projects / dnsmasq.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9bbf098)
Fix problem with arbitrary RR caching.
authorSimon Kelley <simon@thekelleys.org.uk>
Sat, 2 Sep 2023 20:34:54 +0000 (21:34 +0100)
committerSimon Kelley <simon@thekelleys.org.uk>
Sat, 2 Sep 2023 20:34:54 +0000 (21:34 +0100)
Caching an answer which has more that one RR, with at least
one answer being <=13 bytes and at least one being >13 bytes
can screw up the F_KEYTAG flag bit, resulting in the wrong
type of the address union being used and either a bad value
return or a crash in the block code.

Thanks to Dominik Derigs and the Pi-hole project for finding
and characterising this.

src/rfc1035.c patch | blob | history

diff --git a/src/rfc1035.c b/src/rfc1035.c
index 56b65bb..32b43fd 100644 (file)
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -812,6 +812,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
                    {
                       addr.rrdata.rrtype = aqtype;
                       addr.rrdata.datalen = (char)ardlen;
+                      flags &= ~F_KEYTAG; /* in case of >1 answer, not all the same. */ 
                       if (ardlen != 0)
                         memcpy(addr.rrdata.data, p1, ardlen);
                    }
Dnsmasq DNS proxy and DHCP server.