diff options
author | Lennart Poettering <lennart@poettering.net> | 2015-12-18 18:57:08 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2015-12-18 18:57:08 +0100 |
commit | ff7febd50a69c464eb2373706059194b60056883 (patch) | |
tree | b0fe9bf28ee5ad1eb7af7dfffc627e09b3a99615 | |
parent | 4b548ef382007e40bd8fb3affdce9f843d0d63ac (diff) |
resolved: refuse accepting EDNS0 OPT RRs with a non-root domain
-rw-r--r-- | src/resolve/resolved-dns-packet.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c index c8dd5fdeee..e8f570555b 100644 --- a/src/resolve/resolved-dns-packet.c +++ b/src/resolve/resolved-dns-packet.c @@ -1997,13 +1997,19 @@ int dns_packet_extract(DnsPacket *p) { for (i = 0; i < n; i++) { _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL; + bool cache_flush; - r = dns_packet_read_rr(p, &rr, NULL); + r = dns_packet_read_rr(p, &rr, &cache_flush, NULL); if (r < 0) goto finish; if (rr->key->type == DNS_TYPE_OPT) { + if (!dns_name_is_root(DNS_RESOURCE_KEY_NAME(rr->key))) { + r = -EBADMSG; + goto finish; + } + /* The OPT RR is only valid in the Additional section */ if (i < DNS_PACKET_ANCOUNT(p) + DNS_PACKET_NSCOUNT(p)) { r = -EBADMSG; |