From: Andrew Miller Date: Sun, 19 Jun 2005 11:33:32 +0000 (+0000) Subject: Make the resolver better able to handle unexpected record types. Also check for X-Git-Url: http://git.pk910.de/?a=commitdiff_plain;h=8fb622653e569399a7e87b8016388398a0c96eef;p=ircu2.10.12-pk.git Make the resolver better able to handle unexpected record types. Also check for wrong response IPs before searching the pending list instead of after. git-svn-id: file:///home/klmitch/undernet-ircu/undernet-ircu-svn/ircu2/trunk@1430 c9e4aea6-c8fd-4c43-8297-357d70d61c8c --- diff --git a/ChangeLog b/ChangeLog index 772912d..b0d90ff 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2005-06-19 Andrew Miller + + * ircd/ircd_res.c (proc_answer): Deal with unexpected record types more + gracefully. + + * ircd/ircd_res.c (res_readreply): Check res_ourserver before walking + the pending request list, to make DoS attacks harder. + 2005-06-18 Michael Poole * ircd/s_debug.c (count_memory): Consolidate several lines; make diff --git a/ircd/ircd_res.c b/ircd/ircd_res.c index f91fdc5..ee9c269 100644 --- a/ircd/ircd_res.c +++ b/ircd/ircd_res.c @@ -1,6 +1,6 @@ /* - * A rewrite of Darren Reeds original res.c As there is nothing - * left of Darrens original code, this is now licensed by the hybrid group. + * A rewrite of Darren Reed's original res.c As there is nothing + * left of Darren's original code, this is now licensed by the hybrid group. * (Well, some of the function names are the same, and bits of the structs..) * You can use it where it is useful, free even. Buy us a beer and stuff. * @@ -727,7 +727,13 @@ proc_answer(struct reslist *request, HEADER* header, char* buf, char* eob) * but its possible its just a broken nameserver with still * valid answers. But lets do some rudimentary logging for now... */ - log_write(LS_RESOLVER, L_ERROR, 0, "irc_res.c bogus type %d", type); + log_write(LS_RESOLVER, L_ERROR, 0, "irc_res.c bogus type %d", type); + + if ((char*)current + rd_length >= (char*)current) + current += rd_length; + else + return(0); + break; } } @@ -757,6 +763,12 @@ res_readreply(struct Event *ev) || (rc <= sizeof(HEADER))) return; + /* + * check against possibly fake replies + */ + if (!res_ourserver(&lsin)) + return; + /* * convert DNS reply reader from Network byte order to CPU byte order. */ @@ -773,12 +785,6 @@ res_readreply(struct Event *ev) if (0 == (request = find_id(header->id))) return; - /* - * check against possibly fake replies - */ - if (!res_ourserver(&lsin)) - return; - if ((header->rcode != NO_ERRORS) || (header->ancount == 0)) { if (SERVFAIL == header->rcode)