openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

File auth-3.4.6.patch of Package pdns

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index e92eb05..6d2383c 100644
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -996,6 +996,14 @@ DNSPacket *PacketHandler::questionOrRecurse(DNSPacket *p, bool *shouldRecurse)
     return 0;
   }
 
+  if(p->d.tc) { // truncated query. MOADNSParser would silently parse this packet in an incomplete way.
+    if(d_logDNSDetails)
+      L<<Logger::Error<<"Received truncated query packet from "<<p->getRemote()<<", dropping"<<endl;
+    S.inc("corrupt-packets");
+    S.ringAccount("remotes-corrupt", p->getRemote());
+    return 0;
+  }
+
   if (p->hasEDNS() && p->getEDNSVersion() > 0) {
     r = p->replyPacket();
     r->setRcode(16 & 0xF);
-- 
2.6.2

From 6a2fb8a08a5a3301bf8df872e0c2a678e6084a5a Mon Sep 17 00:00:00 2001
From: Christian Hofstaedtler <christian.hofstaedtler@deduktiva.com>
Date: Mon, 12 Oct 2015 12:44:33 +0200
Subject: [PATCH 2/2] Ignore invalid/empty TKEY and TSIG records

---
 pdns/dnspacket.cc | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/pdns/dnspacket.cc b/pdns/dnspacket.cc
index 09ea0b7..ba77265 100644
--- a/pdns/dnspacket.cc
+++ b/pdns/dnspacket.cc
@@ -464,10 +464,15 @@ bool DNSPacket::getTSIGDetails(TSIGRecordContent* trc, string* keyname, string*
   bool gotit=false;
   for(MOADNSParser::answers_t::const_iterator i=mdp.d_answers.begin(); i!=mdp.d_answers.end(); ++i) {          
     if(i->first.d_type == QType::TSIG) {
-      *trc = *boost::dynamic_pointer_cast<TSIGRecordContent>(i->first.d_content);
-      
-      gotit=true;
+      // cast can fail, f.e. if d_content is an UnknownRecordContent.
+      shared_ptr<TSIGRecordContent> content = boost::dynamic_pointer_cast<TSIGRecordContent>(i->first.d_content);
+      if (!content) {
+        L<<Logger::Error<<"TSIG record has no or invalid content (invalid packet)"<<endl;
+        return false;
+      }
+      *trc = *content;
       *keyname = i->first.d_label;
+      gotit=true;
       if(!keyname->empty())
         keyname->resize(keyname->size()-1); // drop the trailing dot
     }
@@ -492,7 +497,13 @@ bool DNSPacket::getTKEYRecord(TKEYRecordContent *tr, string *keyname) const
     }
 
     if(i->first.d_type == QType::TKEY) {
-      *tr = *boost::dynamic_pointer_cast<TKEYRecordContent>(i->first.d_content);
+      // cast can fail, f.e. if d_content is an UnknownRecordContent.
+      shared_ptr<TKEYRecordContent> content = boost::dynamic_pointer_cast<TKEYRecordContent>(i->first.d_content);
+      if (!content) {
+        L<<Logger::Error<<"TKEY record has no or invalid content (invalid packet)"<<endl;
+        return false;
+      }
+      *tr = *content;
       *keyname = i->first.d_label;
       gotit=true;
     }

Places

File auth-3.4.6.patch of Package pdns

Places