upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fix #503: DNS over HTTPS response truncated.

Browse source
This commit is contained in:
W.C.A. Wijngaards 2021-06-23 14:05:59 +02:00
parent 896357a5b3
commit 9d681b627f
4 changed files with 58 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
doc/Changelog
View file

@ -1,3 +1,6 @@
23 June 2021: Wouter
- Fix #503: DNS over HTTPS response truncated.
21 June 2021: George
- Fix #495: Documentation or implementation of "verbosity" option.

27
services/listen_dnsport.c
View file

@ -2678,6 +2678,32 @@ static int http2_buffer_uri_query(struct http2_session* h2_session,
return 0;
}
if(sldns_b64_contains_nonurl((char const*)start, length)) {
char buf[65536+4];
verbose(VERB_ALGO, "HTTP2 stream contains wrong b64 encoding");
/* copy to the scratch buffer temporarily to terminate the
* string with a zero */
if(length+1 > sizeof(buf)) {
/* too long */
lock_basic_lock(&http2_query_buffer_count_lock);
http2_query_buffer_count -= expectb64len;
lock_basic_unlock(&http2_query_buffer_count_lock);
sldns_buffer_free(h2_stream->qbuffer);
h2_stream->qbuffer = NULL;
return 1;
}
memmove(buf, start, length);
buf[length] = 0;
if(!(b64len = sldns_b64_pton(buf, sldns_buffer_current(
h2_stream->qbuffer), expectb64len)) || b64len < 0) {
lock_basic_lock(&http2_query_buffer_count_lock);
http2_query_buffer_count -= expectb64len;
lock_basic_unlock(&http2_query_buffer_count_lock);
sldns_buffer_free(h2_stream->qbuffer);
h2_stream->qbuffer = NULL;
return 1;
}
} else {
if(!(b64len = sldns_b64url_pton(
(char const *)start, length,
sldns_buffer_current(h2_stream->qbuffer),
@ -2691,6 +2717,7 @@ static int http2_buffer_uri_query(struct http2_session* h2_session,
* unknown POST */
return 1;
}
}
sldns_buffer_skip(h2_stream->qbuffer, (size_t)b64len);
return 1;
}

15
sldns/parseutil.c
View file

@ -790,3 +790,18 @@ int sldns_b64url_pton(char const *src, size_t srcsize, uint8_t *target,
}
return sldns_b64_pton_base(src, srcsize, target, targsize, 1);
}
int sldns_b64_contains_nonurl(char const *src, size_t srcsize)
{
const char* s = src;
while(*s && srcsize) {
char d = *s++;
srcsize--;
/* the '+' and the '/' and padding '=' is not allowed in b64
* url encoding */
if(d == '+' || d == '/' || d == '=') {
return 1;
}
}
return 0;
}

1
sldns/parseutil.h
View file

@ -102,6 +102,7 @@ size_t sldns_b64_pton_calculate_size(size_t srcsize);
int sldns_b64_pton(char const *src, uint8_t *target, size_t targsize);
int sldns_b64url_pton(char const *src, size_t srcsize, uint8_t *target,
size_t targsize);
int sldns_b64_contains_nonurl(char const *src, size_t srcsize);
/**
* calculates the size needed to store the result of b32_ntop