mirror of https://github.com/getdnsapi/getdns.git
CNAME loops protection
This commit is contained in:
Willem Toorop
parent
2b81be8859
commit
40477d3f00
|
|
@ -1026,6 +1026,8 @@ FreeBSD)
|
|||
esac
|
||||
AC_SUBST(C99COMPATFLAGS)
|
||||
|
||||
AC_DEFINE_UNQUOTED([MAX_CNAME_REFERRALS], [100], [The maximum number of cname referrals.])
|
||||
|
||||
AH_BOTTOM([
|
||||
|
||||
#ifdef GETDNS_ON_WINDOWS
|
||||
|
|
|
|||
|
|
@ -210,9 +210,6 @@
|
|||
#include "list.h"
|
||||
#include "util/val_secalgo.h"
|
||||
|
||||
/* Maximum number of canonical name redirections for one name */
|
||||
#define MAX_CNAMES 100
|
||||
|
||||
#define SIGNATURE_VERIFIED 0x10000
|
||||
#define NSEC3_ITERATION_COUNT_HIGH 0x20000
|
||||
#define NO_SUPPORTED_ALGORITHMS 0x40000
|
||||
|
|
@ -1069,7 +1066,7 @@ static void add_question2val_chain(struct mem_funcs *mf,
|
|||
q_rrset.pkt = pkt;
|
||||
q_rrset.pkt_len = pkt_len;
|
||||
|
||||
for (anti_loop = MAX_CNAMES; anti_loop; anti_loop--) {
|
||||
for (anti_loop = MAX_CNAME_REFERRALS; anti_loop; anti_loop--) {
|
||||
if (!(rr = rrtype_iter_init(&rr_spc, &q_rrset)))
|
||||
break;
|
||||
if (!(rdf = _getdns_rdf_iter_init(&rdf_spc, &rr->rr_i)))
|
||||
|
|
|
|||
|
|
@ -84,7 +84,7 @@ static int
|
|||
no_answer(getdns_dns_req *dns_req)
|
||||
{
|
||||
getdns_network_req **netreq_p, *netreq;
|
||||
int new_canonical = 0;
|
||||
int new_canonical = 0, cnames_followed;
|
||||
uint8_t canon_spc[256];
|
||||
const uint8_t *canon;
|
||||
size_t canon_len;
|
||||
|
|
@ -103,7 +103,7 @@ no_answer(getdns_dns_req *dns_req)
|
|||
canon_len = netreq->owner->name_len;
|
||||
if (netreq->request_type != GETDNS_RRTYPE_CNAME
|
||||
&& GLDNS_ANCOUNT(netreq->response) > 1) do {
|
||||
new_canonical = 0;
|
||||
new_canonical = 0, cnames_followed = 0;
|
||||
for ( rr = _getdns_rr_iter_init(&rr_spc
|
||||
, netreq->response
|
||||
, netreq->response_len)
|
||||
|
|
@ -131,8 +131,9 @@ no_answer(getdns_dns_req *dns_req)
|
|||
canon = _getdns_rdf_if_or_as_decompressed(
|
||||
rdf, canon_spc, &canon_len);
|
||||
new_canonical = 1;
|
||||
cnames_followed++;
|
||||
}
|
||||
} while (new_canonical);
|
||||
} while (new_canonical && cnames_followed<MAX_CNAME_REFERRALS);
|
||||
for ( rr = _getdns_rr_iter_init(&rr_spc
|
||||
, netreq->response
|
||||
, netreq->response_len)
|
||||
|
|
|
|||
|
|
@ -707,7 +707,7 @@ _getdns_create_reply_dict(getdns_context *context, getdns_network_req *req,
|
|||
goto error;
|
||||
|
||||
cnames_followed = new_canonical;
|
||||
while (new_canonical) {
|
||||
while (cnames_followed < MAX_CNAME_REFERRALS && new_canonical) {
|
||||
new_canonical = 0;
|
||||
|
||||
for ( rr_iter = _getdns_rr_iter_init(&rr_iter_storage
|
||||
|
|
@ -737,6 +737,7 @@ _getdns_create_reply_dict(getdns_context *context, getdns_network_req *req,
|
|||
canonical_name = _getdns_rdf_if_or_as_decompressed(
|
||||
rdf_iter,canonical_name_space,&canonical_name_len);
|
||||
new_canonical = 1;
|
||||
cnames_followed++;
|
||||
}
|
||||
}
|
||||
if (_getdns_dict_set_const_bindata(
|
||||
|
|
|
|||
Loading…
Reference in New Issue