From 5c6630c50cece54ca00d5ec70d3042d26f991b11 Mon Sep 17 00:00:00 2001 From: =?utf8?q?=C5=A0t=C4=9Bp=C3=A1n=20Bal=C3=A1=C5=BEik?= Date: Wed, 20 Jan 2021 12:25:38 +0100 Subject: [PATCH] fail on execissive data in a packet --- lib/layer/iterate.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/lib/layer/iterate.c b/lib/layer/iterate.c index 89589b041..9a4679b00 100644 --- a/lib/layer/iterate.c +++ b/lib/layer/iterate.c @@ -1014,14 +1014,11 @@ static int resolve(kr_layer_t *ctx, knot_pkt_t *pkt) /* Check for packet processing errors first. * Note - we *MUST* check if it has at least a QUESTION, * otherwise it would crash on accessing QNAME. */ -#ifdef STRICT_MODE if (pkt->parsed < pkt->size) { VERBOSE_MSG("<= pkt contains excessive data\n"); return KR_STATE_FAIL; - } else -#endif - if (pkt->parsed <= KNOT_WIRE_HEADER_SIZE) { - if (pkt->parsed == KNOT_WIRE_HEADER_SIZE && knot_wire_get_rcode(pkt->wire) == KNOT_RCODE_FORMERR) { + } else if (pkt->parsed <= KNOT_WIRE_HEADER_SIZE) { + if (pkt->parsed == KNOT_WIRE_HEADER_SIZE && knot_wire_get_rcode(pkt->wire) == KNOT_RCODE_REFUSED) { /* This is a special case where we get valid header with FORMERROR and nothing else. * This happens on some authoritatives which don't support EDNS and don't * bother copying the SECTION QUESTION. */ -- 2.47.2