From: Mark Andrews Date: Wed, 12 Jun 2024 06:23:05 +0000 (+1000) Subject: Check EDNS ZONEVERSION when parsing OPT record X-Git-Tag: v9.21.7~34^2~13 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b2c2b6755e98841325eddd12e37d422c8030ba3d;p=thirdparty%2Fbind9.git Check EDNS ZONEVERSION when parsing OPT record --- diff --git a/lib/dns/include/dns/message.h b/lib/dns/include/dns/message.h index a467ea447f4..178a809ef28 100644 --- a/lib/dns/include/dns/message.h +++ b/lib/dns/include/dns/message.h @@ -102,7 +102,6 @@ #define DNS_MESSAGEEXTFLAG_DO 0x8000U /*%< EDNS0 extended OPT codes */ - #define DNS_OPT_LLQ 1 /*%< LLQ opt code */ #define DNS_OPT_UL 2 /*%< UL opt code */ #define DNS_OPT_NSID 3 /*%< NSID opt code */ @@ -129,7 +128,7 @@ * options we know about. Extended DNS Errors may occur multiple times, see * DNS_EDE_MAX_ERRORS. */ -#define DNS_EDNSOPTIONS 8 + DNS_EDE_MAX_ERRORS +#define DNS_EDNSOPTIONS 9 + DNS_EDE_MAX_ERRORS #define DNS_MESSAGE_REPLYPRESERVE (DNS_MESSAGEFLAG_RD | DNS_MESSAGEFLAG_CD) #define DNS_MESSAGEEXTFLAG_REPLYPRESERVE (DNS_MESSAGEEXTFLAG_DO) diff --git a/lib/dns/rdata/generic/opt_41.c b/lib/dns/rdata/generic/opt_41.c index 5c81b1546cb..b52288dc9b0 100644 --- a/lib/dns/rdata/generic/opt_41.c +++ b/lib/dns/rdata/generic/opt_41.c @@ -266,6 +266,21 @@ fromwire_opt(ARGS_FROMWIRE) { } isc_region_consume(&sregion, length); break; + case DNS_OPT_ZONEVERSION: + if (length == 0) { + /* Request */ + break; + } + /* Labels and Type */ + if (length < 2) { + return DNS_R_OPTERR; + } + /* Type 0 (serial), length is 6. */ + if (sregion.base[1] == 0 && length != 6) { + return DNS_R_OPTERR; + } + isc_region_consume(&sregion, length); + break; default: isc_region_consume(&sregion, length); break;