Skip to content

Fix various issues when validating DNS response packets #27774

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nashif merged 6 commits into from
Aug 27, 2020
Merged

Fix various issues when validating DNS response packets #27774

nashif merged 6 commits into from
Aug 27, 2020

Conversation

@jukkar
Copy link
Member

@jukkar jukkar commented Aug 25, 2020
edited
Loading

There is also a commit that tries to verify that we catch all the fixed issues.

@jukkar jukkar requested review from ceolin and d3zd3z August 25, 2020 13:45
@github-actions github-actions bot added the area: Tests Issues related to a particular existing or missing test label Aug 25, 2020
ceolin
ceolin reviewed Aug 25, 2020
View reviewed changes
jukkar added 6 commits August 26, 2020 09:12
@jukkar
net: dns: Check that we do not access data past msg size
9f93107 
This is not possible with valid DNS messages but is possible if
we receive malformed DNS packet.

Signed-off-by: Jukka Rissanen <[email protected]>
@jukkar
net: dns: Verify that response is not too short
c4a6cbc 
Make sure that IP address information is found in the received
message.

Signed-off-by: Jukka Rissanen <[email protected]>
@jukkar
net: dns: Fix next answer position when parsing packet
98abd03 
As the answer might not be compressed, calculate next answer
position correctly.

Signed-off-by: Jukka Rissanen <[email protected]>
@jukkar
net: dns: Parse individual labels in CNAME properly
a241f30 
The ANCOUNT has nothing to do with label count so remove the
original while loop and just go through all the labels until
we have read all of them.

Signed-off-by: Jukka Rissanen <[email protected]>
@jukkar
net: dns: Verify that DNS id and flags can be read
12ff77b 
The DNS message must be long enough for id and flags fields.

Signed-off-by: Jukka Rissanen <[email protected]>
@jukkar
tests: net: dns: Add tests for catching malformed packets
a2a4436 
Add more tests to verify that we discard malformed packets.
In order to simplify the testing, separate message validation to
dns_validate_msg() function in resolve.c. Allow that function to
be called from unit test. This way we can construct invalid DNS
messages in unit test and verify that they are discarded when
needed.

Signed-off-by: Jukka Rissanen <[email protected]>
@jukkar jukkar force-pushed the dns-validate-response branch from 440e717 to a2a4436 Compare August 26, 2020 06:12
@jukkar jukkar added this to the v2.4.0 milestone Aug 26, 2020
@nashif nashif merged commit 6493af2 into zephyrproject-rtos:master Aug 27, 2020
This was referenced Sep 29, 2020
Closed
Closed
Closed
@ceolin ceolin mentioned this pull request Dec 7, 2020
Merged
@jukkar jukkar deleted the dns-validate-response branch February 29, 2024 08:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@d3zd3z d3zd3z d3zd3z approved these changes

@ceolin ceolin ceolin approved these changes

@tbursztyka tbursztyka tbursztyka approved these changes

@pfalcon pfalcon Awaiting requested review from pfalcon

Assignees

No one assigned

Labels

area: Networking area: Tests Issues related to a particular existing or missing test

Projects

None yet

Milestone

v2.4.0

Development

Successfully merging this pull request may close these issues.

5 participants

@jukkar @d3zd3z @ceolin @tbursztyka @nashif