From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 9 Dec 2015 18:08:45 +0000 (+0100)
Subject: resolved: don't accept doing queries for invalid RR types
X-Git-Tag: v229~217^2~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9eae2bf3189c07e30a752e38b2ad3856450f1d06;p=thirdparty%2Fsystemd.git

resolved: don't accept doing queries for invalid RR types
---

diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index 00ecd3d11e6..1dcd2c78c0d 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -106,6 +106,14 @@ int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key)
         assert(s);
         assert(key);
 
+        /* Don't allow looking up invalid or pseudo RRs */
+        if (IN_SET(key->type, DNS_TYPE_OPT, 0, DNS_TYPE_TSIG, DNS_TYPE_TKEY))
+                return -EINVAL;
+
+        /* We only support the IN class */
+        if (key->class != DNS_CLASS_IN)
+                return -EOPNOTSUPP;
+
         r = hashmap_ensure_allocated(&s->manager->dns_transactions, NULL);
         if (r < 0)
                 return r;