BUG/MAJOR: dns: don't treat Authority records as an error

Support for DNS Service Discovery by means of SRV records was enhanced with commit 13a9232eb ("MEDIUM: dns: use Additional records from SRV responses") to use the content of the answers Additional records when present. If there are Authority records before the Additional records we mistakenly treat that as an invalid response. To fix this, just ignore the Authority section if it exist and skip to the Additional records. As 13a9232eb was introduced during 2.2-dev, it must be backported to 2.2. This is a fix for issue #778
2026-04-22 23:02:34 -04:00 · 2020-07-26 12:13:12 +02:00 · 2020-07-26 12:13:12 +02:00 · 4002f8dc03
commit 4002f8dc03
parent 012261ab34
1 changed files with 28 additions and 0 deletions
--- a/src/dns.c
+++ b/src/dns.c
@ -1044,6 +1044,34 @@ static int dns_validate_dns_response(unsigned char *resp, unsigned char *bufend,
 	if (dns_query->type != DNS_RTYPE_SRV)
 		goto skip_parsing_additional_records;

+	/* if we find Authority records, just skip them */
+	for (i = 0; i < dns_p->header.nscount; i++) {
+		offset = 0;
+		len = dns_read_name(resp, bufend, reader, tmpname, DNS_MAX_NAME_SIZE,
+		                    &offset, 0);
+		if (len == 0)
+			continue;
+
+		if (reader + offset + 10 >= bufend)
+			goto invalid_resp;
+
+		reader += offset;
+		/* skip 2 bytes for class */
+		reader += 2;
+		/* skip 2 bytes for type */
+		reader += 2;
+		/* skip 4 bytes for ttl */
+		reader += 4;
+		/* read data len */
+		len = reader[0] * 256 + reader[1];
+		reader += 2;
+
+		if (reader + len >= bufend)
+			goto invalid_resp;
+
+		reader += len;
+	}
+
 	nb_saved_records = 0;
 	for (i = 0; i < dns_p->header.arcount; i++) {
 		if (reader >= bufend)