Re: SRV records resolution failure if Authority section is present

Sun, 26 Jul 2020 09:05:11 -0700 

Hi Tim,

On Sun, Jul 26, 2020 at 05:47:00PM +0200, Tim Düsterhus wrote:
> Jerome,
> 
> Regarding the commit message: Please add backporting information to the
> end of the commit message body (I believe it should be 2.2+).

You're right the commit I mentionned in the message was indeed
introduced in 2.2-dev, so this must be backported to 2.2.
> 
> Regarding the patch:
> 
> +             /* skip 2 bytes for ttl */
> +             reader += 4;
> 
> Either the commit or the code is incorrect here.
The comment was wrong indeed. Thanks for your review.

-- 
Jérôme

>From 363ed1dd2f3ded7837bbb424eabb309803fc6292 Mon Sep 17 00:00:00 2001
From: Jerome Magnin <jer...@layaute.net>
Date: Sun, 26 Jul 2020 12:13:12 +0200
Subject: [PATCH] BUG/MAJOR: dns: don't treat Authority records as an error

Support for DNS Service Discovery by means of SRV records was enhanced with
commit 13a9232eb ("MEDIUM: dns: use Additional records from SRV responses")
to use the content of the answers Additional records when present.

If there are Authority records before the Additional records we mistakenly
treat that as an invalid response. To fix this, just ignore the Authority
section if it exist and skip to the Additional records.

As 13a9232eb was introduced during 2.2-dev, it must be backported to 2.2.
---
 src/dns.c | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/src/dns.c b/src/dns.c
index 6a8ab831c..7ea35ac11 100644
--- a/src/dns.c
+++ b/src/dns.c
@@ -1044,6 +1044,33 @@ static int dns_validate_dns_response(unsigned char 
*resp, unsigned char *bufend,
        if (dns_query->type != DNS_RTYPE_SRV)
                goto skip_parsing_additional_records;
 
+       for (i = 0; i < dns_p->header.nscount; i++) {
+               offset = 0;
+               len = dns_read_name(resp, bufend, reader, tmpname, 
DNS_MAX_NAME_SIZE,
+                               &offset, 0);
+               if (len == 0) {
+                       continue;
+               }
+
+               if (reader + offset + 10 >= bufend)
+                       goto invalid_resp;
+
+               reader += offset;
+               /* skip 2 bytes for class */
+               reader += 2;
+               /* skip 2 bytes for type */
+               reader += 2;
+               /* skip 4 bytes for ttl */
+               reader += 4;
+               /* read data len */
+               len = reader[0] * 256 + reader[1];
+               reader += 2;
+
+               if (reader + len >= bufend)
+                       goto invalid_resp;
+
+               reader += len;
+       }
        nb_saved_records = 0;
        for (i = 0; i < dns_p->header.arcount; i++) {
                if (reader >= bufend)
-- 
2.27.0

Reply via email to