Mercurial > hg > nginx

changeset 7854:4364b39de407

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Resolver: explicit check for compression pointers in question. Since nginx always uses exactly one entry in the question section of a DNS query, and never uses compression pointers in this entry, parsing of a DNS response in ngx_resolver_process_response() does not expect compression pointers to appear in the question section of the DNS response. Indeed, compression pointers in the first name of a DNS response hardly make sense, do not seem to be allowed by RFC 1035 (which says "a pointer to a prior occurance of the same name", note "prior"), and were never observed in practice. Added an explicit check to ngx_resolver_process_response()'s parsing of the question section to properly report an error if compression pointers nevertheless appear in the question section.
author Maxim Dounin <mdounin@mdounin.ru>
date Tue, 25 May 2021 15:17:50 +0300
parents 4ebe1251a8c3
children df34dcc9ac07
files src/core/ngx_resolver.c
diffstat 1 files changed, 6 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -1798,6 +1798,12 @@ ngx_resolver_process_response(ngx_resolv
     i = sizeof(ngx_resolver_hdr_t);
 
     while (i < (ngx_uint_t) n) {
+
+        if (buf[i] & 0xc0) {
+            err = "unexpected compression pointer in DNS response";
+            goto done;
+        }
+
         if (buf[i] == '\0') {
             goto found;
         }