1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
commit ad4a8ff7d9097008d7623df8543df435bfddeac8
Author: Simon Kelley <simon@thekelleys.org.uk>
Date: Thu Apr 9 21:48:00 2015 +0100
Fix crash on receipt of certain malformed DNS requests.
diff --git a/src/rfc1035.c b/src/rfc1035.c
index 7a07b0c..a995ab5 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name,
size_t setup_reply(struct dns_header *header, size_t qlen,
struct all_addr *addrp, unsigned int flags, unsigned long ttl)
{
- unsigned char *p = skip_questions(header, qlen);
+ unsigned char *p;
+
+ if (!(p = skip_questions(header, qlen)))
+ return 0;
/* clear authoritative and truncated flags, set QR flag */
header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
@@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
SET_RCODE(header, NOERROR); /* empty domain */
else if (flags == F_NXDOMAIN)
SET_RCODE(header, NXDOMAIN);
- else if (p && flags == F_IPV4)
+ else if (flags == F_IPV4)
{ /* we know the address */
SET_RCODE(header, NOERROR);
header->ancount = htons(1);
@@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp);
}
#ifdef HAVE_IPV6
- else if (p && flags == F_IPV6)
+ else if (flags == F_IPV6)
{
SET_RCODE(header, NOERROR);
header->ancount = htons(1);
|
GitWeb
