From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 11 Aug 2020 12:07:32 +0000 (+0200)
Subject: Raise an exception on invalid first part (!= \#) in unknown records
X-Git-Tag: auth-4.4.0-alpha1~23^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2d79e3273b9b68bbdb0e45a2df1fbe4769296d07;p=thirdparty%2Fpdns.git

Raise an exception on invalid first part (!= \#) in unknown records
---

diff --git a/pdns/dnsparser.cc b/pdns/dnsparser.cc
index 6365eb5526..dac82c8655 100644
--- a/pdns/dnsparser.cc
+++ b/pdns/dnsparser.cc
@@ -41,12 +41,16 @@ public:
     vector<string> parts;
     stringtok(parts, zone);
     // we need exactly 3 parts, except if the length field is set to 0 then we only need 2
-    if (parts.size() != 3 && !(parts.size() == 2 && equals(parts[1], "0"))) {
+    if (parts.size() != 3 && !(parts.size() == 2 && equals(parts.at(1), "0"))) {
       throw MOADNSException("Unknown record was stored incorrectly, need 3 fields, got " + std::to_string(parts.size()) + ": " + zone);
     }
 
-    const string& relevant = (parts.size() > 2) ? parts[2] : "";
-    unsigned int total = pdns_stou(parts[1]);
+    if (parts.at(0) != "\\#") {
+      throw MOADNSException("Unknown record was stored incorrectly, first part should be '\\#', got '" + parts.at(0) + "'");
+    }
+
+    const string& relevant = (parts.size() > 2) ? parts.at(2) : "";
+    unsigned int total = pdns_stou(parts.at(1));
     if (relevant.size() % 2 || (relevant.size() / 2) != total) {
       throw MOADNSException((boost::format("invalid unknown record length: size not equal to length field (%d != 2 * %d)") % relevant.size() % total).str());
     }
@@ -56,7 +60,7 @@ public:
 
     for (unsigned int n = 0; n < total; ++n) {
       int c;
-      if (sscanf(relevant.c_str()+2*n, "%02x", &c) != 1) {
+      if (sscanf(&relevant.at(2*n), "%02x", &c) != 1) {
         throw MOADNSException("unable to read data at position " + std::to_string(2 * n) + " from unknown record of size " + std::to_string(relevant.size()));
       }
       out.append(1, (char)c);
diff --git a/pdns/test-dnsrecords_cc.cc b/pdns/test-dnsrecords_cc.cc
index c8e2bff70f..0ae19a747e 100644
--- a/pdns/test-dnsrecords_cc.cc
+++ b/pdns/test-dnsrecords_cc.cc
@@ -390,6 +390,9 @@ BOOST_AUTO_TEST_CASE(test_unknown_records_in) {
   auto validEmptyUnknown = DNSRecordContent::mastermake(static_cast<QType::typeenum>(65534), QClass::IN, "\\# 0");
   BOOST_CHECK_THROW(auto twoPartsNotZeroUnknown = DNSRecordContent::mastermake(static_cast<QType::typeenum>(65534), QClass::IN, "\\# 1"), MOADNSException);
 
+  // the first part has to be "\#"
+  BOOST_CHECK_THROW(auto invalidFirstPartUnknown = DNSRecordContent::mastermake(static_cast<QType::typeenum>(65534), QClass::IN, "\\$ 0"), MOADNSException);
+
   // RDATA length is not even
   BOOST_CHECK_THROW(auto unevenUnknown = DNSRecordContent::mastermake(static_cast<QType::typeenum>(65534), QClass::IN, "\\# 1 A"), MOADNSException);