From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 4 Aug 2016 17:01:22 +0000 (+0200)
Subject: auth: Handle out_of_range exception when parsing serial
X-Git-Tag: rec-4.0.2~30^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=95dd3b905f7e3eafdc16d8ff82bbf4b87f54fd2b;p=thirdparty%2Fpdns.git

auth: Handle out_of_range exception when parsing serial

Unsure if we can actually get a bad serial here, but we are checking
the number of parts so it looks like it might happen.
---

diff --git a/pdns/resolver.cc b/pdns/resolver.cc
index df47980044..b9a62f6d65 100644
--- a/pdns/resolver.cc
+++ b/pdns/resolver.cc
@@ -353,8 +353,13 @@ void Resolver::getSoaSerial(const string &ipport, const DNSName &domain, uint32_
   stringtok(parts, res[0].content);
   if(parts.size()<3)
     throw ResolverException("Query to '" + ipport + "' for SOA of '" + domain.toString() + "' produced an unparseable response");
-  
-  *serial=pdns_stou(parts[2]);
+
+  try {
+    *serial=pdns_stou(parts[2]);
+  }
+  catch(const std::out_of_range& oor) {
+    throw ResolverException("Query to '" + ipport + "' for SOA of '" + domain.toString() + "' produced an unparseable serial");
+  }
 }
 
 AXFRRetriever::AXFRRetriever(const ComboAddress& remote,
diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc
index eb9913fd84..c18c1f75a9 100644
--- a/pdns/tcpreceiver.cc
+++ b/pdns/tcpreceiver.cc
@@ -1041,7 +1041,15 @@ int TCPNameserver::doIXFR(shared_ptr<DNSPacket> q, int outsock)
       vector<string>parts;
       stringtok(parts, rr->d_content->getZoneRepresentation());
       if (parts.size() >= 3) {
-        serial=pdns_stou(parts[2]);
+        try {
+          serial=pdns_stou(parts[2]);
+        }
+        catch(const std::out_of_range& oor) {
+          L<<Logger::Error<<"Invalid serial in IXFR query"<<endl;
+          outpacket->setRcode(RCode::FormErr);
+          sendPacket(outpacket,outsock);
+          return 0;
+        }
       } else {
         L<<Logger::Error<<"No serial in IXFR query"<<endl;
         outpacket->setRcode(RCode::FormErr);