|
|
446cf2 |
Partial backport of:
|
|
|
446cf2 |
|
|
|
446cf2 |
commit 333221862ecbebde60dd16e7ca17d26444e62f50
|
|
|
446cf2 |
Author: Florian Weimer <fweimer@redhat.com>
|
|
|
446cf2 |
Date: Mon Apr 8 11:19:38 2019 +0200
|
|
|
446cf2 |
|
|
|
446cf2 |
resolv: Remove RES_INSECURE1, RES_INSECURE2
|
|
|
446cf2 |
|
|
|
446cf2 |
Always perform the associated security checks.
|
|
|
446cf2 |
|
|
|
446cf2 |
The constants and their debug output handling are preserve in this
|
|
|
446cf2 |
backport.
|
|
|
446cf2 |
|
|
|
446cf2 |
diff --git a/resolv/res_send.c b/resolv/res_send.c
|
|
|
446cf2 |
index 705ecb7189d215c2..c9b02cca130bc20d 100644
|
|
|
446cf2 |
--- a/resolv/res_send.c
|
|
|
446cf2 |
+++ b/resolv/res_send.c
|
|
|
446cf2 |
@@ -1324,31 +1324,25 @@ send_dg(res_state statp,
|
|
|
446cf2 |
*/
|
|
|
446cf2 |
goto wait;
|
|
|
446cf2 |
}
|
|
|
446cf2 |
- if (!(statp->options & RES_INSECURE1) &&
|
|
|
446cf2 |
- !res_ourserver_p(statp, &from)) {
|
|
|
446cf2 |
- /*
|
|
|
446cf2 |
- * response from wrong server? ignore it.
|
|
|
446cf2 |
- * XXX - potential security hazard could
|
|
|
446cf2 |
- * be detected here.
|
|
|
446cf2 |
- */
|
|
|
446cf2 |
- goto wait;
|
|
|
446cf2 |
- }
|
|
|
446cf2 |
- if (!(statp->options & RES_INSECURE2)
|
|
|
446cf2 |
- && (recvresp1 || !res_queriesmatch(buf, buf + buflen,
|
|
|
446cf2 |
+
|
|
|
446cf2 |
+ /* Paranoia check. Due to the connected UDP socket,
|
|
|
446cf2 |
+ the kernel has already filtered invalid addresses
|
|
|
446cf2 |
+ for us. */
|
|
|
446cf2 |
+ if (!res_ourserver_p(statp, &from))
|
|
|
446cf2 |
+ goto wait;
|
|
|
446cf2 |
+
|
|
|
446cf2 |
+ /* Check for the correct header layout and a matching
|
|
|
446cf2 |
+ question. */
|
|
|
446cf2 |
+ if ((recvresp1 || !res_queriesmatch(buf, buf + buflen,
|
|
|
446cf2 |
*thisansp,
|
|
|
446cf2 |
*thisansp
|
|
|
446cf2 |
+ *thisanssizp))
|
|
|
446cf2 |
&& (recvresp2 || !res_queriesmatch(buf2, buf2 + buflen2,
|
|
|
446cf2 |
*thisansp,
|
|
|
446cf2 |
*thisansp
|
|
|
446cf2 |
- + *thisanssizp))) {
|
|
|
446cf2 |
- /*
|
|
|
446cf2 |
- * response contains wrong query? ignore it.
|
|
|
446cf2 |
- * XXX - potential security hazard could
|
|
|
446cf2 |
- * be detected here.
|
|
|
446cf2 |
- */
|
|
|
446cf2 |
- goto wait;
|
|
|
446cf2 |
- }
|
|
|
446cf2 |
+ + *thisanssizp)))
|
|
|
446cf2 |
+ goto wait;
|
|
|
446cf2 |
+
|
|
|
446cf2 |
if (anhp->rcode == SERVFAIL ||
|
|
|
446cf2 |
anhp->rcode == NOTIMP ||
|
|
|
446cf2 |
anhp->rcode == REFUSED) {
|