summaryrefslogtreecommitdiff
path: root/src/resolve/resolved-dns-packet.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-07-29 19:50:28 +0200
committerLennart Poettering <lennart@poettering.net>2014-07-29 20:57:58 +0200
commitea917db9e662ae6e6d0ae07e0118b323688c8616 (patch)
tree94ed26994aacebc43fcc4945df9c0af3e909828a /src/resolve/resolved-dns-packet.c
parent49ee032fc3b694a1b45be9d08a2b97ab3eb93f75 (diff)
resolved: discard more invalid llmnr messages
Diffstat (limited to 'src/resolve/resolved-dns-packet.c')
-rw-r--r--src/resolve/resolved-dns-packet.c30
1 files changed, 27 insertions, 3 deletions
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
index 1ff56875e6..5eaee2cb4f 100644
--- a/src/resolve/resolved-dns-packet.c
+++ b/src/resolve/resolved-dns-packet.c
@@ -72,10 +72,26 @@ int dns_packet_new_query(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
h = DNS_PACKET_HEADER(p);
- if (protocol == DNS_PROTOCOL_DNS)
- h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0, 0, 0, 0, 1, 0, 0, 0, 0)); /* ask for recursion */
+ if (protocol == DNS_PROTOCOL_LLMNR)
+ h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
+ 0 /* opcode */,
+ 0 /* c */,
+ 0 /* tc */,
+ 0 /* t */,
+ 0 /* ra */,
+ 0 /* ad */,
+ 0 /* cd */,
+ 0 /* rcode */));
else
- h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0, 0, 0, 0, 0, 0, 0, 0, 0));
+ h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
+ 0 /* opcode */,
+ 0 /* aa */,
+ 0 /* tc */,
+ 1 /* rd (ask for recursion) */,
+ 0 /* ra */,
+ 0 /* ad */,
+ 0 /* cd */,
+ 0 /* rcode */));
*ret = p;
return 0;
@@ -148,6 +164,11 @@ int dns_packet_validate_reply(DnsPacket *p) {
if (DNS_PACKET_OPCODE(p) != 0)
return -EBADMSG;
+ /* RFC 4795, Section 2.1.1. says to discard all replies with QDCOUNT != 1 */
+ if (p->protocol == DNS_PROTOCOL_LLMNR &&
+ DNS_PACKET_QDCOUNT(p) != 1)
+ return -EBADMSG;
+
return 1;
}
@@ -169,13 +190,16 @@ int dns_packet_validate_query(DnsPacket *p) {
if (DNS_PACKET_TC(p))
return -EBADMSG;
+ /* RFC 4795, Section 2.1.1. says to discard all queries with QDCOUNT != 1 */
if (p->protocol == DNS_PROTOCOL_LLMNR &&
DNS_PACKET_QDCOUNT(p) != 1)
return -EBADMSG;
+ /* RFC 4795, Section 2.1.1. says to discard all queries with ANCOUNT != 0 */
if (DNS_PACKET_ANCOUNT(p) > 0)
return -EBADMSG;
+ /* RFC 4795, Section 2.1.1. says to discard all queries with NSCOUNT != 0 */
if (DNS_PACKET_NSCOUNT(p) > 0)
return -EBADMSG;