label decompression is naive #599

Closed
Habbie opened this Issue Apr 26, 2013 · 1 comment

Projects

None yet

1 participant

@Habbie
Member
Habbie commented Apr 26, 2013

PacketReader::getLabelFromContent has a recursion limit (10 by default) instead of actively checking for loops. A user with this set of names in his zone has managed to trigger this limit during AXFR between two PowerDNS instances:

*.0.x.x.x.x.x.x.x.ip6.arpa. 86400 IN    PTR     hosted.by.knip.net.
*.0.0.x.x.x.x.x.x.x.ip6.arpa. 86400 IN  PTR     hosted.by.knip.net.
*.0.0.0.x.x.x.x.x.x.x.ip6.arpa. 86400 IN PTR    hosted.by.knip.net.
*.0.0.0.0.x.x.x.x.x.x.x.ip6.arpa. 86400 IN PTR  hosted.by.knip.net.
*.0.0.0.0.0.x.x.x.x.x.x.x.ip6.arpa. 86400 IN PTR hosted.by.knip.net.
*.0.0.0.0.0.0.x.x.x.x.x.x.x.ip6.arpa. 86400 IN PTR hosted.by.knip.net.

and so on until much greater length.

Workaround: increase recursion limit.
Fix: remove recursion limit (or make it high enough that legitimate content is extremely unlikely to hit it) and implement actual loop checking. I recall from the relevant RFC that this could be as simple as never accepting addresses that point forward.

@Habbie Habbie was assigned Apr 26, 2013
@Habbie Habbie closed this Apr 26, 2013
@Habbie
Member
Habbie commented Apr 26, 2013

Author: peter
fixed in r2822

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment