summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
authorReyk Floeter <reyk@cvs.openbsd.org>2008-07-23 10:05:19 +0000
committerReyk Floeter <reyk@cvs.openbsd.org>2008-07-23 10:05:19 +0000
commitee0ae2c892be6505c09c8abf7f61ff42e150dcdf (patch)
treed6d108b506026651b3c0a28a563673150c591265 /usr.sbin
parent3399d5412860a22dcc21cf642612bf6b77b7d860 (diff)
validate packet length in debug dns packet logging before printing the header.
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/relayd/relay_udp.c17
1 files changed, 12 insertions, 5 deletions
diff --git a/usr.sbin/relayd/relay_udp.c b/usr.sbin/relayd/relay_udp.c
index 15cdcc056e6..d6eeca6fbd5 100644
--- a/usr.sbin/relayd/relay_udp.c
+++ b/usr.sbin/relayd/relay_udp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: relay_udp.c,v 1.15 2008/07/09 17:24:14 reyk Exp $ */
+/* $OpenBSD: relay_udp.c,v 1.16 2008/07/23 10:05:18 reyk Exp $ */
/*
* Copyright (c) 2007, 2008 Reyk Floeter <reyk@openbsd.org>
@@ -61,7 +61,7 @@ int relay_udp_socket(struct sockaddr_storage *, in_port_t,
void relay_udp_request(struct session *);
void relay_udp_timeout(int, short, void *);
-void relay_dns_log(struct session *, u_int8_t *);
+void relay_dns_log(struct session *, u_int8_t *, size_t);
void *relay_dns_validate(struct session *,
struct relay *, struct sockaddr_storage *,
u_int8_t *, size_t);
@@ -372,10 +372,17 @@ struct relay_dnshdr {
} __packed;
void
-relay_dns_log(struct session *con, u_int8_t *buf)
+relay_dns_log(struct session *con, u_int8_t *buf, size_t len)
{
struct relay_dnshdr *hdr = (struct relay_dnshdr *)buf;
+ /* Validate the header length */
+ if (len < sizeof(*hdr)) {
+ log_debug("relay_dns_log: session %d: short dns packet",
+ con->se_id);
+ return;
+ }
+
log_debug("relay_dns_log: session %d: %s id 0x%x "
"flags 0x%x:0x%x qd %u an %u ns %u ar %u",
con->se_id,
@@ -457,7 +464,7 @@ relay_dns_request(struct session *con)
if (buf == NULL || priv == NULL || len < 1)
return (-1);
if (debug)
- relay_dns_log(con, buf);
+ relay_dns_log(con, buf, len);
if (gettimeofday(&con->se_tv_start, NULL))
return (-1);
@@ -512,7 +519,7 @@ relay_dns_result(struct session *con, u_int8_t *buf, size_t len)
fatalx("relay_dns_result: response to invalid session");
if (debug)
- relay_dns_log(con, buf);
+ relay_dns_log(con, buf, len);
/*
* Replace the random DNS request Id with the original Id