Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-20 02:38:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Reorder sanity checks on UDP packet reception, to cope with failed recvfrom()

Browse Source
This commit is contained in:
Simon Kelley
2014-03-24 22:04:42 +00:00
parent 56618c31f6
commit 490f90758d
1 changed files with 11 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/forward.c
View File

@@ -698,13 +698,19 @@ void reply_query(int fd, int family, time_t now)
serveraddr.in6.sin6_flowinfo = 0; serveraddr.in6.sin6_flowinfo = 0;
#endif #endif
header = (struct dns_header *)daemon->packet;
if (n < (int)sizeof(struct dns_header) || !(header->hb3 & HB3_QR))
return;
/* spoof check: answer must come from known server, */ /* spoof check: answer must come from known server, */
for (server = daemon->servers; server; server = server->next) for (server = daemon->servers; server; server = server->next)
if (!(server->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR)) && if (!(server->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR)) &&
sockaddr_isequal(&server->addr, &serveraddr)) sockaddr_isequal(&server->addr, &serveraddr))
break; break;
header = (struct dns_header *)daemon->packet; if (!server)
return;
#ifdef HAVE_DNSSEC #ifdef HAVE_DNSSEC
hash = hash_questions(header, n, daemon->namebuff); hash = hash_questions(header, n, daemon->namebuff);
@@ -713,9 +719,7 @@ void reply_query(int fd, int family, time_t now)
crc = questions_crc(header, n, daemon->namebuff); crc = questions_crc(header, n, daemon->namebuff);
#endif #endif
if (!server || if (!(forward = lookup_frec(ntohs(header->id), hash)))
n < (int)sizeof(struct dns_header) || !(header->hb3 & HB3_QR) ||
!(forward = lookup_frec(ntohs(header->id), hash)))
return; return;
if ((RCODE(header) == SERVFAIL || RCODE(header) == REFUSED) && if ((RCODE(header) == SERVFAIL || RCODE(header) == REFUSED) &&