Permalink
Browse files

Ignore invalid/empty TKEY and TSIG records

  • Loading branch information...
1 parent 8044a5d commit b0c04ba2cfc3fcb758230041008ce7f189b528ed @zeha zeha committed with Habbie Oct 12, 2015
Showing with 15 additions and 4 deletions.
  1. +15 −4 pdns/dnspacket.cc
View
@@ -464,10 +464,15 @@ bool DNSPacket::getTSIGDetails(TSIGRecordContent* trc, string* keyname, string*
bool gotit=false;
for(MOADNSParser::answers_t::const_iterator i=mdp.d_answers.begin(); i!=mdp.d_answers.end(); ++i) {
if(i->first.d_type == QType::TSIG) {
- *trc = *boost::dynamic_pointer_cast<TSIGRecordContent>(i->first.d_content);
-
- gotit=true;
+ // cast can fail, f.e. if d_content is an UnknownRecordContent.
+ shared_ptr<TSIGRecordContent> content = boost::dynamic_pointer_cast<TSIGRecordContent>(i->first.d_content);
+ if (!content) {
+ L<<Logger::Error<<"TSIG record has no or invalid content (invalid packet)"<<endl;
+ return false;
+ }
+ *trc = *content;
*keyname = i->first.d_label;
+ gotit=true;
if(!keyname->empty())
keyname->resize(keyname->size()-1); // drop the trailing dot
}
@@ -492,7 +497,13 @@ bool DNSPacket::getTKEYRecord(TKEYRecordContent *tr, string *keyname) const
}
if(i->first.d_type == QType::TKEY) {
- *tr = *boost::dynamic_pointer_cast<TKEYRecordContent>(i->first.d_content);
+ // cast can fail, f.e. if d_content is an UnknownRecordContent.
+ shared_ptr<TKEYRecordContent> content = boost::dynamic_pointer_cast<TKEYRecordContent>(i->first.d_content);
+ if (!content) {
+ L<<Logger::Error<<"TKEY record has no or invalid content (invalid packet)"<<endl;
+ return false;
+ }
+ *tr = *content;
*keyname = i->first.d_label;
gotit=true;
}

0 comments on commit b0c04ba

Please sign in to comment.