECODE_FAIL_POINTER_TO_HEADER,
+       DECODE_FAIL_POINTER_LOOPS,
+       DECODE_FAIL_INVALID_POINTER,
+       DECODE_FAIL_LABEL_OVERFLOWS_PACKET,
+       DECODE_FAIL_LABEL_TOO_LONG,
+       DECODE_FAIL_MISSING_QD_HEADER,
        DECODE_FAIL_MAX
 } fr_dns_decode_fail_t;