diff options
| author | Lennart Poettering <lennart@poettering.net> | 2014-07-29 23:52:57 +0200 | 
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2014-07-29 23:53:08 +0200 | 
| commit | 2442b93d15f5523aba0c5dc56a42757af889c483 (patch) | |
| tree | 095c1e7ee80cb2dc152b2926270578ee06ac9dac /src | |
| parent | a2a416f768e2aa7db5b975cd50eb19237cac9cce (diff) | |
resolved: the llmnr destination address check applies to queries, not to responses
Diffstat (limited to 'src')
| -rw-r--r-- | src/resolve/resolved-dns-query.c | 11 | ||||
| -rw-r--r-- | src/resolve/resolved-dns-scope.c | 12 | 
2 files changed, 12 insertions, 11 deletions
| diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c index f3007aa19c..271b8fd9c9 100644 --- a/src/resolve/resolved-dns-query.c +++ b/src/resolve/resolved-dns-query.c @@ -269,17 +269,6 @@ void dns_query_transaction_process_reply(DnsQueryTransaction *t, DnsPacket *p) {                  if (p->family != t->scope->family)                          return; -                /* Don't accept UDP packets directed to anything but -                 * the LLMNR multicast addresses. */ - -                if (p->ipproto == IPPROTO_UDP) { -                        if (p->family == AF_INET && !in_addr_equal(AF_INET, &p->destination, (union in_addr_union*) &LLMNR_MULTICAST_IPV4_ADDRESS)) -                                return; - -                        if (p->family == AF_INET6 && !in_addr_equal(AF_INET6, &p->destination, (union in_addr_union*) &LLMNR_MULTICAST_IPV6_ADDRESS)) -                                return; -                } -                  /* Tentative replies shall be discarded, see RFC 4795,                   * 2.1.1 */ diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c index 5742f3ef47..b975ac4092 100644 --- a/src/resolve/resolved-dns-scope.c +++ b/src/resolve/resolved-dns-scope.c @@ -452,6 +452,18 @@ void dns_scope_process_query(DnsScope *s, DnsStream *stream, DnsPacket *p) {          if (p->protocol != DNS_PROTOCOL_LLMNR)                  return; +        if (p->ipproto == IPPROTO_UDP) { +                /* Don't accept UDP queries directed to anything but +                 * the LLMNR multicast addresses. See RFC 4795, +                 * section 2.5.*/ + +                if (p->family == AF_INET && !in_addr_equal(AF_INET, &p->destination, (union in_addr_union*) &LLMNR_MULTICAST_IPV4_ADDRESS)) +                        return; + +                if (p->family == AF_INET6 && !in_addr_equal(AF_INET6, &p->destination, (union in_addr_union*) &LLMNR_MULTICAST_IPV6_ADDRESS)) +                        return; +        } +          r = dns_packet_extract(p);          if (r < 0) {                  log_debug("Failed to extract resources from incoming packet: %s", strerror(-r)); | 
