interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

CNAME loops protection

This commit is contained in:
Willem Toorop 2016-05-30 17:02:28 +02:00
parent 2b81be8859
commit 40477d3f00
4 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@ -1026,6 +1026,8 @@ FreeBSD)
esac esac
AC_SUBST(C99COMPATFLAGS) AC_SUBST(C99COMPATFLAGS)
AC_DEFINE_UNQUOTED([MAX_CNAME_REFERRALS], [100], [The maximum number of cname referrals.])
AH_BOTTOM([ AH_BOTTOM([
#ifdef GETDNS_ON_WINDOWS #ifdef GETDNS_ON_WINDOWS

5
src/dnssec.c
View File

@ -210,9 +210,6 @@
#include "list.h" #include "list.h"
#include "util/val_secalgo.h" #include "util/val_secalgo.h"
/* Maximum number of canonical name redirections for one name */
#define MAX_CNAMES 100
#define SIGNATURE_VERIFIED 0x10000 #define SIGNATURE_VERIFIED 0x10000
#define NSEC3_ITERATION_COUNT_HIGH 0x20000 #define NSEC3_ITERATION_COUNT_HIGH 0x20000
#define NO_SUPPORTED_ALGORITHMS 0x40000 #define NO_SUPPORTED_ALGORITHMS 0x40000
@ -1069,7 +1066,7 @@ static void add_question2val_chain(struct mem_funcs *mf,
q_rrset.pkt = pkt; q_rrset.pkt = pkt;
q_rrset.pkt_len = pkt_len; q_rrset.pkt_len = pkt_len;
for (anti_loop = MAX_CNAMES; anti_loop; anti_loop--) { for (anti_loop = MAX_CNAME_REFERRALS; anti_loop; anti_loop--) {
if (!(rr = rrtype_iter_init(&rr_spc, &q_rrset))) if (!(rr = rrtype_iter_init(&rr_spc, &q_rrset)))
break; break;
if (!(rdf = _getdns_rdf_iter_init(&rdf_spc, &rr->rr_i))) if (!(rdf = _getdns_rdf_iter_init(&rdf_spc, &rr->rr_i)))

7
src/general.c
View File

@ -84,7 +84,7 @@ static int
no_answer(getdns_dns_req *dns_req) no_answer(getdns_dns_req *dns_req)
{ {
getdns_network_req **netreq_p, *netreq; getdns_network_req **netreq_p, *netreq;
int new_canonical = 0; int new_canonical = 0, cnames_followed;
uint8_t canon_spc[256]; uint8_t canon_spc[256];
const uint8_t *canon; const uint8_t *canon;
size_t canon_len; size_t canon_len;
@ -103,7 +103,7 @@ no_answer(getdns_dns_req *dns_req)
canon_len = netreq->owner->name_len; canon_len = netreq->owner->name_len;
if (netreq->request_type != GETDNS_RRTYPE_CNAME if (netreq->request_type != GETDNS_RRTYPE_CNAME
&& GLDNS_ANCOUNT(netreq->response) > 1) do { && GLDNS_ANCOUNT(netreq->response) > 1) do {
new_canonical = 0; new_canonical = 0, cnames_followed = 0;
for ( rr = _getdns_rr_iter_init(&rr_spc for ( rr = _getdns_rr_iter_init(&rr_spc
, netreq->response , netreq->response
, netreq->response_len) , netreq->response_len)
@ -131,8 +131,9 @@ no_answer(getdns_dns_req *dns_req)
canon = _getdns_rdf_if_or_as_decompressed( canon = _getdns_rdf_if_or_as_decompressed(
rdf, canon_spc, &canon_len); rdf, canon_spc, &canon_len);
new_canonical = 1; new_canonical = 1;
cnames_followed++;
} }
} while (new_canonical); } while (new_canonical && cnames_followed<MAX_CNAME_REFERRALS);
for ( rr = _getdns_rr_iter_init(&rr_spc for ( rr = _getdns_rr_iter_init(&rr_spc
, netreq->response , netreq->response
, netreq->response_len) , netreq->response_len)

3
src/util-internal.c
View File

@ -707,7 +707,7 @@ _getdns_create_reply_dict(getdns_context *context, getdns_network_req *req,
goto error; goto error;
cnames_followed = new_canonical; cnames_followed = new_canonical;
while (new_canonical) { while (cnames_followed < MAX_CNAME_REFERRALS && new_canonical) {
new_canonical = 0; new_canonical = 0;
for ( rr_iter = _getdns_rr_iter_init(&rr_iter_storage for ( rr_iter = _getdns_rr_iter_init(&rr_iter_storage
@ -737,6 +737,7 @@ _getdns_create_reply_dict(getdns_context *context, getdns_network_req *req,
canonical_name = _getdns_rdf_if_or_as_decompressed( canonical_name = _getdns_rdf_if_or_as_decompressed(
rdf_iter,canonical_name_space,&canonical_name_len); rdf_iter,canonical_name_space,&canonical_name_len);
new_canonical = 1; new_canonical = 1;
cnames_followed++;
} }
} }
if (_getdns_dict_set_const_bindata( if (_getdns_dict_set_const_bindata(