Knot Resolver 6.0.15 (2025-06-dd)
=================================
+Security
+--------
+- DoS: fix a rare segfault in `resolve` function (!1717)
+ Someone controlling the DNS traffic might be able
+ to trigger this crash intentionally and too often.
+
Bugfixes
--------
- manager: prometheus metrics update (!1703, #917, !1712)
int pkt_renew(knot_pkt_t *pkt, const knot_dname_t *name, uint16_t type)
{
- /* Clear the packet if needed. */
- if (pkt->rrset_count != 0 || !knot_dname_is_equal(knot_pkt_qname(pkt), name)
- || knot_pkt_qtype(pkt) != type || knot_pkt_qclass(pkt) != KNOT_CLASS_IN) {
- int ret = kr_pkt_recycle(pkt);
- if (ret) return kr_error(ret);
- ret = knot_pkt_put_question(pkt, name, KNOT_CLASS_IN, type);
- if (ret) return kr_error(ret);
- }
+ knot_pkt_clear(pkt);
+ int ret = knot_pkt_put_question(pkt, name, KNOT_CLASS_IN, type);
+ if (ret) return kr_error(ret);
pkt->parsed = pkt->size = KR_PKT_SIZE_NOWIRE;
knot_wire_set_qr(pkt->wire);
if (!query) {
return ctx->state;
}
+ if (pkt->size == KR_PKT_SIZE_NOWIRE)
+ goto skip_checks; // answers from cache are sane, surely
query->flags.PKT_IS_SANE = false;
WITH_VERBOSE(query) {
}
return KR_STATE_CONSUME;
}
-
+skip_checks:
/* If exiting above here, there's no sense to put it into packet cache.
* Having "extra bytes" at the end of DNS message is considered SANE here.
* The most important part is to check for spoofing: is_paired_to_query() */
projects / thirdparty / knot-resolver.git / commitdiff
