summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAdam <Adam@anope.org>2015-04-19 21:57:38 -0400
committerAttila Molnar <attilamolnar@hush.com>2015-07-06 17:53:21 +0200
commit70542e525b343c3341fb1b8ef7ffe886916f73cd (patch)
tree94221002ab37125f077fd67db7b6ad78b7b289ea
parentfee097c0593d76ac694ec53ef68651bf1218f5af (diff)
Fail invalid dns responses instead of drop
-rw-r--r--include/modules/dns.h1
-rw-r--r--src/coremods/core_dns.cpp15
2 files changed, 13 insertions, 3 deletions
diff --git a/include/modules/dns.h b/include/modules/dns.h
index a66e3c28e..1ba54cc61 100644
--- a/include/modules/dns.h
+++ b/include/modules/dns.h
@@ -57,6 +57,7 @@ namespace DNS
ERROR_UNKNOWN,
ERROR_UNLOADED,
ERROR_TIMEDOUT,
+ ERROR_MALFORMED,
ERROR_NOT_AN_ANSWER,
ERROR_NONSTANDARD_QUERY,
ERROR_FORMAT_ERROR,
diff --git a/src/coremods/core_dns.cpp b/src/coremods/core_dns.cpp
index 01e911efb..da468af5f 100644
--- a/src/coremods/core_dns.cpp
+++ b/src/coremods/core_dns.cpp
@@ -497,6 +497,7 @@ class MyManager : public Manager, public Timer, public EventHandler
case ERROR_NOT_AN_ANSWER:
case ERROR_NONSTANDARD_QUERY:
case ERROR_FORMAT_ERROR:
+ case ERROR_MALFORMED:
return "Malformed answer";
case ERROR_SERVER_FAILURE:
case ERROR_NOT_IMPLEMENTED:
@@ -539,17 +540,19 @@ class MyManager : public Manager, public Timer, public EventHandler
}
Packet recv_packet;
+ bool valid = false;
try
{
recv_packet.Fill(buffer, length);
+ valid = true;
}
catch (Exception& ex)
{
ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, ex.GetReason());
- return;
}
+ // recv_packet.id must be filled in here
DNS::Request* request = this->requests[recv_packet.id];
if (request == NULL)
{
@@ -564,14 +567,20 @@ class MyManager : public Manager, public Timer, public EventHandler
return;
}
- if (recv_packet.flags & QUERYFLAGS_OPCODE)
+ if (!valid)
+ {
+ ServerInstance->stats.DnsBad++;
+ recv_packet.error = ERROR_MALFORMED;
+ request->OnError(&recv_packet);
+ }
+ else if (recv_packet.flags & QUERYFLAGS_OPCODE)
{
ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "Received a nonstandard query");
ServerInstance->stats.DnsBad++;
recv_packet.error = ERROR_NONSTANDARD_QUERY;
request->OnError(&recv_packet);
}
- else if (recv_packet.flags & QUERYFLAGS_RCODE)
+ else if (!(recv_packet.flags & QUERYFLAGS_QR) || (recv_packet.flags & QUERYFLAGS_RCODE))
{
Error error = ERROR_UNKNOWN;