From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Wed, 6 Apr 2022 15:15:39 +0000 (+0200)
Subject: dnsdist: Discard bogus harvested IP addresses
X-Git-Tag: auth-4.8.0-alpha0~146^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a6aff8f622f370a7c19f0228385901589ff12715;p=thirdparty%2Fpdns.git

dnsdist: Discard bogus harvested IP addresses
---

diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc
index 8e39117a87..542b9cc2a3 100644
--- a/pdns/dnsdist.cc
+++ b/pdns/dnsdist.cc
@@ -1059,8 +1059,23 @@ static bool isUDPQueryAcceptable(ClientState& cs, LocalHolders& holders, const s
   }
 
   if (HarvestDestinationAddress(msgh, &dest)) {
-    /* we don't get the port, only the address */
-    dest.sin4.sin_port = cs.local.sin4.sin_port;
+    /* so it turns out that sometimes the kernel lies to us:
+       the address is set to 0.0.0.0:0 which makes our sendfromto() use
+       the wrong address. In that case it's better to let the kernel
+       do the work by itself and use sendto() instead.
+    */
+    const ComboAddress bogusV4("0.0.0.0:0");
+    const ComboAddress bogusV6("[::]:0");
+    if (dest.sin4.sin_family == AF_INET && dest == bogusV4) {
+      dest.sin4.sin_family = 0;
+    }
+    else if (dest.sin4.sin_family == AF_INET6 && dest == bogusV6) {
+      dest.sin4.sin_family = 0;
+    }
+    else {
+      /* we don't get the port, only the address */
+      dest.sin4.sin_port = cs.local.sin4.sin_port;
+    }
   }
   else {
     dest.sin4.sin_family = 0;