From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 29 Mar 2022 11:25:04 +0000 (+0200)
Subject: dnsdist: Prevent reading an uninitialized rcode in cache inspection
X-Git-Tag: rec-4.9.0-alpha0~13^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6efda4bf28205172b2719074d1582f93e6c675da;p=thirdparty%2Fpdns.git

dnsdist: Prevent reading an uninitialized rcode in cache inspection

Entries smaller than a dnsheader should not make it into the cache
anyway, but better safe than sorry.
---

diff --git a/pdns/dnsdist-cache.cc b/pdns/dnsdist-cache.cc
index b884df5002..1da937ea53 100644
--- a/pdns/dnsdist-cache.cc
+++ b/pdns/dnsdist-cache.cc
@@ -502,9 +502,11 @@ std::set<DNSName> DNSDistPacketCache::getDomainsContainingRecords(const ComboAdd
 
       try {
         dnsheader dh;
-        if (value.len >= sizeof(dnsheader)) {
-          memcpy(&dh, value.value.data(), sizeof(dnsheader));
+        if (value.len < sizeof(dnsheader)) {
+          continue;
         }
+
+        memcpy(&dh, value.value.data(), sizeof(dnsheader));
         if (dh.rcode != RCode::NoError || (dh.ancount == 0 && dh.nscount == 0 && dh.arcount == 0)) {
           continue;
         }
@@ -563,9 +565,11 @@ std::set<ComboAddress> DNSDistPacketCache::getRecordsForDomain(const DNSName& do
         }
 
         dnsheader dh;
-        if (value.len >= sizeof(dnsheader)) {
-          memcpy(&dh, value.value.data(), sizeof(dnsheader));
+        if (value.len < sizeof(dnsheader)) {
+          continue;
         }
+
+        memcpy(&dh, value.value.data(), sizeof(dnsheader));
         if (dh.rcode != RCode::NoError || (dh.ancount == 0 && dh.nscount == 0 && dh.arcount == 0)) {
           continue;
         }