upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-24 00:29:58 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fix #503: DNS over HTTPS response truncated.

Browse source
This commit is contained in:
W.C.A. Wijngaards 2021-06-23 14:05:59 +02:00
parent 896357a5b3
commit 9d681b627f
4 changed files with 58 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
doc/Changelog
View file

@ -1,3 +1,6 @@
23 June 2021: Wouter
- Fix #503: DNS over HTTPS response truncated.
21 June 2021: George 21 June 2021: George
- Fix #495: Documentation or implementation of "verbosity" option. - Fix #495: Documentation or implementation of "verbosity" option.

51
services/listen_dnsport.c
View file

@ -2678,18 +2678,45 @@ static int http2_buffer_uri_query(struct http2_session* h2_session,
return 0; return 0;
} }
if(!(b64len = sldns_b64url_pton( if(sldns_b64_contains_nonurl((char const*)start, length)) {
(char const *)start, length, char buf[65536+4];
sldns_buffer_current(h2_stream->qbuffer), verbose(VERB_ALGO, "HTTP2 stream contains wrong b64 encoding");
expectb64len)) || b64len < 0) { /* copy to the scratch buffer temporarily to terminate the
lock_basic_lock(&http2_query_buffer_count_lock); * string with a zero */
http2_query_buffer_count -= expectb64len; if(length+1 > sizeof(buf)) {
lock_basic_unlock(&http2_query_buffer_count_lock); /* too long */
sldns_buffer_free(h2_stream->qbuffer); lock_basic_lock(&http2_query_buffer_count_lock);
h2_stream->qbuffer = NULL; http2_query_buffer_count -= expectb64len;
/* return without error, method can be an lock_basic_unlock(&http2_query_buffer_count_lock);
* unknown POST */ sldns_buffer_free(h2_stream->qbuffer);
return 1; h2_stream->qbuffer = NULL;
return 1;
}
memmove(buf, start, length);
buf[length] = 0;
if(!(b64len = sldns_b64_pton(buf, sldns_buffer_current(
h2_stream->qbuffer), expectb64len)) || b64len < 0) {
lock_basic_lock(&http2_query_buffer_count_lock);
http2_query_buffer_count -= expectb64len;
lock_basic_unlock(&http2_query_buffer_count_lock);
sldns_buffer_free(h2_stream->qbuffer);
h2_stream->qbuffer = NULL;
return 1;
}
} else {
if(!(b64len = sldns_b64url_pton(
(char const *)start, length,
sldns_buffer_current(h2_stream->qbuffer),
expectb64len)) || b64len < 0) {
lock_basic_lock(&http2_query_buffer_count_lock);
http2_query_buffer_count -= expectb64len;
lock_basic_unlock(&http2_query_buffer_count_lock);
sldns_buffer_free(h2_stream->qbuffer);
h2_stream->qbuffer = NULL;
/* return without error, method can be an
* unknown POST */
return 1;
}
} }
sldns_buffer_skip(h2_stream->qbuffer, (size_t)b64len); sldns_buffer_skip(h2_stream->qbuffer, (size_t)b64len);
return 1; return 1;

15
sldns/parseutil.c
View file

@ -790,3 +790,18 @@ int sldns_b64url_pton(char const *src, size_t srcsize, uint8_t *target,
} }
return sldns_b64_pton_base(src, srcsize, target, targsize, 1); return sldns_b64_pton_base(src, srcsize, target, targsize, 1);
} }
int sldns_b64_contains_nonurl(char const *src, size_t srcsize)
{
const char* s = src;
while(*s && srcsize) {
char d = *s++;
srcsize--;
/* the '+' and the '/' and padding '=' is not allowed in b64
* url encoding */
if(d == '+' || d == '/' || d == '=') {
return 1;
}
}
return 0;
}

1
sldns/parseutil.h
View file

@ -102,6 +102,7 @@ size_t sldns_b64_pton_calculate_size(size_t srcsize);
int sldns_b64_pton(char const *src, uint8_t *target, size_t targsize); int sldns_b64_pton(char const *src, uint8_t *target, size_t targsize);
int sldns_b64url_pton(char const *src, size_t srcsize, uint8_t *target, int sldns_b64url_pton(char const *src, size_t srcsize, uint8_t *target,
size_t targsize); size_t targsize);
int sldns_b64_contains_nonurl(char const *src, size_t srcsize);
/** /**
* calculates the size needed to store the result of b32_ntop * calculates the size needed to store the result of b32_ntop