diff options
author | Adam <Adam@anope.org> | 2015-04-19 21:57:38 -0400 |
---|---|---|
committer | Attila Molnar <attilamolnar@hush.com> | 2015-07-06 17:53:21 +0200 |
commit | 70542e525b343c3341fb1b8ef7ffe886916f73cd (patch) | |
tree | 94221002ab37125f077fd67db7b6ad78b7b289ea | |
parent | fee097c0593d76ac694ec53ef68651bf1218f5af (diff) |
Fail invalid dns responses instead of drop
-rw-r--r-- | include/modules/dns.h | 1 | ||||
-rw-r--r-- | src/coremods/core_dns.cpp | 15 |
2 files changed, 13 insertions, 3 deletions
diff --git a/include/modules/dns.h b/include/modules/dns.h index a66e3c28e..1ba54cc61 100644 --- a/include/modules/dns.h +++ b/include/modules/dns.h @@ -57,6 +57,7 @@ namespace DNS ERROR_UNKNOWN, ERROR_UNLOADED, ERROR_TIMEDOUT, + ERROR_MALFORMED, ERROR_NOT_AN_ANSWER, ERROR_NONSTANDARD_QUERY, ERROR_FORMAT_ERROR, diff --git a/src/coremods/core_dns.cpp b/src/coremods/core_dns.cpp index 01e911efb..da468af5f 100644 --- a/src/coremods/core_dns.cpp +++ b/src/coremods/core_dns.cpp @@ -497,6 +497,7 @@ class MyManager : public Manager, public Timer, public EventHandler case ERROR_NOT_AN_ANSWER: case ERROR_NONSTANDARD_QUERY: case ERROR_FORMAT_ERROR: + case ERROR_MALFORMED: return "Malformed answer"; case ERROR_SERVER_FAILURE: case ERROR_NOT_IMPLEMENTED: @@ -539,17 +540,19 @@ class MyManager : public Manager, public Timer, public EventHandler } Packet recv_packet; + bool valid = false; try { recv_packet.Fill(buffer, length); + valid = true; } catch (Exception& ex) { ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, ex.GetReason()); - return; } + // recv_packet.id must be filled in here DNS::Request* request = this->requests[recv_packet.id]; if (request == NULL) { @@ -564,14 +567,20 @@ class MyManager : public Manager, public Timer, public EventHandler return; } - if (recv_packet.flags & QUERYFLAGS_OPCODE) + if (!valid) + { + ServerInstance->stats.DnsBad++; + recv_packet.error = ERROR_MALFORMED; + request->OnError(&recv_packet); + } + else if (recv_packet.flags & QUERYFLAGS_OPCODE) { ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "Received a nonstandard query"); ServerInstance->stats.DnsBad++; recv_packet.error = ERROR_NONSTANDARD_QUERY; request->OnError(&recv_packet); } - else if (recv_packet.flags & QUERYFLAGS_RCODE) + else if (!(recv_packet.flags & QUERYFLAGS_QR) || (recv_packet.flags & QUERYFLAGS_RCODE)) { Error error = ERROR_UNKNOWN; |