harden DNS resolver (insp20 branch) #2

wants to merge 4 commits into
Commits on Mar 20, 2012
  1. @kaniini

    dns: iterators which are integer should always be unsigned, else an i…

    kaniini committed Mar 20, 2012
    …nteger underflow is possible.
    Signed-off-by: William Pitcock <nenolod@dereferenced.org>
  2. @kaniini

    dns: reject messages with lengths larger than DNSHeader with prejudice

    kaniini committed Mar 20, 2012
    This also includes when decompressing name entries.
  3. @kaniini

    dns: more hardening

    kaniini committed Mar 20, 2012
    - don't trust rr.rdlength
    - don't accept replies we know are impossible for AAAA/A records
    - don't try to process record types we do not know about specifically
      (this behaviour just leads to disaster)
  4. @kaniini