|
|
|
@ -770,19 +770,24 @@ impl DNSState {
|
|
|
|
const DNS_HEADER_SIZE: usize = 12;
|
|
|
|
const DNS_HEADER_SIZE: usize = 12;
|
|
|
|
|
|
|
|
|
|
|
|
fn probe_header_validity(header: &DNSHeader, rlen: usize) -> (bool, bool, bool) {
|
|
|
|
fn probe_header_validity(header: &DNSHeader, rlen: usize) -> (bool, bool, bool) {
|
|
|
|
let min_msg_size = 2
|
|
|
|
let nb_records = header.additional_rr as usize
|
|
|
|
* (header.additional_rr as usize
|
|
|
|
+ header.answer_rr as usize
|
|
|
|
+ header.answer_rr as usize
|
|
|
|
+ header.authority_rr as usize
|
|
|
|
+ header.authority_rr as usize
|
|
|
|
+ header.questions as usize;
|
|
|
|
+ header.questions as usize)
|
|
|
|
|
|
|
|
+ DNS_HEADER_SIZE;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
let min_msg_size = 2 * nb_records;
|
|
|
|
if min_msg_size > rlen {
|
|
|
|
if min_msg_size > rlen {
|
|
|
|
// Not enough data for records defined in the header, or
|
|
|
|
// Not enough data for records defined in the header, or
|
|
|
|
// impossibly large.
|
|
|
|
// impossibly large.
|
|
|
|
return (false, false, false);
|
|
|
|
return (false, false, false);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if nb_records == 0 && rlen > DNS_HEADER_SIZE {
|
|
|
|
|
|
|
|
// zero fields, data size should be just DNS_HEADER_SIZE
|
|
|
|
|
|
|
|
// happens when DNS server returns format error
|
|
|
|
|
|
|
|
return (false, false, false);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
let is_request = header.flags & 0x8000 == 0;
|
|
|
|
let is_request = header.flags & 0x8000 == 0;
|
|
|
|
return (true, is_request, false);
|
|
|
|
return (true, is_request, false);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
Philippe Antoine
11 months ago
committed by
Victor Julien