Mercurial > hg > nginx
comparison src/core/ngx_resolver.c @ 7860:a45b6a206cfc stable-1.20
Resolver: fixed label types handling in ngx_resolver_copy().
Previously, anything with any of the two high bits set were interpreted
as compression pointers. This is incorrect, as RFC 1035 clearly states
that "The 10 and 01 combinations are reserved for future use". Further,
the 01 combination is actually allocated for EDNS extended label type
(see RFC 2671 and RFC 6891), not really used though.
Fix is to reject unrecognized label types rather than misinterpreting
them as compression pointers.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Tue, 25 May 2021 15:17:41 +0300 |
| parents | 5d561a77502e |
| children | 771743838cbd |
comparison
equal
deleted
inserted
replaced
| 7859:5d561a77502e | 7860:a45b6a206cfc |
|---|---|
| 3956 if (n == 0) { | 3956 if (n == 0) { |
| 3957 goto done; | 3957 goto done; |
| 3958 } | 3958 } |
| 3959 | 3959 |
| 3960 if (n & 0xc0) { | 3960 if (n & 0xc0) { |
| 3961 if ((n & 0xc0) != 0xc0) { | |
| 3962 err = "invalid label type in DNS response"; | |
| 3963 goto invalid; | |
| 3964 } | |
| 3965 | |
| 3961 if (p >= last) { | 3966 if (p >= last) { |
| 3962 err = "name is out of DNS response"; | 3967 err = "name is out of DNS response"; |
| 3963 goto invalid; | 3968 goto invalid; |
| 3964 } | 3969 } |
| 3965 | 3970 |