Reorder sanity checks on UDP packet reception, to cope with failed recvfrom()

490f9075 · Simon Kelley · 56618c31 · 490f9075
Commit 490f9075 authored Mar 24, 2014 by Simon Kelley
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 7 deletions

src/forward.c src/forward.c +11 -7

No files found.
--- a/src/forward.c
+++ b/src/forward.c
@@ -698,14 +698,20 @@ void reply_query(int fd, int family, time_t now)
    serveraddr.in6.sin6_flowinfo = 0;
 #endif
+  header = (struct dns_header *)daemon->packet;
+  if (n < (int)sizeof(struct dns_header) || !(header->hb3 & HB3_QR))
+    return;
  /* spoof check: answer must come from known server, */
  for (server = daemon->servers; server; server = server->next)
    if (!(server->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR)) &&
 	sockaddr_isequal(&server->addr, &serveraddr))
      break;
-  header = (struct dns_header *)daemon->packet;
+  if (!server)
+    return;
 #ifdef HAVE_DNSSEC
  hash = hash_questions(header, n, daemon->namebuff);
 #else
@@ -713,11 +719,9 @@ void reply_query(int fd, int family, time_t now)
  crc = questions_crc(header, n, daemon->namebuff);
 #endif
-  if (!server ||
+  if (!(forward = lookup_frec(ntohs(header->id), hash)))
-      n < (int)sizeof(struct dns_header) || !(header->hb3 & HB3_QR) ||
-      !(forward = lookup_frec(ntohs(header->id), hash)))
    return;
  if ((RCODE(header) == SERVFAIL || RCODE(header) == REFUSED) &&
      !option_bool(OPT_ORDER) &&
      forward->forwardall == 0)