Commit 17b8cfc8 authored by Marek Vavrusa's avatar Marek Vavrusa

layer/rrcache: added check for cname chain loops

iterator already checks this and also chain length,
however these checks were omitted in the rrcache
CNAME unroll loop
parent 2e253a83
...@@ -284,6 +284,7 @@ static int stash_answer(struct kr_query *qry, knot_pkt_t *pkt, map_t *stash, kno ...@@ -284,6 +284,7 @@ static int stash_answer(struct kr_query *qry, knot_pkt_t *pkt, map_t *stash, kno
const knot_pktsection_t *answer = knot_pkt_section(pkt, KNOT_ANSWER); const knot_pktsection_t *answer = knot_pkt_section(pkt, KNOT_ANSWER);
const knot_dname_t *cname = NULL; const knot_dname_t *cname = NULL;
const knot_dname_t *next_cname = cname_begin; const knot_dname_t *next_cname = cname_begin;
unsigned cname_chain_len = 0;
do { do {
cname = next_cname; cname = next_cname;
next_cname = NULL; next_cname = NULL;
...@@ -295,10 +296,24 @@ static int stash_answer(struct kr_query *qry, knot_pkt_t *pkt, map_t *stash, kno ...@@ -295,10 +296,24 @@ static int stash_answer(struct kr_query *qry, knot_pkt_t *pkt, map_t *stash, kno
kr_rrmap_add(stash, rr, KR_RANK_AUTH, pool); kr_rrmap_add(stash, rr, KR_RANK_AUTH, pool);
/* Follow CNAME chain in current cut (if SECURE). */ /* Follow CNAME chain in current cut (if SECURE). */
if ((qry->flags & QUERY_DNSSEC_WANT) && rr->type == KNOT_RRTYPE_CNAME) { if ((qry->flags & QUERY_DNSSEC_WANT) && rr->type == KNOT_RRTYPE_CNAME) {
cname_chain_len += 1;
next_cname = knot_cname_name(&rr->rrs); next_cname = knot_cname_name(&rr->rrs);
if (next_cname && !knot_dname_in(qry->zone_cut.name, next_cname)) { if (next_cname && !knot_dname_in(qry->zone_cut.name, next_cname)) {
next_cname = NULL; next_cname = NULL;
} }
/* Check if the same CNAME was already resolved */
if (next_cname) {
char key[KR_RRKEY_LEN];
int ret = kr_rrkey(key, next_cname, rr->type, KR_RANK_AUTH);
if (ret != 0 || map_get(stash, key)) {
DEBUG_MSG(qry, "<= cname chain loop\n");
next_cname = NULL;
}
}
if (cname_chain_len > answer->count || cname_chain_len > KR_CNAME_CHAIN_LIMIT) {
DEBUG_MSG(qry, "<= too long cname chain\n");
next_cname = NULL;
}
} }
} }
} while (next_cname); } while (next_cname);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment