From: Simon Kelley Date: Thu, 9 Apr 2015 20:48:00 +0000 (+0100) Subject: Fix crash on receipt of certain malformed DNS requests. X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ad4a8ff7d9097008d7623df8543df435bfddeac8;p=people%2Fms%2Fdnsmasq.git Fix crash on receipt of certain malformed DNS requests. --- diff --git a/CHANGELOG b/CHANGELOG index 6aa3d85..9af6170 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -125,6 +125,9 @@ version 2.72 Fix problem with --local-service option on big-endian platforms Thanks to Richard Genoud for the patch. + Fix crash on receipt of certain malformed DNS requests. Thanks + to Nick Sampanis for spotting the problem. + version 2.71 Subtle change to error handling to help DNSSEC validation diff --git a/src/rfc1035.c b/src/rfc1035.c index 7a07b0c..a995ab5 100644 --- a/src/rfc1035.c +++ b/src/rfc1035.c @@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name, size_t setup_reply(struct dns_header *header, size_t qlen, struct all_addr *addrp, unsigned int flags, unsigned long ttl) { - unsigned char *p = skip_questions(header, qlen); + unsigned char *p; + + if (!(p = skip_questions(header, qlen))) + return 0; /* clear authoritative and truncated flags, set QR flag */ header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR; @@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen, SET_RCODE(header, NOERROR); /* empty domain */ else if (flags == F_NXDOMAIN) SET_RCODE(header, NXDOMAIN); - else if (p && flags == F_IPV4) + else if (flags == F_IPV4) { /* we know the address */ SET_RCODE(header, NOERROR); header->ancount = htons(1); @@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen, add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp); } #ifdef HAVE_IPV6 - else if (p && flags == F_IPV6) + else if (flags == F_IPV6) { SET_RCODE(header, NOERROR); header->ancount = htons(1);