From: Wouter Wijngaards Date: Thu, 6 Nov 2008 10:59:31 +0000 (+0000) Subject: Fixup decompression for private-name checks. X-Git-Tag: release-1.1.0~17 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3708097870351e41415663383a277941d2851dac;p=thirdparty%2Funbound.git Fixup decompression for private-name checks. git-svn-id: file:///svn/unbound/trunk@1334 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index 48585cbe9..20bd1684a 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +6 November 2008: Wouter + - dname_priv must decompress the name before comparison. + 5 November 2008: Wouter - fixed possible memory leak in key_entry_key deletion. Would leak a couple bytes when trust anchors were replaced. diff --git a/doc/plan b/doc/plan index 7096bcc80..90f1599d5 100644 --- a/doc/plan +++ b/doc/plan @@ -77,7 +77,7 @@ not stats on SIGUSR1. perhaps also see which slow auth servers cause >1sec value + direct queries for NS records + careful caching, only NS query causes referral caching. + direct queries for A, AAAA in-bailiwick from a referral. -* trouble counter, cache wipe threshold. ++ trouble counter, cache wipe threshold. + off-path validation + root NS, root glue validation after prime @@ -101,4 +101,5 @@ o on windows version, implement that OS ancillary data capabilities for interface-automatic. IPPKTINFO, IP6PKTINFO for WSARecvMsg, WSASendMsg. o local-zone directive with authority service, full authority server is a non-goal. +o configure option to force use of builtin ldns tarball. diff --git a/iterator/iter_priv.c b/iterator/iter_priv.c index ccd530b87..6d8aad955 100644 --- a/iterator/iter_priv.c +++ b/iterator/iter_priv.c @@ -180,16 +180,24 @@ priv_lookup_addr(struct iter_priv* priv, struct sockaddr_storage* addr, /** * See if a name is whitelisted. * @param priv: structure for address storage. + * @param pkt: the packet (for compression ptrs). * @param name: name to check. * @param dclass: class to check. * @return: true if the name is OK. false if unlisted. */ static int -priv_lookup_name(struct iter_priv* priv, uint8_t* name, uint16_t dclass) +priv_lookup_name(struct iter_priv* priv, ldns_buffer* pkt, + uint8_t* name, size_t dname_len, uint16_t dclass) { size_t len; - int labs = dname_count_size_labels(name, &len); - return name_tree_lookup(&priv->n, name, len, labs, dclass) != NULL; + uint8_t decomp[256]; + int labs; + if(dname_len >= sizeof(decomp)) + return 0; + dname_pkt_copy(pkt, decomp, name); + labs = dname_count_size_labels(decomp, &len); + log_assert(dname_len == len); + return name_tree_lookup(&priv->n, decomp, len, labs, dclass) != NULL; } size_t priv_get_mem(struct iter_priv* priv) @@ -198,10 +206,12 @@ size_t priv_get_mem(struct iter_priv* priv) return sizeof(*priv) + regional_get_mem(priv->region); } -int priv_rrset_bad(struct iter_priv* priv, struct rrset_parse* rrset) +int priv_rrset_bad(struct iter_priv* priv, ldns_buffer* pkt, + struct rrset_parse* rrset) { /* see if it is a private name, that is allowed to have any */ - if(priv_lookup_name(priv, rrset->dname, ntohs(rrset->rrset_class))) { + if(priv_lookup_name(priv, pkt, rrset->dname, rrset->dname_len, + ntohs(rrset->rrset_class))) { return 0; } else { /* so its a public name, check the address */ diff --git a/iterator/iter_priv.h b/iterator/iter_priv.h index b7177ccad..62860ffb5 100644 --- a/iterator/iter_priv.h +++ b/iterator/iter_priv.h @@ -92,10 +92,12 @@ int priv_apply_cfg(struct iter_priv* priv, struct config_file* cfg); /** * See if rrset is bad. * @param priv: structure for private address storage. + * @param pkt: packet to decompress rrset name in. * @param rrset: the rrset to examine, A or AAAA. * @return true if the rrset is bad and should be removed. */ -int priv_rrset_bad(struct iter_priv* priv, struct rrset_parse* rrset); +int priv_rrset_bad(struct iter_priv* priv, ldns_buffer* pkt, + struct rrset_parse* rrset); /** * Get memory used by priv structure. diff --git a/iterator/iter_scrub.c b/iterator/iter_scrub.c index 09abb219a..f57c8a365 100644 --- a/iterator/iter_scrub.c +++ b/iterator/iter_scrub.c @@ -614,7 +614,7 @@ scrub_sanitize(ldns_buffer* pkt, struct msg_parse* msg, /* remove private addresses */ if( (rrset->type == LDNS_RR_TYPE_A || rrset->type == LDNS_RR_TYPE_AAAA) && - priv_rrset_bad(ie->priv, rrset)) { + priv_rrset_bad(ie->priv, pkt, rrset)) { /* set servfail, so the classification becomes * THROWAWAY, instead of LAME or other unwanted */ FLAGS_SET_RCODE(msg->flags, LDNS_RCODE_SERVFAIL);