mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-20 23:00:56 -05:00
- Fix #3397: Fix that cachedb could return a partial CNAME chain.
git-svn-id: file:///svn/unbound/trunk@4445 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards
parent
4b4b1eec8b
commit
df6fbb82be
5 changed files with 15 additions and 7 deletions
|
|
@ -568,7 +568,9 @@ cachedb_intcache_lookup(struct module_qstate* qstate)
|
||||||
msg = dns_cache_lookup(qstate->env, qstate->qinfo.qname,
|
msg = dns_cache_lookup(qstate->env, qstate->qinfo.qname,
|
||||||
qstate->qinfo.qname_len, qstate->qinfo.qtype,
|
qstate->qinfo.qname_len, qstate->qinfo.qtype,
|
||||||
qstate->qinfo.qclass, qstate->query_flags,
|
qstate->qinfo.qclass, qstate->query_flags,
|
||||||
qstate->region, qstate->env->scratch);
|
qstate->region, qstate->env->scratch,
|
||||||
|
1 /* no partial messages with only a CNAME */
|
||||||
|
);
|
||||||
if(!msg && qstate->env->neg_cache) {
|
if(!msg && qstate->env->neg_cache) {
|
||||||
/* lookup in negative cache; may result in
|
/* lookup in negative cache; may result in
|
||||||
* NOERROR/NODATA or NXDOMAIN answers that need validation */
|
* NOERROR/NODATA or NXDOMAIN answers that need validation */
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,7 @@
|
||||||
also recognized and means the same. Also for tls-port,
|
also recognized and means the same. Also for tls-port,
|
||||||
tls-service-key, tls-service-pem, stub-tls-upstream and
|
tls-service-key, tls-service-pem, stub-tls-upstream and
|
||||||
forward-tls-upstream.
|
forward-tls-upstream.
|
||||||
|
- Fix #3397: Fix that cachedb could return a partial CNAME chain.
|
||||||
|
|
||||||
19 January 2018: Wouter
|
19 January 2018: Wouter
|
||||||
- tag 1.6.8 for release with CVE fix.
|
- tag 1.6.8 for release with CVE fix.
|
||||||
|
|
|
||||||
|
|
@ -1109,7 +1109,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||||
msg = dns_cache_lookup(qstate->env, iq->qchase.qname,
|
msg = dns_cache_lookup(qstate->env, iq->qchase.qname,
|
||||||
iq->qchase.qname_len, iq->qchase.qtype,
|
iq->qchase.qname_len, iq->qchase.qtype,
|
||||||
iq->qchase.qclass, qstate->query_flags,
|
iq->qchase.qclass, qstate->query_flags,
|
||||||
qstate->region, qstate->env->scratch);
|
qstate->region, qstate->env->scratch, 0);
|
||||||
if(!msg && qstate->env->neg_cache) {
|
if(!msg && qstate->env->neg_cache) {
|
||||||
/* lookup in negative cache; may result in
|
/* lookup in negative cache; may result in
|
||||||
* NOERROR/NODATA or NXDOMAIN answers that need validation */
|
* NOERROR/NODATA or NXDOMAIN answers that need validation */
|
||||||
|
|
@ -2170,7 +2170,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||||
iq->qinfo_out.qname, iq->qinfo_out.qname_len,
|
iq->qinfo_out.qname, iq->qinfo_out.qname_len,
|
||||||
iq->qinfo_out.qtype, iq->qinfo_out.qclass,
|
iq->qinfo_out.qtype, iq->qinfo_out.qclass,
|
||||||
qstate->query_flags, qstate->region,
|
qstate->query_flags, qstate->region,
|
||||||
qstate->env->scratch);
|
qstate->env->scratch, 0);
|
||||||
if(msg && msg->rep->an_numrrsets == 0
|
if(msg && msg->rep->an_numrrsets == 0
|
||||||
&& FLAGS_GET_RCODE(msg->rep->flags) ==
|
&& FLAGS_GET_RCODE(msg->rep->flags) ==
|
||||||
LDNS_RCODE_NOERROR)
|
LDNS_RCODE_NOERROR)
|
||||||
|
|
|
||||||
8
services/cache/dns.c
vendored
8
services/cache/dns.c
vendored
|
|
@ -711,7 +711,8 @@ fill_any(struct module_env* env,
|
||||||
struct dns_msg*
|
struct dns_msg*
|
||||||
dns_cache_lookup(struct module_env* env,
|
dns_cache_lookup(struct module_env* env,
|
||||||
uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass,
|
uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass,
