diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2025-02-16 17:19:43 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-02-16 17:19:43 +0100 |
| commit | 86af01c74dd10e95c75b7cba988109f01b247606 (patch) | |
| tree | 643cb2e24d2f533821a430762c668ac72df495c2 /src | |
| parent | ccb15db9b36f86639a4932d000e201a2dc445abc (diff) | |
DNS: fix message parsing (#2732)
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/protocols/dns.c | 27 |
1 files changed, 13 insertions, 14 deletions
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 7199d51f6..ec513287c 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -254,14 +254,17 @@ static u_int8_t ndpi_grab_dns_name(struct ndpi_packet_struct *packet, while((j < max_len) && ((*off) < packet->payload_packet_len) && (packet->payload[(*off)] != '\0')) { - u_int8_t c, cl = packet->payload[(*off)++]; + u_int8_t c, cl = packet->payload[*off]; if(((cl & 0xc0) != 0) || // we not support compressed names in query - ((*off) + cl >= packet->payload_packet_len)) { + (((*off)+1) + cl >= packet->payload_packet_len)) { + /* Don't update the offset */ j = 0; break; } + (*off)++; + if(j && (j < max_len)) _hostname[j++] = '.'; while((j < max_len) && (cl != 0)) { @@ -312,10 +315,6 @@ static int process_queries(struct ndpi_detection_module_struct *ndpi_struct, for(num = 0; num < dns_header->num_queries; num++) { u_int16_t data_len; - if((x+6) >= packet->payload_packet_len) { - return -1; - } - if((data_len = getNameLength(x, packet->payload, packet->payload_packet_len)) == 0) { return -1; @@ -365,10 +364,6 @@ static int process_answers(struct ndpi_detection_module_struct *ndpi_struct, for(num = 0; num < dns_header->num_answers; num++) { u_int16_t data_len; - if((x+6) >= packet->payload_packet_len) { - return -1; - } - if((data_len = getNameLength(x, packet->payload, packet->payload_packet_len)) == 0) { return -1; @@ -386,7 +381,7 @@ static int process_answers(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_risk(ndpi_struct, flow, NDPI_MINOR_ISSUES, "DNS Record with zero TTL"); #ifdef DNS_DEBUG - printf("[DNS] TTL = %u\n", rsp_ttl); + printf("[DNS] Date len %u; TTL = %u\n", data_len, rsp_ttl); printf("[DNS] [response] response_type=%d\n", rsp_type); #endif @@ -414,12 +409,16 @@ static int process_answers(struct ndpi_detection_module_struct *ndpi_struct, if((x + ptr_len) <= packet->payload_packet_len) { if(found == 0) { - u_int len; + u_int len, orig_x; + orig_x = x; ndpi_grab_dns_name(packet, &x, flow->protos.dns.ptr_domain_name, sizeof(flow->protos.dns.ptr_domain_name), &len, ignore_checks); + /* ndpi_grab_dns_name doesn't update the offset if it failed. + We unconditionally update it at the end of the for loop */ + x = orig_x; found = 1; } } @@ -816,9 +815,9 @@ static void search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct flow->protos.dns.transaction_id = dns_header.tr_id; - process_queries(ndpi_struct, flow, &dns_header, off); + rc = process_queries(ndpi_struct, flow, &dns_header, off); #ifdef DNS_DEBUG - if(rc == -1) { + if(rc == -1) printf("[DNS] Error queries (query msg)\n"); #endif } else { |