resolved: refuse accepting EDNS0 OPT RRs with a non-root domain
authorLennart Poettering <lennart@poettering.net>
Fri, 18 Dec 2015 17:57:08 +0000 (18:57 +0100)
committerLennart Poettering <lennart@poettering.net>
Fri, 18 Dec 2015 17:57:08 +0000 (18:57 +0100)
src/resolve/resolved-dns-packet.c

index c8dd5fd..e8f5705 100644 (file)
@@ -1997,13 +1997,19 @@ int dns_packet_extract(DnsPacket *p) {
 
                 for (i = 0; i < n; i++) {
                         _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
+                        bool cache_flush;
 
-                        r = dns_packet_read_rr(p, &rr, NULL);
+                        r = dns_packet_read_rr(p, &rr, &cache_flush, NULL);
                         if (r < 0)
                                 goto finish;
 
                         if (rr->key->type == DNS_TYPE_OPT) {
 
+                                if (!dns_name_is_root(DNS_RESOURCE_KEY_NAME(rr->key))) {
+                                        r = -EBADMSG;
+                                        goto finish;
+                                }
+
                                 /* The OPT RR is only valid in the Additional section */
                                 if (i < DNS_PACKET_ANCOUNT(p) + DNS_PACKET_NSCOUNT(p)) {
                                         r = -EBADMSG;