From: Vladimír Čunát Date: Mon, 8 Feb 2021 08:30:25 +0000 (+0100) Subject: squash! iterate.c: fail on execissive data in a packet X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fmerge-requests%2F1132%2Fhead;p=thirdparty%2Fknot-resolver.git squash! iterate.c: fail on execissive data in a packet but lower priority of this, below RCODE errors. --- diff --git a/lib/layer/iterate.c b/lib/layer/iterate.c index 0a09a9006..c79126e1f 100644 --- a/lib/layer/iterate.c +++ b/lib/layer/iterate.c @@ -999,10 +999,7 @@ static int resolve(kr_layer_t *ctx, knot_pkt_t *pkt) /* Check for packet processing errors first. * Note - we *MUST* check if it has at least a QUESTION, * otherwise it would crash on accessing QNAME. */ - if (pkt->parsed < pkt->size) { - VERBOSE_MSG("<= pkt contains excessive data\n"); - return KR_STATE_FAIL; - } else if (pkt->parsed <= KNOT_WIRE_HEADER_SIZE) { + if (pkt->parsed <= KNOT_WIRE_HEADER_SIZE) { if (pkt->parsed == KNOT_WIRE_HEADER_SIZE && knot_wire_get_rcode(pkt->wire) == KNOT_RCODE_FORMERR) { /* This is a special case where we get valid header with FORMERR and nothing else. * This happens on some authoritatives which don't support EDNS and don't @@ -1102,6 +1099,12 @@ static int resolve(kr_layer_t *ctx, knot_pkt_t *pkt) return ret; } + if (pkt->parsed < pkt->size) { + VERBOSE_MSG("<= ignoring packet due to containing excessive data (%zu bytes)\n", + pkt->size - pkt->parsed); + return KR_STATE_FAIL; + } + int state; /* Forwarding/stub mode is special. */ if (query->flags.STUB) {