From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Fri, 23 Mar 2007 13:12:49 +0000 (+0000)
Subject: Checks returned queries from forwarder source.
X-Git-Tag: release-0.2~34
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2092d6535ac1a6743c215f89a75417ceab7c8157;p=thirdparty%2Funbound.git

Checks returned queries from forwarder source.


git-svn-id: file:///svn/unbound/trunk@193 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/daemon/worker.c b/daemon/worker.c
index 593de3745..03497f433 100644
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -115,12 +115,17 @@ worker_handle_reply(struct comm_point* c, void* arg, int error,
 	struct msgreply_entry* e;
 	verbose(VERB_DETAIL, "reply to query with stored ID %d", 
 		worker->query_id);
-	LDNS_ID_SET(ldns_buffer_begin(worker->query_reply.c->buffer),
-		worker->query_id);
 	if(error != 0) {
 		replyerror(LDNS_RCODE_SERVFAIL, worker);
 		return 0;
 	}
+	/* sanity check. */
+	if(!LDNS_QR_WIRE(ldns_buffer_begin(c->buffer)))
+		return 0; /* not a reply. */
+	if(LDNS_OPCODE_WIRE(ldns_buffer_begin(c->buffer)) != LDNS_PACKET_QUERY)
+		return 0; /* not a reply to a query. */
+	if(LDNS_QDCOUNT(ldns_buffer_begin(c->buffer)) > 1)
+		return 0; /* too much in the query section */
 	/* woohoo a reply! */
 	rep = (struct reply_info*)malloc(sizeof(struct reply_info));
 	if(!rep) {
diff --git a/doc/Changelog b/doc/Changelog
index aaa246ed3..0031d40a0 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -2,6 +2,7 @@
 	- review of yesterday's commits.
 	- covered up memory leak of the entry locks.
 	- answers from the cache correctly. Copies flags correctly.
+	- sanity check for incoming query replies.
 
 22 March 2007: Wouter
 	- AIX configure check.
diff --git a/testdata/fwd.rpl b/testdata/fwd.rpl
index 40f35a84a..0f2b6848d 100644
--- a/testdata/fwd.rpl
+++ b/testdata/fwd.rpl
@@ -5,6 +5,7 @@ RANGE_BEGIN 0 100
 	ENTRY_BEGIN
 	MATCH opcode qtype qname
 	ADJUST copy_id
+	REPLY QR RD RA NOERROR
 	SECTION QUESTION
 www.example.com. IN A
 	SECTION ANSWER
diff --git a/testdata/fwd_two.rpl b/testdata/fwd_two.rpl
index 29223fccf..530f388d2 100644
--- a/testdata/fwd_two.rpl
+++ b/testdata/fwd_two.rpl
@@ -5,6 +5,7 @@ RANGE_BEGIN 0 100
 ENTRY_BEGIN
 	MATCH opcode qtype qname
 	ADJUST copy_id
+	REPLY QR RD RA NOERROR
 	SECTION QUESTION
 www.example.net. IN A
 	SECTION ANSWER
@@ -44,6 +45,7 @@ STEP 5 REPLY
 ENTRY_BEGIN
 	MATCH opcode qtype qname
 	ADJUST copy_id
+	REPLY QR RD RA NOERROR
 	SECTION QUESTION
 www.example.com. IN A
 	SECTION ANSWER
diff --git a/util/data/msgreply.c b/util/data/msgreply.c
index e006c5247..874685b32 100644
--- a/util/data/msgreply.c
+++ b/util/data/msgreply.c
@@ -173,7 +173,7 @@ void reply_info_answer(struct reply_info* rep, uint16_t qflags,
 	ldns_buffer_skip(buffer, 2); /* ID */
 	flags = ldns_read_uint16(rep->reply);
 	flags |= (qflags & 0x0100); /* copy RD bit */
-	log_info("flags %x", flags);
+	log_assert(flags & 0x8000); /* QR bit must be on in our replies */
 	ldns_buffer_write_u16(buffer, flags);
 	ldns_buffer_write(buffer, rep->reply+2, rep->replysize-2);
 	ldns_buffer_flip(buffer);