Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't return arcount=1 if EDNS0 RR won't fit in the packet.

Browse Source 
Omitting the EDNS0 RR but setting arcount gives a malformed packet.
Also, don't accept UDP packet size less than 512 in recieved EDNS0.
This commit is contained in:
Simon Kelley
2017-09-07 20:45:00 +01:00
parent 63437ffbb5
commit a3303e196e
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/edns0.c
View File

@@ -208,7 +208,10 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l
free(buff);
p += rdlen;
}
header->arcount = htons(ntohs(header->arcount) + 1);
/* Only bump arcount if RR is going to fit */
if (((ssize_t)optlen) <= (limit - (p + 4)))
header->arcount = htons(ntohs(header->arcount) + 1);
}
if (((ssize_t)optlen) > (limit - (p + 4)))

2
src/forward.c
View File

@@ -1412,6 +1412,8 @@ void receive_query(struct listener *listen, time_t now)
defaults to 512 */
if (udp_size > daemon->edns_pktsz)
udp_size = daemon->edns_pktsz;
else if (udp_size < PACKETSZ)
udp_size = PACKETSZ; /* Sanity check - can't reduce below default. RFC 6891 6.2.3 */
}
#ifdef HAVE_AUTH