diff options
author | Reyk Floeter <reyk@cvs.openbsd.org> | 2008-07-23 10:05:19 +0000 |
---|---|---|
committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2008-07-23 10:05:19 +0000 |
commit | ee0ae2c892be6505c09c8abf7f61ff42e150dcdf (patch) | |
tree | d6d108b506026651b3c0a28a563673150c591265 /usr.sbin | |
parent | 3399d5412860a22dcc21cf642612bf6b77b7d860 (diff) |
validate packet length in debug dns packet logging before printing the header.
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/relayd/relay_udp.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/usr.sbin/relayd/relay_udp.c b/usr.sbin/relayd/relay_udp.c index 15cdcc056e6..d6eeca6fbd5 100644 --- a/usr.sbin/relayd/relay_udp.c +++ b/usr.sbin/relayd/relay_udp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relay_udp.c,v 1.15 2008/07/09 17:24:14 reyk Exp $ */ +/* $OpenBSD: relay_udp.c,v 1.16 2008/07/23 10:05:18 reyk Exp $ */ /* * Copyright (c) 2007, 2008 Reyk Floeter <reyk@openbsd.org> @@ -61,7 +61,7 @@ int relay_udp_socket(struct sockaddr_storage *, in_port_t, void relay_udp_request(struct session *); void relay_udp_timeout(int, short, void *); -void relay_dns_log(struct session *, u_int8_t *); +void relay_dns_log(struct session *, u_int8_t *, size_t); void *relay_dns_validate(struct session *, struct relay *, struct sockaddr_storage *, u_int8_t *, size_t); @@ -372,10 +372,17 @@ struct relay_dnshdr { } __packed; void -relay_dns_log(struct session *con, u_int8_t *buf) +relay_dns_log(struct session *con, u_int8_t *buf, size_t len) { struct relay_dnshdr *hdr = (struct relay_dnshdr *)buf; + /* Validate the header length */ + if (len < sizeof(*hdr)) { + log_debug("relay_dns_log: session %d: short dns packet", + con->se_id); + return; + } + log_debug("relay_dns_log: session %d: %s id 0x%x " "flags 0x%x:0x%x qd %u an %u ns %u ar %u", con->se_id, @@ -457,7 +464,7 @@ relay_dns_request(struct session *con) if (buf == NULL || priv == NULL || len < 1) return (-1); if (debug) - relay_dns_log(con, buf); + relay_dns_log(con, buf, len); if (gettimeofday(&con->se_tv_start, NULL)) return (-1); @@ -512,7 +519,7 @@ relay_dns_result(struct session *con, u_int8_t *buf, size_t len) fatalx("relay_dns_result: response to invalid session"); if (debug) - relay_dns_log(con, buf); + relay_dns_log(con, buf, len); /* * Replace the random DNS request Id with the original Id |