diff options
| author | Maxim Dounin <mdounin@mdounin.ru> | 2021-05-25 15:17:50 +0300 |
|---|---|---|
| committer | Maxim Dounin <mdounin@mdounin.ru> | 2021-05-25 15:17:50 +0300 |
| commit | e860ecce82f1ee9cffb228d29d3ad61375b29aff (patch) | |
| tree | 2da550bde1c2ef9fe537433d37241af1e3c222e5 /src | |
| parent | f85d7016949b34119b5f4c53ddbfac4f199b4343 (diff) | |
| download | nginx-e860ecce82f1ee9cffb228d29d3ad61375b29aff.tar.gz nginx-e860ecce82f1ee9cffb228d29d3ad61375b29aff.zip | |
Resolver: explicit check for compression pointers in question.
Since nginx always uses exactly one entry in the question section of
a DNS query, and never uses compression pointers in this entry, parsing
of a DNS response in ngx_resolver_process_response() does not expect
compression pointers to appear in the question section of the DNS
response. Indeed, compression pointers in the first name of a DNS response
hardly make sense, do not seem to be allowed by RFC 1035 (which says
"a pointer to a prior occurance of the same name", note "prior"), and
were never observed in practice.
Added an explicit check to ngx_resolver_process_response()'s parsing
of the question section to properly report an error if compression pointers
nevertheless appear in the question section.
Diffstat (limited to 'src')
| -rw-r--r-- | src/core/ngx_resolver.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c index 9ce53b930..58d5f3ec4 100644 --- a/src/core/ngx_resolver.c +++ b/src/core/ngx_resolver.c @@ -1798,6 +1798,12 @@ ngx_resolver_process_response(ngx_resolver_t *r, u_char *buf, size_t n, i = sizeof(ngx_resolver_hdr_t); while (i < (ngx_uint_t) n) { + + if (buf[i] & 0xc0) { + err = "unexpected compression pointer in DNS response"; + goto done; + } + if (buf[i] == '\0') { goto found; } |