This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] nss_dns: Enforce QDCOUNT == 1 in getnetby* implementation
- From: Florian Weimer <fweimer at redhat dot com>
- To: DJ Delorie <dj at redhat dot com>
- Cc: libc-alpha at sourceware dot org
- Date: Mon, 11 Mar 2019 22:51:11 +0100
- Subject: Re: [PATCH] nss_dns: Enforce QDCOUNT == 1 in getnetby* implementation
- References: <xntvg95cnt.fsf@greed.delorie.com>
* DJ Delorie:
> Florian Weimer <fweimer@redhat.com> writes:
>> The stub resolver sends a query with one question record, so if
>> the answer contains a different number, the DNS message is
>> corrupted.
>
> The resolver now returns a different error code when question_count is
> zero. Is this intentional? Does this need to be documented anywhere?
Hmm. I didn't realize we still have RES_INSECURE2 code. By default, we
call res_queriesmatch, which checks if the question count matches what
we sent. This is what I meant with “corrupted”: the libresolv code will
discard the tentative response.
Clearly we should remove the RES_INSECURE2 code, there really is no use
for it. And the RES_INSECURE1 check is ineffective because we use a
connected UDP socket, so the kernel filters non-matching addresses and
those packets never reach user space.
Fortunately, neither option can be set from /etc/resolv.conf.
be easy.
>> + if (n < 0 || end_of_message - (cp + n) < QFIXEDSZ)
>> + goto bad_message;
>
> And this part sets errno, which it didn't before.
This doesn't matter because the condition is checked in
res_queriesmatch, too:
if (cp + 2 * INT16SZ > eom1)
return (-1);
Ideally, we would use an interface which makes all this much more
obvious. In particular, there is really no need to parse the question
section twice.
Thanks,
Florian