resolved: generalize DNS RR type validity checks

Check the validity of RR types as we parse or receive data from IPC
clients, and use the same code for all of them.

src/resolve/dns-type.c

@@ -63,3 +63,25 @@ bool dns_type_is_pseudo(uint16_t type) {
                       DNS_TYPE_TKEY
         );
 }
+
+bool dns_type_is_valid_query(uint16_t type) {
+
+        /* The types valid as questions in packets */
+
+        return !IN_SET(type,
+                       0,
+                       DNS_TYPE_OPT,
+                       DNS_TYPE_TSIG,
+                       DNS_TYPE_TKEY);
+}
+
+bool dns_type_is_valid_rr(uint16_t type) {
+
+        /* The types valid as RR in packets (but not necessarily
+         * stored on servers). */
+
+        return !IN_SET(type,
+                       DNS_TYPE_ANY,
+                       DNS_TYPE_AXFR,
+                       DNS_TYPE_IXFR);
+}

src/resolve/dns-type.h

@@ -25,7 +25,10 @@
 
 const char *dns_type_to_string(int type);
 int dns_type_from_string(const char *s);
-bool dns_type_is_pseudo(uint16_t n);
+
+bool dns_type_is_pseudo(uint16_t type);
+bool dns_type_is_valid_query(uint16_t type);
+bool dns_type_is_valid_rr(uint16_t type);
 
 /* DNS record types, taken from
  * http://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml.

src/resolve/resolved-bus.c

@@ -553,6 +553,9 @@ static int bus_method_resolve_record(sd_bus_message *message, void *userdata, sd
         if (r == 0)
                 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid name '%s'", name);
 
+        if (!dns_type_is_valid_query(type))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid RR type for query %" PRIu16, type);
+
         r = check_ifindex_flags(ifindex, &flags, 0, error);
         if (r < 0)
                 return r;

src/resolve/resolved-dns-packet.c

@@ -1525,9 +1525,7 @@ int dns_packet_read_rr(DnsPacket *p, DnsResourceRecord **ret, size_t *start) {
                 goto fail;
 
         if (key->class == DNS_CLASS_ANY ||
-            key->type == DNS_TYPE_ANY ||
-            key->type == DNS_TYPE_AXFR ||
-            key->type == DNS_TYPE_IXFR) {
+            !dns_type_is_valid_rr(key->type)) {
                 r = -EBADMSG;
                 goto fail;
         }
@@ -1971,6 +1969,11 @@ int dns_packet_extract(DnsPacket *p) {
                         if (r < 0)
                                 goto finish;
 
+                        if (!dns_type_is_valid_query(key->type)) {
+                                r = -EBADMSG;
+                                goto finish;
+                        }
+
                         r = dns_question_add(question, key);
                         if (r < 0)
                                 goto finish;

src/resolve/resolved-dns-transaction.c

@@ -107,11 +107,11 @@ int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key)
         assert(key);
 
         /* Don't allow looking up invalid or pseudo RRs */
-        if (IN_SET(key->type, DNS_TYPE_OPT, 0, DNS_TYPE_TSIG, DNS_TYPE_TKEY))
+        if (!dns_type_is_valid_query(key->type))
                 return -EINVAL;
 
         /* We only support the IN class */
-        if (key->class != DNS_CLASS_IN)
+        if (key->class != DNS_CLASS_IN && key->class != DNS_CLASS_ANY)
                 return -EOPNOTSUPP;
 
         r = hashmap_ensure_allocated(&s->manager->dns_transactions, NULL);