Mercurial > hg > nginx
comparison src/core/ngx_resolver.c @ 5472:ab493c60d9ff
Resolver: fixes in PTR processing.
Verify that class of RR is "IN".
Verify that RR data length is non-zero.
| author | Ruslan Ermilov <ru@nginx.com> |
|---|---|
| date | Fri, 06 Dec 2013 14:30:27 +0400 |
| parents | 9c96782d9d05 |
| children | b43b02bb54db |
comparison
equal
deleted
inserted
replaced
| 5471:9c96782d9d05 | 5472:ab493c60d9ff |
|---|---|
| 1515 size_t len; | 1515 size_t len; |
| 1516 in_addr_t addr; | 1516 in_addr_t addr; |
| 1517 int32_t ttl; | 1517 int32_t ttl; |
| 1518 ngx_int_t octet; | 1518 ngx_int_t octet; |
| 1519 ngx_str_t name; | 1519 ngx_str_t name; |
| 1520 ngx_uint_t i, mask, qident; | 1520 ngx_uint_t i, mask, qident, class; |
| 1521 ngx_resolver_an_t *an; | 1521 ngx_resolver_an_t *an; |
| 1522 ngx_resolver_ctx_t *ctx, *next; | 1522 ngx_resolver_ctx_t *ctx, *next; |
| 1523 ngx_resolver_node_t *rn; | 1523 ngx_resolver_node_t *rn; |
| 1524 | 1524 |
| 1525 if (ngx_resolver_copy(r, NULL, buf, | 1525 if (ngx_resolver_copy(r, NULL, buf, |
| 1526 buf + sizeof(ngx_resolver_hdr_t), buf + n) | 1526 buf + sizeof(ngx_resolver_hdr_t), buf + n) |
| 1527 != NGX_OK) | 1527 != NGX_OK) |
| 1528 { | 1528 { |
| 1529 goto invalid_in_addr_arpa; | 1529 return; |
| 1530 } | 1530 } |
| 1531 | 1531 |
| 1532 addr = 0; | 1532 addr = 0; |
| 1533 i = sizeof(ngx_resolver_hdr_t); | 1533 i = sizeof(ngx_resolver_hdr_t); |
| 1534 | 1534 |
| 1597 return; | 1597 return; |
| 1598 } | 1598 } |
| 1599 | 1599 |
| 1600 i += sizeof("\7in-addr\4arpa") + sizeof(ngx_resolver_qs_t); | 1600 i += sizeof("\7in-addr\4arpa") + sizeof(ngx_resolver_qs_t); |
| 1601 | 1601 |
| 1602 if (i + 2 + sizeof(ngx_resolver_an_t) > n) { | 1602 if (i + 2 + sizeof(ngx_resolver_an_t) >= n) { |
| 1603 goto short_response; | 1603 goto short_response; |
| 1604 } | 1604 } |
| 1605 | 1605 |
| 1606 /* compression pointer to "XX.XX.XX.XX.in-addr.arpa */ | 1606 /* compression pointer to "XX.XX.XX.XX.in-addr.arpa */ |
| 1607 | 1607 |
| 1610 goto invalid; | 1610 goto invalid; |
| 1611 } | 1611 } |
| 1612 | 1612 |
| 1613 an = (ngx_resolver_an_t *) &buf[i + 2]; | 1613 an = (ngx_resolver_an_t *) &buf[i + 2]; |
| 1614 | 1614 |
| 1615 class = (an->class_hi << 8) + an->class_lo; | |
| 1615 len = (an->len_hi << 8) + an->len_lo; | 1616 len = (an->len_hi << 8) + an->len_lo; |
| 1616 ttl = (an->ttl[0] << 24) + (an->ttl[1] << 16) | 1617 ttl = (an->ttl[0] << 24) + (an->ttl[1] << 16) |
| 1617 + (an->ttl[2] << 8) + (an->ttl[3]); | 1618 + (an->ttl[2] << 8) + (an->ttl[3]); |
| 1618 | 1619 |
| 1620 if (class != 1) { | |
| 1621 ngx_log_error(r->log_level, r->log, 0, | |
| 1622 "unexpected RR class %ui", class); | |
| 1623 goto failed; | |
| 1624 } | |
| 1625 | |
| 1619 if (ttl < 0) { | 1626 if (ttl < 0) { |
| 1620 ttl = 0; | 1627 ttl = 0; |
| 1621 } | 1628 } |
| 1622 | 1629 |
| 1623 ngx_log_debug3(NGX_LOG_DEBUG_CORE, r->log, 0, | 1630 ngx_log_debug3(NGX_LOG_DEBUG_CORE, r->log, 0, |
| 1624 "resolver qt:%ui cl:%ui len:%uz", | 1631 "resolver qt:%ui cl:%ui len:%uz", |
| 1625 (an->type_hi << 8) + an->type_lo, | 1632 (an->type_hi << 8) + an->type_lo, |
| 1626 (an->class_hi << 8) + an->class_lo, len); | 1633 class, len); |
| 1627 | 1634 |
| 1628 i += 2 + sizeof(ngx_resolver_an_t); | 1635 i += 2 + sizeof(ngx_resolver_an_t); |
| 1629 | 1636 |
| 1630 if (i + len > n) { | 1637 if (i + len > n) { |
| 1631 goto short_response; | 1638 goto short_response; |
| 1632 } | 1639 } |
| 1633 | 1640 |
| 1634 if (ngx_resolver_copy(r, &name, buf, buf + i, buf + n) != NGX_OK) { | 1641 if (ngx_resolver_copy(r, &name, buf, buf + i, buf + n) != NGX_OK) { |
| 1635 return; | 1642 goto failed; |
| 1636 } | 1643 } |
| 1637 | 1644 |
| 1638 ngx_log_debug1(NGX_LOG_DEBUG_CORE, r->log, 0, "resolver an:%V", &name); | 1645 ngx_log_debug1(NGX_LOG_DEBUG_CORE, r->log, 0, "resolver an:%V", &name); |
| 1639 | 1646 |
| 1640 if (name.len != (size_t) rn->nlen | 1647 if (name.len != (size_t) rn->nlen |