Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Handle failure of hash_questions()

Browse Source
This commit is contained in:
Tomas Hozza
2014-03-25 20:52:28 +00:00
committed by Simon Kelley
parent fc2833f172
commit b37f8b99ae
1 changed files with 33 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
src/forward.c
View File

@@ -1417,42 +1417,44 @@ static int tcp_check_for_unsigned_zone(time_t now, struct dns_header *header, s
/* We rely on the question section coming back unchanged, ensure it is with the hash. */ /* We rely on the question section coming back unchanged, ensure it is with the hash. */
if ((newhash = hash_questions(header, (unsigned int)m, name))) if ((newhash = hash_questions(header, (unsigned int)m, name)))
memcpy(hash, newhash, HASH_SIZE);
*length = htons(m);
if (read_write(server->tcpfd, packet, m + sizeof(u16), 0) &&
read_write(server->tcpfd, &c1, 1, 1) &&
read_write(server->tcpfd, &c2, 1, 1) &&
read_write(server->tcpfd, payload, (c1 << 8) | c2, 1))
{ {
m = (c1 << 8) | c2; memcpy(hash, newhash, HASH_SIZE);
*length = htons(m);
newhash = hash_questions(header, (unsigned int)m, name); if (read_write(server->tcpfd, packet, m + sizeof(u16), 0) &&
if (newhash && memcmp(hash, newhash, HASH_SIZE) == 0) read_write(server->tcpfd, &c1, 1, 1) &&
read_write(server->tcpfd, &c2, 1, 1) &&
read_write(server->tcpfd, payload, (c1 << 8) | c2, 1))
{ {
/* Note this trashes all three name workspaces */ m = (c1 << 8) | c2;
status = tcp_key_recurse(now, STAT_NEED_DS_NEG, header, m, class, name, keyname, server, keycount);
/* We've found a DS which proves the bit of the DNS where the
original query is, is unsigned, so the answer is OK,
if unvalidated. */
if (status == STAT_NO_DS)
{
free(packet);
return STAT_INSECURE;
}
/* No DS, not got to DNSSEC-land yet, go up. */ newhash = hash_questions(header, (unsigned int)m, name);
if (status == STAT_INSECURE) if (newhash && memcmp(hash, newhash, HASH_SIZE) == 0)
{ {
p = (unsigned char *)(header+1); /* Note this trashes all three name workspaces */
status = tcp_key_recurse(now, STAT_NEED_DS_NEG, header, m, class, name, keyname, server, keycount);
if (extract_name(header, plen, &p, name, 1, 4) && /* We've found a DS which proves the bit of the DNS where the
(name_start = strchr(name, '.'))) original query is, is unsigned, so the answer is OK,
if unvalidated. */
if (status == STAT_NO_DS)
{ {
name_start++; /* chop a label off and try again */ free(packet);
continue; return STAT_INSECURE;
}
/* No DS, not got to DNSSEC-land yet, go up. */
if (status == STAT_INSECURE)
{
p = (unsigned char *)(header+1);
if (extract_name(header, plen, &p, name, 1, 4) &&
(name_start = strchr(name, '.')))
{
name_start++; /* chop a label off and try again */
continue;
}
} }
} }
} }
@@ -1731,6 +1733,8 @@ unsigned char *tcp_request(int confd, time_t now,
unsigned char *newhash, hash[HASH_SIZE]; unsigned char *newhash, hash[HASH_SIZE];
if ((newhash = hash_questions(header, (unsigned int)size, daemon->keyname))) if ((newhash = hash_questions(header, (unsigned int)size, daemon->keyname)))
memcpy(hash, newhash, HASH_SIZE); memcpy(hash, newhash, HASH_SIZE);
else
memset(hash, 0, HASH_SIZE);
#else #else
unsigned int crc = questions_crc(header, (unsigned int)size, daemon->namebuff); unsigned int crc = questions_crc(header, (unsigned int)size, daemon->namebuff);
#endif #endif