From 7c12bbab999367db0dcd9654088c170a1a131c43 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Mon, 8 Feb 2021 09:30:25 +0100 Subject: [PATCH] squash! iterate.c: fail on execissive data in a packet but lower priority of this, below RCODE errors. --- lib/layer/iterate.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/lib/layer/iterate.c b/lib/layer/iterate.c index 0a09a9006..c79126e1f 100644 --- a/lib/layer/iterate.c +++ b/lib/layer/iterate.c @@ -999,10 +999,7 @@ static int resolve(kr_layer_t *ctx, knot_pkt_t *pkt) /* Check for packet processing errors first. * Note - we *MUST* check if it has at least a QUESTION, * otherwise it would crash on accessing QNAME. */ - if (pkt->parsed < pkt->size) { - VERBOSE_MSG("<= pkt contains excessive data\n"); - return KR_STATE_FAIL; - } else if (pkt->parsed <= KNOT_WIRE_HEADER_SIZE) { + if (pkt->parsed <= KNOT_WIRE_HEADER_SIZE) { if (pkt->parsed == KNOT_WIRE_HEADER_SIZE && knot_wire_get_rcode(pkt->wire) == KNOT_RCODE_FORMERR) { /* This is a special case where we get valid header with FORMERR and nothing else. * This happens on some authoritatives which don't support EDNS and don't @@ -1102,6 +1099,12 @@ static int resolve(kr_layer_t *ctx, knot_pkt_t *pkt) return ret; } + if (pkt->parsed < pkt->size) { + VERBOSE_MSG("<= ignoring packet due to containing excessive data (%zu bytes)\n", + pkt->size - pkt->parsed); + return KR_STATE_FAIL; + } + int state; /* Forwarding/stub mode is special. */ if (query->flags.STUB) { -- 2.47.2