|
||||||
uint16_t flags, struct regional* region, struct regional* scratch)
|
uint16_t flags, struct regional* region, struct regional* scratch,
|
||||||
|
int no_partial)
|
||||||
{
|
{
|
||||||
struct lruhash_entry* e;
|
struct lruhash_entry* e;
|
||||||
struct query_info k;
|
struct query_info k;
|
||||||
|
|
@ -743,7 +744,8 @@ dns_cache_lookup(struct module_env* env,
|
||||||
/* see if a DNAME exists. Checked for first, to enforce that DNAMEs
|
/* see if a DNAME exists. Checked for first, to enforce that DNAMEs
|
||||||
* are more important, the CNAME is resynthesized and thus
|
* are more important, the CNAME is resynthesized and thus
|
||||||
* consistent with the DNAME */
|
* consistent with the DNAME */
|
||||||
if( (rrset=find_closest_of_type(env, qname, qnamelen, qclass, now,
|
if(!no_partial &&
|
||||||
|
(rrset=find_closest_of_type(env, qname, qnamelen, qclass, now,
|
||||||
LDNS_RR_TYPE_DNAME, 1))) {
|
LDNS_RR_TYPE_DNAME, 1))) {
|
||||||
/* synthesize a DNAME+CNAME message based on this */
|
/* synthesize a DNAME+CNAME message based on this */
|
||||||
struct dns_msg* msg = synth_dname_msg(rrset, region, now, &k);
|
struct dns_msg* msg = synth_dname_msg(rrset, region, now, &k);
|
||||||
|
|
@ -756,7 +758,7 @@ dns_cache_lookup(struct module_env* env,
|
||||||
|
|
||||||
/* see if we have CNAME for this domain,
|
/* see if we have CNAME for this domain,
|
||||||
* but not for DS records (which are part of the parent) */
|
* but not for DS records (which are part of the parent) */
|
||||||
if( qtype != LDNS_RR_TYPE_DS &&
|
if(!no_partial && qtype != LDNS_RR_TYPE_DS &&
|
||||||
(rrset=rrset_cache_lookup(env->rrset_cache, qname, qnamelen,
|
(rrset=rrset_cache_lookup(env->rrset_cache, qname, qnamelen,
|
||||||
LDNS_RR_TYPE_CNAME, qclass, 0, now, 0))) {
|
LDNS_RR_TYPE_CNAME, qclass, 0, now, 0))) {
|
||||||
uint8_t* wc = NULL;
|
uint8_t* wc = NULL;
|
||||||
|
|
|
||||||
5
services/cache/dns.h
vendored
5
services/cache/dns.h
vendored
|
|
@ -159,13 +159,16 @@ struct dns_msg* tomsg(struct module_env* env, struct query_info* q,
|
||||||
* @param flags: flags with BIT_CD for AAAA queries in dns64 translation.
|
* @param flags: flags with BIT_CD for AAAA queries in dns64 translation.
|
||||||
* @param region: where to allocate result.
|
* @param region: where to allocate result.
|
||||||
* @param scratch: where to allocate temporary data.
|
* @param scratch: where to allocate temporary data.
|
||||||
|
* @param no_partial: if true, only complete messages and not a partial
|
||||||
|
* one (with only the start of the CNAME chain and not the rest).
|
||||||
* @return new response message (alloced in region, rrsets do not have IDs).
|
* @return new response message (alloced in region, rrsets do not have IDs).
|
||||||
* or NULL on error or if not found in cache.
|
* or NULL on error or if not found in cache.
|
||||||
* TTLs are made relative to the current time.
|
* TTLs are made relative to the current time.
|
||||||
*/
|
*/
|
||||||
struct dns_msg* dns_cache_lookup(struct module_env* env,
|
struct dns_msg* dns_cache_lookup(struct module_env* env,
|
||||||
uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass,
|
uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass,
|
||||||
uint16_t flags, struct regional* region, struct regional* scratch);
|
uint16_t flags, struct regional* region, struct regional* scratch,
|
||||||
|
int no_partial);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* find and add A and AAAA records for missing nameservers in delegpt
|
* find and add A and AAAA records for missing nameservers in delegpt
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue