Commit Diff
Diff:
bf583bd16caeb1f659eca2629e99aa9a620e4bd9
3dd358046487134a389917552432e58d033fc2ea
Commit:
3dd358046487134a389917552432e58d033fc2ea
Tree:
06a4201cf1ece118ab43f8cc1735094e6f971772
Author:
pjp <pjp@delphinusdns.org>
Committer:
pjp <pjp@delphinusdns.org>
Date:
Mon Jul 27 08:23:04 2020 UTC
Message:
The SOA check did not fare well with additional data before an AXFR download. Noticed on Windows DNS servers which tagged on an A record as additional to the SOA data. In this SOA check check a variable if we are indeed axfr'ing. Tested on OpenBSD/octeon
blob - 33ab6d8808c0b23a7d19761968b4dc65467a1b98
blob + 5760c21f6f64a82f1811eaecbf61f6a1115989c1
--- query.c
+++ query.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: query.c,v 1.12 2020/07/27 05:11:19 pjp Exp $
+ * $Id: query.c,v 1.13 2020/07/27 08:23:04 pjp Exp $
*/
#include <sys/types.h>
@@ -160,7 +160,7 @@ extern int raxfr_ds(FILE *, u_char *, u_char *, u_char
extern int raxfr_sshfp(FILE *, u_char *, u_char *, u_char *, struct soa *, u_int16_t, HMAC_CTX *);
extern u_int16_t raxfr_skip(FILE *, u_char *, u_char *);
extern int raxfr_soa(FILE *, u_char *, u_char *, u_char *, struct soa *, int, u_int32_t, u_int16_t, HMAC_CTX *, struct soa_constraints *);
-extern int raxfr_peek(FILE *, u_char *, u_char *, u_char *, int *, int, u_int16_t *, u_int32_t, HMAC_CTX *, char *, int);
+extern int raxfr_peek(FILE *, u_char *, u_char *, u_char *, int *, int, u_int16_t *, u_int32_t, HMAC_CTX *, char *, int, int);
extern int memcasecmp(u_char *, u_char *, int);
extern int tsig_pseudoheader(char *, uint16_t, time_t, HMAC_CTX *);
@@ -664,7 +664,7 @@ lookup_name(FILE *f, int so, char *zonename, u_int16_t
skip:
- if ((rrlen = raxfr_peek(f, p, estart, end, &rrtype, 0, &rdlen, format, NULL, name, zonelen)) < 0) {
+ if ((rrlen = raxfr_peek(f, p, estart, end, &rrtype, 0, &rdlen, format, NULL, name, zonelen, 0)) < 0) {
fprintf(stderr, "not a SOA reply, or ERROR\n");
return -1;
}
blob - 8cfb9d318987b81245d389d57e77fe8221c8df68
blob + 4b93a19eef938d6d3cbb0cf95c48f73d676fed14
--- raxfr.c
+++ raxfr.c
@@ -26,7 +26,7 @@
*
*/
/*
- * $Id: raxfr.c,v 1.59 2020/07/27 05:11:19 pjp Exp $
+ * $Id: raxfr.c,v 1.60 2020/07/27 08:23:04 pjp Exp $
*/
#include <sys/types.h>
@@ -118,7 +118,7 @@ int raxfr_naptr(FILE *, u_char *, u_char *, u_char *,
int raxfr_soa(FILE *, u_char *, u_char *, u_char *, struct soa *, int, u_int32_t, u_int16_t, HMAC_CTX *, struct soa_constraints *);
u_int16_t raxfr_skip(FILE *, u_char *, u_char *);
-int raxfr_peek(FILE *, u_char *, u_char *, u_char *, int *, int, u_int16_t *, u_int32_t, HMAC_CTX *, char *, int);
+int raxfr_peek(FILE *, u_char *, u_char *, u_char *, int *, int, u_int16_t *, u_int32_t, HMAC_CTX *, char *, int, int);
int raxfr_tsig(FILE *f, u_char *p, u_char *estart, u_char *end, struct soa *mysoa, u_int16_t rdlen, HMAC_CTX *ctx, char *, int);
@@ -215,7 +215,7 @@ static struct raxfr_logic supported[] = {
int
-raxfr_peek(FILE *f, u_char *p, u_char *estart, u_char *end, int *rrtype, int soacount, u_int16_t *rdlen, u_int32_t format, HMAC_CTX *ctx, char *zonename, int zonelen)
+raxfr_peek(FILE *f, u_char *p, u_char *estart, u_char *end, int *rrtype, int soacount, u_int16_t *rdlen, u_int32_t format, HMAC_CTX *ctx, char *zonename, int zonelen, int axfr)
{
int rrlen;
char *save;
@@ -282,7 +282,7 @@ raxfr_peek(FILE *f, u_char *p, u_char *estart, u_char
}
/* check for poison */
- if (!dn_contains(expand, elen, zonename, zonelen)) {
+ if (axfr && !dn_contains(expand, elen, zonename, zonelen)) {
char *humanzone;
humanzone = convert_name(zonename, zonelen);
@@ -2181,7 +2181,7 @@ get_remote_soa(struct rzone *rzone)
for (i = answers; i > 0; i--) {
- if ((rrlen = raxfr_peek(f, p, estart, end, &rrtype, 0, &rdlen, format, (dotsig == 1) ? ctx : NULL, name, zonelen)) < 0) {
+ if ((rrlen = raxfr_peek(f, p, estart, end, &rrtype, 0, &rdlen, format, (dotsig == 1) ? ctx : NULL, name, zonelen, 0)) < 0) {
dolog(LOG_INFO, "not a SOA reply, or ERROR\n");
close(so);
free(reply); free(dupreply);
blob - 62ccc016b509cd6bcbbd5904979d7f9b9267ace8
blob + 079ca7b0b7d61728076958f7e24074726a52e0ed
--- util.c
+++ util.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: util.c,v 1.80 2020/07/27 05:11:19 pjp Exp $
+ * $Id: util.c,v 1.81 2020/07/27 08:23:04 pjp Exp $
*/
#include <sys/types.h>
@@ -164,7 +164,7 @@ extern int raxfr_hinfo(FILE *, u_char *, u_char *, u_c
extern int raxfr_sshfp(FILE *, u_char *, u_char *, u_char *, struct soa *, u_int16_t, HMAC_CTX *);
extern u_int16_t raxfr_skip(FILE *, u_char *, u_char *);
extern int raxfr_soa(FILE *, u_char *, u_char *, u_char *, struct soa *, int, u_int32_t, u_int16_t, HMAC_CTX *, struct soa_constraints *);
-extern int raxfr_peek(FILE *, u_char *, u_char *, u_char *, int *, int, u_int16_t *, u_int32_t, HMAC_CTX *, char *, int);
+extern int raxfr_peek(FILE *, u_char *, u_char *, u_char *, int *, int, u_int16_t *, u_int32_t, HMAC_CTX *, char *, int, int);
extern int raxfr_tsig(FILE *, u_char *, u_char *, u_char *, struct soa *, u_int16_t, HMAC_CTX *, char *, int);
extern char *convert_name(char *, int);
@@ -2142,7 +2142,7 @@ lookup_axfr(FILE *f, int so, char *zonename, struct so
char mac[32];
elen = 0;
- if ((rrlen = raxfr_peek(f, p, estart, end, &rrtype, soacount, &rdlen, format, ctx, name, zonelen)) < 0) {
+ if ((rrlen = raxfr_peek(f, p, estart, end, &rrtype, soacount, &rdlen, format, ctx, name, zonelen, 1)) < 0) {
fprintf(stderr, "not a SOA reply, or ERROR\n");
return -1;
}
repomaster@centroid.eu