63 lines
1.7 KiB
Diff
63 lines
1.7 KiB
Diff
Partial backport of:
|
|
|
|
commit 333221862ecbebde60dd16e7ca17d26444e62f50
|
|
Author: Florian Weimer <fweimer@redhat.com>
|
|
Date: Mon Apr 8 11:19:38 2019 +0200
|
|
|
|
resolv: Remove RES_INSECURE1, RES_INSECURE2
|
|
|
|
Always perform the associated security checks.
|
|
|
|
The constants and their debug output handling are preserve in this
|
|
backport.
|
|
|
|
diff --git a/resolv/res_send.c b/resolv/res_send.c
|
|
index 705ecb7189d215c2..c9b02cca130bc20d 100644
|
|
--- a/resolv/res_send.c
|
|
+++ b/resolv/res_send.c
|
|
@@ -1324,31 +1324,25 @@ send_dg(res_state statp,
|
|
*/
|
|
goto wait;
|
|
}
|
|
- if (!(statp->options & RES_INSECURE1) &&
|
|
- !res_ourserver_p(statp, &from)) {
|
|
- /*
|
|
- * response from wrong server? ignore it.
|
|
- * XXX - potential security hazard could
|
|
- * be detected here.
|
|
- */
|
|
- goto wait;
|
|
- }
|
|
- if (!(statp->options & RES_INSECURE2)
|
|
- && (recvresp1 || !res_queriesmatch(buf, buf + buflen,
|
|
+
|
|
+ /* Paranoia check. Due to the connected UDP socket,
|
|
+ the kernel has already filtered invalid addresses
|
|
+ for us. */
|
|
+ if (!res_ourserver_p(statp, &from))
|
|
+ goto wait;
|
|
+
|
|
+ /* Check for the correct header layout and a matching
|
|
+ question. */
|
|
+ if ((recvresp1 || !res_queriesmatch(buf, buf + buflen,
|
|
*thisansp,
|
|
*thisansp
|
|
+ *thisanssizp))
|
|
&& (recvresp2 || !res_queriesmatch(buf2, buf2 + buflen2,
|
|
*thisansp,
|
|
*thisansp
|
|
- + *thisanssizp))) {
|
|
- /*
|
|
- * response contains wrong query? ignore it.
|
|
- * XXX - potential security hazard could
|
|
- * be detected here.
|
|
- */
|
|
- goto wait;
|
|
- }
|
|
+ + *thisanssizp)))
|
|
+ goto wait;
|
|
+
|
|
if (anhp->rcode == SERVFAIL ||
|
|
anhp->rcode == NOTIMP ||
|
|
anhp->rcode == REFUSED) {
|