# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1621945061 -10800
# Node ID aa5f8825f24d620a581cb3974ca8ae7a2fc31d7a
# Parent  a093dd4ce1549ddde0c843e5e3286506eb3181f0
Resolver: fixed label types handling in ngx_resolver_copy().

Previously, anything with any of the two high bits set were interpreted
as compression pointers.  This is incorrect, as RFC 1035 clearly states
that "The 10 and 01 combinations are reserved for future use".  Further,
the 01 combination is actually allocated for EDNS extended label type
(see RFC 2671 and RFC 6891), not really used though.

Fix is to reject unrecognized label types rather than misinterpreting
them as compression pointers.

diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -3958,6 +3958,11 @@ ngx_resolver_copy(ngx_resolver_t *r, ngx
         }
 
         if (n & 0xc0) {
+            if ((n & 0xc0) != 0xc0) {
+                err = "invalid label type in DNS response";
+                goto invalid;
+            }
+
             if (p >= last) {
                 err = "name is out of DNS response";
                 goto invalid;