summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
authorReyk Floeter <reyk@cvs.openbsd.org>2008-03-03 16:43:43 +0000
committerReyk Floeter <reyk@cvs.openbsd.org>2008-03-03 16:43:43 +0000
commit56df9ec0151b584c011b50ec07a21f9c28512858 (patch)
treeb10a6ceaef38e684634981eb57cd53317766059a /usr.sbin
parenta59bc0baba4e5df8fd73023a8b8459cf2932e1a7 (diff)
The fix removes the replacement of se_key from relay_dns_request. se_key
is assigned a random value for and id in relay_udp_server before where the SPLAY_INSERT is performed, se_outkey is set to the return id rather than the rl_dskkey. The relay_dns_request which occurs after the SPLAY_INSERT no longer updates se_outkey, or se_key. The request is sent using the random value already placed into the se_key when the session is created. From Nigel Taylor ok pyr@ deraadt@
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/relayd/relay_udp.c14
1 files changed, 6 insertions, 8 deletions
diff --git a/usr.sbin/relayd/relay_udp.c b/usr.sbin/relayd/relay_udp.c
index 5936c3b861d..a9f22f017de 100644
--- a/usr.sbin/relayd/relay_udp.c
+++ b/usr.sbin/relayd/relay_udp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: relay_udp.c,v 1.9 2008/02/13 11:32:59 reyk Exp $ */
+/* $OpenBSD: relay_udp.c,v 1.10 2008/03/03 16:43:42 reyk Exp $ */
/*
* Copyright (c) 2007, 2008 Reyk Floeter <reyk@openbsd.org>
@@ -194,7 +194,10 @@ relay_udp_server(int fd, short sig, void *arg)
calloc(1, sizeof(struct session))) == NULL)
return;
- con->se_key = key;
+ /*
+ * Replace the DNS request Id with a random Id.
+ */
+ con->se_key = arc4random() & 0xffff;
con->se_in.s = -1;
con->se_out.s = -1;
con->se_in.dst = &con->se_out;
@@ -203,7 +206,7 @@ relay_udp_server(int fd, short sig, void *arg)
con->se_out.con = con;
con->se_relay = rlay;
con->se_id = ++relay_conid;
- con->se_outkey = rlay->rl_dstkey;
+ con->se_outkey = key;
con->se_in.tree = &proto->request_tree;
con->se_out.tree = &proto->response_tree;
con->se_in.dir = RELAY_DIR_REQUEST;
@@ -400,12 +403,7 @@ relay_dns_request(struct session *con)
return (-1);
slen = con->se_out.ss.ss_len;
- /*
- * Replace the DNS request Id with a random Id.
- */
hdr = (struct relay_dnshdr *)buf;
- con->se_outkey = con->se_key;
- con->se_key = arc4random() & 0xffff;
hdr->dns_id = htons(con->se_key);
retry: