resolved: refuse OPT RRs in incoming packets that are not in the additional section

We later rely that the DnsAnswer object contains all RRs from the original packet, at least when it comes to the answer and authorization sections, hence we better make sure we don#t silently end up removing an OPT RR from these two sections.
2015-12-10 13:46:53 +01:00 · 2015-12-10 13:46:53 +01:00 · e6b57b3787
parent c33be4a6f2
commit e6b57b3787
1 changed files with 12 additions and 2 deletions
--- a/src/resolve/resolved-dns-packet.c
+++ b/src/resolve/resolved-dns-packet.c
@ -1993,8 +1993,18 @@ int dns_packet_extract(DnsPacket *p) {
                                goto finish;

                        if (rr->key->type == DNS_TYPE_OPT) {
-                                if (p->opt)
-                                        return -EBADMSG;
+
+                                /* The OPT RR is only valid in the Additional section */
+                                if (i < DNS_PACKET_ANCOUNT(p) + DNS_PACKET_NSCOUNT(p)) {
+                                        r = -EBADMSG;
+                                        goto finish;
+                                }
+
+                                /* Two OPT RRs? */
+                                if (p->opt) {
+                                        r = -EBADMSG;
+                                        goto finish;
+                                }

                                p->opt = dns_resource_record_ref(rr);
                        } else {