summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-12-10 13:46:53 +0100
committerLennart Poettering <lennart@poettering.net>2015-12-11 14:14:27 +0100
commite6b57b378709af68d1828e26aec684f88bd04172 (patch)
tree91c28e8b50aaee95e6106dd9d368d46ba0164463
parentresolved: refuse to cache ANY kind of pseudo-RR-type (diff)
downloadsystemd-e6b57b378709af68d1828e26aec684f88bd04172.tar.xz
systemd-e6b57b378709af68d1828e26aec684f88bd04172.zip
resolved: refuse OPT RRs in incoming packets that are not in the additional section
We later rely that the DnsAnswer object contains all RRs from the original packet, at least when it comes to the answer and authorization sections, hence we better make sure we don#t silently end up removing an OPT RR from these two sections.
-rw-r--r--src/resolve/resolved-dns-packet.c14
1 files changed, 12 insertions, 2 deletions
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
index 2117b70979..7c5be538b8 100644
--- a/src/resolve/resolved-dns-packet.c
+++ b/src/resolve/resolved-dns-packet.c
@@ -1993,8 +1993,18 @@ int dns_packet_extract(DnsPacket *p) {
goto finish;
if (rr->key->type == DNS_TYPE_OPT) {
- if (p->opt)
- return -EBADMSG;
+
+ /* The OPT RR is only valid in the Additional section */
+ if (i < DNS_PACKET_ANCOUNT(p) + DNS_PACKET_NSCOUNT(p)) {
+ r = -EBADMSG;
+ goto finish;
+ }
+
+ /* Two OPT RRs? */
+ if (p->opt) {
+ r = -EBADMSG;
+ goto finish;
+ }
p->opt = dns_resource_record_ref(rr);
} else {