Permalink
Browse files

No longer attempt to answer questions coming in from port 0, reply wo…

…uld not reach them anyhow. Thanks to Niels Bakker and sid3windr for insight & debugging.

Closes #844.
  • Loading branch information...
1 parent 9d73913 commit 81859ba591d7de51d45e48b4fe499b08e08c221b @ahupowerdns ahupowerdns committed Mar 22, 2014
Showing with 14 additions and 1 deletion.
  1. +5 −1 pdns/nameserver.cc
  2. +9 −0 pdns/pdns_recursor.cc
View
@@ -420,8 +420,12 @@ DNSPacket *UDPNameserver::receive(DNSPacket *prefilled)
if(sock==-1)
throw PDNSException("poll betrayed us! (should not happen)");
-
DLOG(L<<"Received a packet " << len <<" bytes long from "<< remote.toString()<<endl);
+
+ BOOST_STATIC_ASSERT(offsetof(sockaddr_in, sin_port) == offsetof(sockaddr_in6, sin6_port));
+
+ if(remote.sin4.sin_port == 0) // would generate error on responding. sin4 also works for ipv6
+ return 0;
DNSPacket *packet;
if(prefilled) // they gave us a preallocated packet
@@ -31,6 +31,7 @@
#include "dns_random.hh"
#include <iostream>
#include <errno.h>
+#include <boost/static_assert.hpp>
#include <map>
#include <set>
#include "recursor_cache.hh"
@@ -923,6 +924,14 @@ void handleNewUDPQuestion(int fd, FDMultiplexer::funcparam_t& var)
g_stats.unauthorizedUDP++;
return;
}
+ BOOST_STATIC_ASSERT_MSG(offsetof(sockaddr_in, sin_port) == offsetof(sockaddr_in6, sin6_port), "IPv4 and IPv6 structs differ wrt port");
+ if(!fromaddr.sin4.sin_port) { // also works for IPv6
+ if(!g_quiet)
+ L<<Logger::Error<<"["<<MT->getTid()<<"] dropping UDP query from "<<fromaddr.toStringWithPort()<<", can't deal with port 0"<<endl;
+
+ g_stats.clientParseError++; // not quite the best place to put it, but needs to go somewhere
+ return;
+ }
try {
dnsheader* dh=(dnsheader*)data;

0 comments on commit 81859ba

Please sign in to comment.