summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-12-18 18:57:08 +0100
committerLennart Poettering <lennart@poettering.net>2015-12-18 18:57:08 +0100
commitff7febd50a69c464eb2373706059194b60056883 (patch)
treeb0fe9bf28ee5ad1eb7af7dfffc627e09b3a99615
parent4b548ef382007e40bd8fb3affdce9f843d0d63ac (diff)
resolved: refuse accepting EDNS0 OPT RRs with a non-root domain
-rw-r--r--src/resolve/resolved-dns-packet.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
index c8dd5fdeee..e8f570555b 100644
--- a/src/resolve/resolved-dns-packet.c
+++ b/src/resolve/resolved-dns-packet.c
@@ -1997,13 +1997,19 @@ int dns_packet_extract(DnsPacket *p) {
for (i = 0; i < n; i++) {
_cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
+ bool cache_flush;
- r = dns_packet_read_rr(p, &rr, NULL);
+ r = dns_packet_read_rr(p, &rr, &cache_flush, NULL);
if (r < 0)
goto finish;
if (rr->key->type == DNS_TYPE_OPT) {
+ if (!dns_name_is_root(DNS_RESOURCE_KEY_NAME(rr->key))) {
+ r = -EBADMSG;
+ goto finish;
+ }
+
/* The OPT RR is only valid in the Additional section */
if (i < DNS_PACKET_ANCOUNT(p) + DNS_PACKET_NSCOUNT(p)) {
r = -EBADMSG;