diff options
Diffstat (limited to 'src/resolve/resolved-dns-query.c')
| -rw-r--r-- | src/resolve/resolved-dns-query.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c index 42f4f23cb9..ecffe06959 100644 --- a/src/resolve/resolved-dns-query.c +++ b/src/resolve/resolved-dns-query.c @@ -261,6 +261,9 @@ void dns_query_transaction_process_reply(DnsQueryTransaction *t, DnsPacket *p) { if (p->family != t->scope->family) return; + /* Don't accept UDP packets directed to anything but + * the LLMNR multicast addresses. */ + if (p->ipproto == IPPROTO_UDP) { if (p->family == AF_INET && !in_addr_equal(AF_INET, &p->destination, (union in_addr_union*) &LLMNR_MULTICAST_IPV4_ADDRESS)) return; @@ -268,6 +271,12 @@ void dns_query_transaction_process_reply(DnsQueryTransaction *t, DnsPacket *p) { if (p->family == AF_INET6 && !in_addr_equal(AF_INET6, &p->destination, (union in_addr_union*) &LLMNR_MULTICAST_IPV6_ADDRESS)) return; } + + /* Tentative replies shall be discarded, see RFC 4795, + * 2.1.1 */ + + if (DNS_PACKET_T(p)) + return; } if (t->scope->protocol == DNS_PROTOCOL_DNS) { |