diff options
| author | Lennart Poettering <lennart@poettering.net> | 2014-07-29 19:50:28 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2014-07-29 20:57:58 +0200 |
| commit | ea917db9e662ae6e6d0ae07e0118b323688c8616 (patch) | |
| tree | 94ed26994aacebc43fcc4945df9c0af3e909828a /src/resolve/resolved-dns-query.c | |
| parent | 49ee032fc3b694a1b45be9d08a2b97ab3eb93f75 (diff) | |
resolved: discard more invalid llmnr messages
Diffstat (limited to 'src/resolve/resolved-dns-query.c')
| -rw-r--r-- | src/resolve/resolved-dns-query.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c index 42f4f23cb9..ecffe06959 100644 --- a/src/resolve/resolved-dns-query.c +++ b/src/resolve/resolved-dns-query.c @@ -261,6 +261,9 @@ void dns_query_transaction_process_reply(DnsQueryTransaction *t, DnsPacket *p) { if (p->family != t->scope->family) return; + /* Don't accept UDP packets directed to anything but + * the LLMNR multicast addresses. */ + if (p->ipproto == IPPROTO_UDP) { if (p->family == AF_INET && !in_addr_equal(AF_INET, &p->destination, (union in_addr_union*) &LLMNR_MULTICAST_IPV4_ADDRESS)) return; @@ -268,6 +271,12 @@ void dns_query_transaction_process_reply(DnsQueryTransaction *t, DnsPacket *p) { if (p->family == AF_INET6 && !in_addr_equal(AF_INET6, &p->destination, (union in_addr_union*) &LLMNR_MULTICAST_IPV6_ADDRESS)) return; } + + /* Tentative replies shall be discarded, see RFC 4795, + * 2.1.1 */ + + if (DNS_PACKET_T(p)) + return; } if (t->scope->protocol == DNS_PROTOCOL_DNS) { |