------------------------------------------------------------ revno: 9853 revision-id: squid3@treenet.co.nz-20100116031924-i1qtjbe9smed75b6 parent: squid3@treenet.co.nz-20100116030854-7e6ptnwwhnbydqi3 committer: Amos Jeffries branch nick: SQUID_3_1 timestamp: Sat 2010-01-16 16:19:24 +1300 message: Handle DNS header-only packets as invalid. ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20100116031924-i1qtjbe9smed75b6 # target_branch: http://www.squid-cache.org/bzr/squid3/trunk/ # testament_sha1: 04f06b7b5b6ad70e8be88957f01d0901b1d9f018 # timestamp: 2010-01-16 03:51:42 +0000 # source_branch: http://www.squid-cache.org/bzr/squid3/branches\ # /SQUID_3_1 # base_revision_id: squid3@treenet.co.nz-20100116030854-\ # 7e6ptnwwhnbydqi3 # # Begin patch === modified file 'lib/rfc1035.c' --- lib/rfc1035.c 2009-04-10 06:29:22 +0000 +++ lib/rfc1035.c 2010-01-16 03:19:24 +0000 @@ -287,7 +287,10 @@ size_t len; assert(ns > 0); do { - assert((*off) < sz); + if ((*off) >= sz) { + RFC1035_UNPACK_DEBUG; + return 1; + } c = *(buf + (*off)); if (c > 191) { /* blasted compression */ === modified file 'lib/tests/testRFC1035.cc' --- lib/tests/testRFC1035.cc 2009-06-05 23:28:19 +0000 +++ lib/tests/testRFC1035.cc 2010-01-16 03:19:24 +0000 @@ -110,3 +110,28 @@ CPPUNIT_ASSERT(msg != NULL); rfc1035MessageDestroy(&msg); } + +void testRFC1035::testBugPacketHeadersOnly() +{ + /* Setup a buffer with the known-to-fail headers-only packet */ + const char *buf = "\xab\xcd\x81\x80\x00\x01\x00\x05\x00\x04\x00\x04"; + size_t len = 12; + rfc1035_message *msg = NULL; + int res = 0; + unsigned int off = 0; + + /* Test the HeaderUnpack function results */ + msg = new rfc1035_message; + res = rfc1035HeaderUnpack(buf, len, &off, msg); + CPPUNIT_ASSERT(0 == res); + /* cleanup */ + delete msg; + msg = NULL; + + /* Test the MessageUnpack function itself */ + res = rfc1035MessageUnpack(buf, len, &msg); + + CPPUNIT_ASSERT_EQUAL((const char *)"The DNS reply message is corrupt or could not be safely parsed.", rfc1035_error_message); + CPPUNIT_ASSERT(res < 0); + CPPUNIT_ASSERT(msg == NULL); +} === modified file 'lib/tests/testRFC1035.h' --- lib/tests/testRFC1035.h 2007-12-15 06:11:41 +0000 +++ lib/tests/testRFC1035.h 2010-01-16 03:19:24 +0000 @@ -13,6 +13,7 @@ CPPUNIT_TEST( testHeaderUnpack ); CPPUNIT_TEST( testParseAPacket ); + CPPUNIT_TEST( testBugPacketHeadersOnly ); CPPUNIT_TEST( testBugPacketEndingOnCompressionPtr ); CPPUNIT_TEST_SUITE_END(); @@ -24,6 +25,7 @@ // bugs. void testBugPacketEndingOnCompressionPtr(); + void testBugPacketHeadersOnly(); }; #endif /* SQUID_SRC_TEST_IPADDRESS_H */