these commits harden the DNS resolver to fix the CERT bug.
dns: iterators which are integer should always be unsigned, else an i…
…nteger underflow is possible.
Signed-off-by: William Pitcock <firstname.lastname@example.org>
dns: reject messages with lengths larger than DNSHeader with prejudice
This also includes when decompressing name entries.
dns: more hardening
- don't trust rr.rdlength
- don't accept replies we know are impossible for AAAA/A records
- don't try to process record types we do not know about specifically
(this behaviour just leads to disaster)
dns: cleanup ResultIsReady() prototype