picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Systemd/src
History
Lennart Poettering c3f7000e61 resolved: ignore invalid OPT RRs in incoming packets 
This validates OPT RRs more rigorously, before honouring them: if we any of the following condition holds, we'll ignore
them:

a) Multiple OPT RRs in the same message
b) OPT RR not owned by the root domain
c) OPT RR in the wrong section (Belkin routers do this)
d) OPT RR contain rfc6975 algorithm data (Belkin routers do this)
e) OPT version is not 0
f) OPT payload doesn't add up with the lengths

Note that d) may be an indication that the server just blindly copied OPT data from the response into the reply.
RFC6975 data is only supposed to be included in queries, and we do so. It's not supposed to be included in responses
(and the RFC is very clear on that). Hence if we get it back in a reply, then the server probably just copied the OPT
RR.
 		2016-01-17 20:47:46 +01:00
..
ac-power
activate util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
analyze analyze: verify verifies templates too 2015-12-14 07:11:03 +00:00
ask-password strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_ 2015-10-19 23:13:07 +02:00
backlight tree-wide: group include of libudev.h with sd-* 2015-11-17 07:06:08 +01:00
basic basic: add ascii_strcasecmp_nn() call 2016-01-13 20:22:32 +01:00
binfmt defs: rework CONF_DIRS_NULSTR() macro 2015-11-10 17:31:31 +01:00
boot tree-wide: sort includes 2015-11-16 22:09:36 +01:00
bootchart tree-wide: use xsprintf() where applicable 2016-01-12 15:36:32 +01:00
bus-proxyd tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
cgls tests: turn check if manager cannot be intialized into macro 2015-12-02 09:50:00 -05:00
cgroups-agent tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
cgtop tree-wide: use xsprintf() where applicable 2016-01-12 15:36:32 +01:00
compat-libs
core core: fix memory leak on set-default, enable, disable etc 2016-01-17 10:05:55 +00:00
cryptsetup tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
dbus1-generator treewide: apply errno.cocci 2015-11-09 20:01:06 +01:00
debug-generator debug-generator: respect kernel parameters for default unit setting 2015-11-03 14:47:39 +03:00
delta treewide: apply errno.cocci 2015-11-09 20:01:06 +01:00
detect-virt detect-virt: add new --chroot switch to detect chroot() environments 2015-10-27 13:25:57 +01:00
escape util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
firstboot firstboot: log on take_etc_passwd_lock error too 2015-11-15 18:30:26 +00:00
fsck tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
fstab-generator fstab-gen: post can't be NULL 2015-11-25 21:21:44 +01:00
getty-generator util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
gpt-auto-generator tree-wide: group include of libudev.h with sd-* 2015-11-17 07:06:08 +01:00
hibernate-resume tree-wide: sort includes 2015-11-16 22:09:36 +01:00
hostname treewide: fix typos and indentation 2015-12-14 15:53:11 +01:00
hwdb tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
import capabilities: keep bounding set in non-inverted format. 2016-01-12 12:14:50 +02:00
initctl tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
journal tree-wide: use xsprintf() where applicable 2016-01-12 15:36:32 +01:00
journal-remote Merge pull request #2287 from dandedrick/journal-gatewayd-timeout-fix 2016-01-08 09:25:21 +01:00
kernel-install
libsystemd sd-event: minor fixups to delays profiling changes 2016-01-12 10:28:00 -08:00
libsystemd-network tree-wide: use xsprintf() where applicable 2016-01-12 15:36:32 +01:00
libudev libudev: simplify udev_device_ensure_usec_initialized a bit 2015-12-07 00:44:14 -05:00
locale tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
login tree-wide: use xsprintf() where applicable 2016-01-12 15:36:32 +01:00
machine bus-util: print "systemctl --user" on user service manager 2016-01-14 15:33:43 +09:00
machine-id-setup core: Add machine-id setting 2016-01-12 22:10:41 +00:00
modules-load defs: rework CONF_DIRS_NULSTR() macro 2015-11-10 17:31:31 +01:00
network tree-wide: use xsprintf() where applicable 2016-01-12 15:36:32 +01:00
notify util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
nspawn capabilities: keep bounding set in non-inverted format. 2016-01-12 12:14:50 +02:00
nss-myhostname util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
nss-mymachines tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
nss-resolve tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
path util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
quotacheck tree-wide: sort includes 2015-11-16 22:09:36 +01:00
random-seed util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
rc-local-generator treewide: apply errno.cocci 2015-11-09 20:01:06 +01:00
remount-fs remount-fs: modernize coding style a bit 2015-11-17 00:52:10 +01:00
reply-password util-lib: split out fd-related operations into fd-util.[ch] 2015-10-25 13:19:18 +01:00
resolve resolved: ignore invalid OPT RRs in incoming packets 2016-01-17 20:47:46 +01:00
resolve-host resolve: add RFC4501 URI support to systemd-resolve-host 2016-01-03 12:59:26 +01:00
rfkill tree-wide: group include of libudev.h with sd-* 2015-11-17 07:06:08 +01:00
run tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
shared resolved: on negative NODATA replies, properly deal with empty non-terminals 2016-01-17 20:47:46 +01:00
sleep util-lib: split out fd-related operations into fd-util.[ch] 2015-10-25 13:19:18 +01:00
socket-proxy util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
sysctl defs: rework CONF_DIRS_NULSTR() macro 2015-11-10 17:31:31 +01:00
system-update-generator util-lib: move a number of fs operations into fs-util.[ch] 2015-10-27 13:25:56 +01:00
systemctl Merge pull request #2316 from poettering/dnssec14 2016-01-14 17:02:57 +01:00
systemd resolved: introduce support for per-interface negative trust anchors 2016-01-06 18:36:32 +01:00
sysusers defs: rework CONF_DIRS_NULSTR() macro 2015-11-10 17:31:31 +01:00
sysv-generator install: follow unit file symlinks in /usr, but not /etc when looking for [Install] data 2015-11-12 17:57:04 +01:00
test resolved: on negative NODATA replies, properly deal with empty non-terminals 2016-01-17 20:47:46 +01:00
timedate tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
timesync tree-wide: sort includes in *.h 2015-11-18 23:09:02 +01:00
tmpfiles tmpfiles: create subvolumes for "v", "q", and "Q" only if / is a subvolume 2015-11-16 15:25:42 +01:00
tty-ask-password-agent tty-ask-password-agent: fix typo in error message 2015-11-05 13:44:01 +01:00
udev tree-wide: use xsprintf() where applicable 2016-01-12 15:36:32 +01:00
update-done util-lib: split out IO related calls to io-util.[ch] 2015-10-26 01:24:38 +01:00
update-utmp tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
user-sessions user-sessions: make sure /run/nologin has correct SELinux label 2015-12-04 22:01:17 +01:00
vconsole tree-wide: use xsprintf() where applicable 2016-01-12 15:36:32 +01:00
.gitignore
Makefile