[systemd-devel] [PATCH 1/2] Fix redirection loops in compressed RR

David Herrmann dh.herrmann at gmail.com
Thu Nov 27 07:35:41 PST 2014 

Hi

On Tue, Nov 18, 2014 at 6:25 AM, Stanisław Pitucha <viraptor at gmail.com> wrote:
> Loops in RR compression were only detected for the first entry.
> Multiple redirections should be allowed, each one checking for an
> infinite loop on its own starting point.
> Also update the pointer on each redirection to avoid longer loops of
> labels and redirections, in names like:
> (start) [len=1] "A", [ptr to start]

I renamed the variable to "jump_barrier" and added a comment with a
reference to RFC-1035 4.1.4 which limits jumps to a "prior occurrence"
of a name.

Applied!

Thanks
David

> ---
>  src/resolve/resolved-dns-packet.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
> index e5d07b3..96eaaf2 100644
> --- a/src/resolve/resolved-dns-packet.c
> +++ b/src/resolve/resolved-dns-packet.c
> @@ -860,7 +860,7 @@ fail:
>
>  int dns_packet_read_name(DnsPacket *p, char **_ret,
>                           bool allow_compression, size_t *start) {
> -        size_t saved_rindex, after_rindex = 0;
> +        size_t saved_rindex, after_rindex = 0, earliest_compression_pointer;
>          _cleanup_free_ char *ret = NULL;
>          size_t n = 0, allocated = 0;
>          bool first = true;
> @@ -870,6 +870,7 @@ int dns_packet_read_name(DnsPacket *p, char **_ret,
>          assert(_ret);
>
>          saved_rindex = p->rindex;
> +        earliest_compression_pointer = p->rindex;
>
>          for (;;) {
>                  uint8_t c, d;
> @@ -916,7 +917,7 @@ int dns_packet_read_name(DnsPacket *p, char **_ret,
>                                  goto fail;
>
>                          ptr = (uint16_t) (c & ~0xc0) << 8 | (uint16_t) d;
> -                        if (ptr < DNS_PACKET_HEADER_SIZE || ptr >= saved_rindex) {
> +                        if (ptr < DNS_PACKET_HEADER_SIZE || ptr >= earliest_compression_pointer) {
>                                  r = -EBADMSG;
>                                  goto fail;
>                          }
> @@ -924,6 +925,7 @@ int dns_packet_read_name(DnsPacket *p, char **_ret,
>                          if (after_rindex == 0)
>                                  after_rindex = p->rindex;
>
> +                        earliest_compression_pointer = ptr;
>                          p->rindex = ptr;
>                  } else
>                          goto fail;
> --
> 2.1.2
>
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel

More information about the systemd-devel mailing list