[systemd-commits] src/resolve
David Herrmann
dvdhrm at kemper.freedesktop.org
Thu Nov 27 07:36:56 PST 2014
src/resolve/resolved-dns-packet.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
New commits:
commit c75dbf9bea577057c5a6ee3d52db6e13aa6caa57
Author: Stanisław Pitucha <viraptor at gmail.com>
Date: Tue Nov 18 16:25:20 2014 +1100
resolve: fix redirection loops in compressed RR
Loops in RR compression were only detected for the first entry.
Multiple redirections should be allowed, each one checking for an
infinite loop on its own starting point.
Also update the pointer on each redirection to avoid longer loops of
labels and redirections, in names like:
(start) [len=1] "A", [ptr to start]
(David: rename variable to "jump_barrier" and add reference to RFC)
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
index e5d07b3..2afb8d0 100644
--- a/src/resolve/resolved-dns-packet.c
+++ b/src/resolve/resolved-dns-packet.c
@@ -860,7 +860,7 @@ fail:
int dns_packet_read_name(DnsPacket *p, char **_ret,
bool allow_compression, size_t *start) {
- size_t saved_rindex, after_rindex = 0;
+ size_t saved_rindex, after_rindex = 0, jump_barrier;
_cleanup_free_ char *ret = NULL;
size_t n = 0, allocated = 0;
bool first = true;
@@ -870,6 +870,7 @@ int dns_packet_read_name(DnsPacket *p, char **_ret,
assert(_ret);
saved_rindex = p->rindex;
+ jump_barrier = p->rindex;
for (;;) {
uint8_t c, d;
@@ -916,7 +917,7 @@ int dns_packet_read_name(DnsPacket *p, char **_ret,
goto fail;
ptr = (uint16_t) (c & ~0xc0) << 8 | (uint16_t) d;
- if (ptr < DNS_PACKET_HEADER_SIZE || ptr >= saved_rindex) {
+ if (ptr < DNS_PACKET_HEADER_SIZE || ptr >= jump_barrier) {
r = -EBADMSG;
goto fail;
}
@@ -924,6 +925,8 @@ int dns_packet_read_name(DnsPacket *p, char **_ret,
if (after_rindex == 0)
after_rindex = p->rindex;
+ /* Jumps are limited to a "prior occurence" (RFC-1035 4.1.4) */
+ jump_barrier = ptr;
p->rindex = ptr;
} else
goto fail;
More information about the systemd-commits
mailing list