Commit 4f744a02 authored by Evan Hunt's avatar Evan Hunt
Browse files

[master] fix dig +ednsopt padding error

4556.	[bug]		Sending an EDNS Padding option using "dig
			+ednsopt" could cause a crash in dig. [RT #44462]
parent 25a9b903
4556. [bug] Sending an EDNS Padding option using "dig
+ednsopt" could cause a crash in dig. [RT #44462]
4555. [func] dig +ednsopt: EDNS options can now be specified by
name in addition to numeric value. [RT #44461]
......
......@@ -2710,12 +2710,12 @@ setup_lookup(dig_lookup_t *lookup) {
i += lookup->ednsoptscnt;
}
if (lookup->padding && (i >= MAXOPTS)) {
if (lookup->padding != 0 && (i >= MAXOPTS)) {
debug("turned off padding because of EDNS overflow");
lookup->padding = 0;
}
if (lookup->padding) {
if (lookup->padding != 0) {
INSIST(i < MAXOPTS);
opts[i].code = DNS_OPT_PAD;
opts[i].length = 0;
......
......@@ -107,5 +107,15 @@ if [ "$opad" -ne "$npad" ]; then ret=1; fi
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:checking that zero-length padding option has no effect ($n)"
ret=0
n=`expr $n + 1`
$DIG +qr +ednsopt=12 foo.example @10.53.0.2 -p 5300 > dig.out.test$n.1
grep "; PAD" dig.out.test$n.1 > /dev/null || ret=1
$DIG +qr +ednsopt=12:00 foo.example @10.53.0.2 -p 5300 > dig.out.test$n.2
grep "; PAD" dig.out.test$n.2 > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:exit status: $status"
[ $status -eq 0 ] || exit 1
......@@ -2293,7 +2293,7 @@ dns_message_renderend(dns_message_t *msg) {
if (msg->padding_off > 0) {
unsigned char *cp = isc_buffer_used(msg->buffer);
unsigned int used, remaining;
isc_uint16_t len, padsize;
isc_uint16_t len, padsize = 0;
/* Check PAD */
if ((cp[-4] != 0) ||
......@@ -2309,9 +2309,13 @@ dns_message_renderend(dns_message_t *msg) {
/* Aligned used length + reserved to padding block */
used = isc_buffer_usedlength(msg->buffer);
padsize = ((isc_uint16_t)used + msg->reserved) % msg->padding;
if (padsize)
if (msg->padding != 0) {
padsize = ((isc_uint16_t)used + msg->reserved)
% msg->padding;
}
if (padsize != 0) {
padsize = msg->padding - padsize;
}
/* Stay below the available length */
remaining = isc_buffer_availablelength(msg->buffer);
if (padsize > remaining)
......@@ -3760,7 +3764,7 @@ dns_message_pseudosectiontotext(dns_message_t *msg,
* Print EDNS info, if any.
*
* WARNING: The option contents may be malformed as
* dig +ednsopt=value:<content> does not validity
* dig +ednsopt=value:<content> does no validity
* checking.
*/
dns_rdata_init(&rdata);
......@@ -3772,6 +3776,7 @@ dns_message_pseudosectiontotext(dns_message_t *msg,
INSIST(isc_buffer_remaininglength(&optbuf) >= 4U);
optcode = isc_buffer_getuint16(&optbuf);
optlen = isc_buffer_getuint16(&optbuf);
INSIST(isc_buffer_remaininglength(&optbuf) >= optlen);
INDENT(style);
......@@ -4325,7 +4330,8 @@ dns_message_buildopt(dns_message_t *message, dns_rdataset_t **rdatasetp,
for (i = 0; i < count; i++) {
if (ednsopts[i].code == DNS_OPT_PAD &&
ednsopts[i].length == 0U && !seenpad) {
ednsopts[i].length == 0U && !seenpad)
{
seenpad = ISC_TRUE;
continue;
}
......
......@@ -2409,7 +2409,7 @@ resquery_send(resquery_t *query) {
if ((peer != NULL) &&
(query->options & DNS_FETCHOPT_TCP) != 0)
(void) dns_peer_getpadding(peer, &padding);
if (padding) {
if (padding != 0) {
INSIST(ednsopt < DNS_EDNSOPTIONS);
ednsopts[ednsopt].code = DNS_OPT_PAD;
ednsopts[ednsopt].length = 0;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment