Welcome! Log In Create A New Profile

Advanced

[nginx] Resolver: fixed label types handling in ngx_resolver_copy().

Maxim Dounin
May 25, 2021 11:36AM
details: https://hg.nginx.org/nginx/rev/a45b6a206cfc
branches: stable-1.20
changeset: 7860:a45b6a206cfc
user: Maxim Dounin <mdounin@mdounin.ru>
date: Tue May 25 15:17:41 2021 +0300
description:
Resolver: fixed label types handling in ngx_resolver_copy().

Previously, anything with any of the two high bits set were interpreted
as compression pointers. This is incorrect, as RFC 1035 clearly states
that "The 10 and 01 combinations are reserved for future use". Further,
the 01 combination is actually allocated for EDNS extended label type
(see RFC 2671 and RFC 6891), not really used though.

Fix is to reject unrecognized label types rather than misinterpreting
them as compression pointers.

diffstat:

src/core/ngx_resolver.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)

diffs (15 lines):

diff -r 5d561a77502e -r a45b6a206cfc src/core/ngx_resolver.c
--- a/src/core/ngx_resolver.c Tue May 25 15:17:38 2021 +0300
+++ b/src/core/ngx_resolver.c Tue May 25 15:17:41 2021 +0300
@@ -3958,6 +3958,11 @@ ngx_resolver_copy(ngx_resolver_t *r, ngx
}

if (n & 0xc0) {
+ if ((n & 0xc0) != 0xc0) {
+ err = "invalid label type in DNS response";
+ goto invalid;
+ }
+
if (p >= last) {
err = "name is out of DNS response";
goto invalid;
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[nginx] Resolver: fixed label types handling in ngx_resolver_copy().

Maxim Dounin 128 May 25, 2021 11:36AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 68
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready