Fix crash on receipt of certain malformed DNS requests.

ad4a8ff7 · Simon Kelley · 04b0ac05 · ad4a8ff7 · ad4a8ff7
Commit ad4a8ff7 authored Apr 09, 2015 by Simon Kelley
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 3 deletions

CHANGELOG CHANGELOG +3 -0

src/rfc1035.c src/rfc1035.c +6 -3

No files found.
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -125,6 +125,9 @@ version 2.72
            Fix problem with --local-service option on big-endian platforms
 	    Thanks to Richard Genoud for the patch.

+	    Fix crash on receipt of certain malformed DNS requests. Thanks
+	    to Nick Sampanis for spotting the problem.
+	

 version 2.71
            Subtle change to error handling to help DNSSEC validation 

--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name,
 size_t setup_reply(struct dns_header *header, size_t qlen,
 		struct all_addr *addrp, unsigned int flags, unsigned long ttl)
 {
-  unsigned char *p = skip_questions(header, qlen);
+  unsigned char *p;
+
+  if (!(p = skip_questions(header, qlen)))
+    return 0;
  
  /* clear authoritative and truncated flags, set QR flag */
  header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
@@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
    SET_RCODE(header, NOERROR); /* empty domain */
  else if (flags == F_NXDOMAIN)
    SET_RCODE(header, NXDOMAIN);
-  else if (p && flags == F_IPV4)
+  else if (flags == F_IPV4)
    { /* we know the address */
      SET_RCODE(header, NOERROR);
      header->ancount = htons(1);
@@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
      add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp);
    }
 #ifdef HAVE_IPV6
-  else if (p && flags == F_IPV6)
+  else if (flags == F_IPV6)
    {
      SET_RCODE(header, NOERROR);
      header->ancount = htons(1);