Welcome! Log In Create A New Profile

Advanced

[nginx] Resolver: fixes in PTR processing.

Previous Message Next Message
Forum List Message List New Topic Print View
Ruslan Ermilov
December 13, 2013 01:30PM
details: http://hg.nginx.org/nginx/rev/ab493c60d9ff
branches:
changeset: 5472:ab493c60d9ff
user: Ruslan Ermilov <ru@nginx.com>
date: Fri Dec 06 14:30:27 2013 +0400
description:
Resolver: fixes in PTR processing.

Verify that class of RR is "IN".
Verify that RR data length is non-zero.

diffstat:

src/core/ngx_resolver.c | 17 ++++++++++++-----
1 files changed, 12 insertions(+), 5 deletions(-)

diffs (66 lines):

diff -r 9c96782d9d05 -r ab493c60d9ff src/core/ngx_resolver.c
--- a/src/core/ngx_resolver.c Fri Dec 06 14:30:27 2013 +0400
+++ b/src/core/ngx_resolver.c Fri Dec 06 14:30:27 2013 +0400
@@ -1517,7 +1517,7 @@ ngx_resolver_process_ptr(ngx_resolver_t
int32_t ttl;
ngx_int_t octet;
ngx_str_t name;
- ngx_uint_t i, mask, qident;
+ ngx_uint_t i, mask, qident, class;
ngx_resolver_an_t *an;
ngx_resolver_ctx_t *ctx, *next;
ngx_resolver_node_t *rn;
@@ -1526,7 +1526,7 @@ ngx_resolver_process_ptr(ngx_resolver_t
buf + sizeof(ngx_resolver_hdr_t), buf + n)
!= NGX_OK)
{
- goto invalid_in_addr_arpa;
+ return;
}

addr = 0;
@@ -1599,7 +1599,7 @@ ngx_resolver_process_ptr(ngx_resolver_t

i += sizeof("\7in-addr\4arpa") + sizeof(ngx_resolver_qs_t);

- if (i + 2 + sizeof(ngx_resolver_an_t) > n) {
+ if (i + 2 + sizeof(ngx_resolver_an_t) >= n) {
goto short_response;
}

@@ -1612,10 +1612,17 @@ ngx_resolver_process_ptr(ngx_resolver_t

an = (ngx_resolver_an_t *) &buf[i + 2];

+ class = (an->class_hi << 8) + an->class_lo;
len = (an->len_hi << 8) + an->len_lo;
ttl = (an->ttl[0] << 24) + (an->ttl[1] << 16)
+ (an->ttl[2] << 8) + (an->ttl[3]);

+ if (class != 1) {
+ ngx_log_error(r->log_level, r->log, 0,
+ "unexpected RR class %ui", class);
+ goto failed;
+ }
+
if (ttl < 0) {
ttl = 0;
}
@@ -1623,7 +1630,7 @@ ngx_resolver_process_ptr(ngx_resolver_t
ngx_log_debug3(NGX_LOG_DEBUG_CORE, r->log, 0,
"resolver qt:%ui cl:%ui len:%uz",
(an->type_hi << 8) + an->type_lo,
- (an->class_hi << 8) + an->class_lo, len);
+ class, len);

i += 2 + sizeof(ngx_resolver_an_t);

@@ -1632,7 +1639,7 @@ ngx_resolver_process_ptr(ngx_resolver_t
}

if (ngx_resolver_copy(r, &name, buf, buf + i, buf + n) != NGX_OK) {
- return;
+ goto failed;
}

ngx_log_debug1(NGX_LOG_DEBUG_CORE, r->log, 0, "resolver an:%V", &name);

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

[nginx] Resolver: fixes in PTR processing.

Ruslan Ermilov 614 December 13, 2013 01:30PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 206
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready