projects
/
platform
/
upstream
/
systemd.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
2ad613a
)
resolved: packet - refuse empty type bitmaps
author
Tom Gundersen
<teg@jklm.no>
Tue, 28 Jul 2015 21:16:52 +0000
(23:16 +0200)
committer
Tom Gundersen
<teg@jklm.no>
Tue, 28 Jul 2015 21:25:52 +0000
(23:25 +0200)
The NSEC type itself must at least be in the bitmap, so NSEC records with empty
bitmaps must be bogus.
src/resolve/resolved-dns-packet.c
patch
|
blob
|
history
diff --git
a/src/resolve/resolved-dns-packet.c
b/src/resolve/resolved-dns-packet.c
index
88a3089
..
39951a3
100644
(file)
--- a/
src/resolve/resolved-dns-packet.c
+++ b/
src/resolve/resolved-dns-packet.c
@@
-1666,8
+1666,12
@@
int dns_packet_read_rr(DnsPacket *p, DnsResourceRecord **ret, size_t *start) {
if (r < 0)
goto fail;
- /* NSEC RRs with empty bitmpas makes no sense, but the RFC does not explicitly forbid them
- so we allow it */
+ /* The types bitmap must contain at least the NSEC record itself, so an empty bitmap means
+ something went wrong */
+ if (bitmap_isclear(rr->nsec.types)) {
+ r = -EBADMSG;
+ goto fail;
+ }
break;