[systemd-devel] [PATCH 1/2] Fix redirection loops in compressed RR
Stanisław Pitucha
viraptor at gmail.com
Mon Nov 17 21:25:20 PST 2014
Loops in RR compression were only detected for the first entry.
Multiple redirections should be allowed, each one checking for an
infinite loop on its own starting point.
Also update the pointer on each redirection to avoid longer loops of
labels and redirections, in names like:
(start) [len=1] "A", [ptr to start]
---
src/resolve/resolved-dns-packet.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
index e5d07b3..96eaaf2 100644
--- a/src/resolve/resolved-dns-packet.c
+++ b/src/resolve/resolved-dns-packet.c
@@ -860,7 +860,7 @@ fail:
int dns_packet_read_name(DnsPacket *p, char **_ret,
bool allow_compression, size_t *start) {
- size_t saved_rindex, after_rindex = 0;
+ size_t saved_rindex, after_rindex = 0, earliest_compression_pointer;
_cleanup_free_ char *ret = NULL;
size_t n = 0, allocated = 0;
bool first = true;
@@ -870,6 +870,7 @@ int dns_packet_read_name(DnsPacket *p, char **_ret,
assert(_ret);
saved_rindex = p->rindex;
+ earliest_compression_pointer = p->rindex;
for (;;) {
uint8_t c, d;
@@ -916,7 +917,7 @@ int dns_packet_read_name(DnsPacket *p, char **_ret,
goto fail;
ptr = (uint16_t) (c & ~0xc0) << 8 | (uint16_t) d;
- if (ptr < DNS_PACKET_HEADER_SIZE || ptr >= saved_rindex) {
+ if (ptr < DNS_PACKET_HEADER_SIZE || ptr >= earliest_compression_pointer) {
r = -EBADMSG;
goto fail;
}
@@ -924,6 +925,7 @@ int dns_packet_read_name(DnsPacket *p, char **_ret,
if (after_rindex == 0)
after_rindex = p->rindex;
+ earliest_compression_pointer = ptr;
p->rindex = ptr;
} else
goto fail;
--
2.1.2
More information about the systemd-devel
mailing list