1 From: Simon Kelley <simon@thekelleys.org.uk>
2 Date: Thu, 9 Apr 2015 21:48:00 +0100
3 Subject: [PATCH] Fix crash on receipt of certain malformed DNS requests.
8 @@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name,
9 size_t setup_reply(struct dns_header *header, size_t qlen,
10 struct all_addr *addrp, unsigned int flags, unsigned long ttl)
12 - unsigned char *p = skip_questions(header, qlen);
15 + if (!(p = skip_questions(header, qlen)))
18 /* clear authoritative and truncated flags, set QR flag */
19 header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
20 @@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
21 SET_RCODE(header, NOERROR); /* empty domain */
22 else if (flags == F_NXDOMAIN)
23 SET_RCODE(header, NXDOMAIN);
24 - else if (p && flags == F_IPV4)
25 + else if (flags == F_IPV4)
26 { /* we know the address */
27 SET_RCODE(header, NOERROR);
28 header->ancount = htons(1);
29 @@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
30 add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp);
33 - else if (p && flags == F_IPV6)
34 + else if (flags == F_IPV6)
36 SET_RCODE(header, NOERROR);
37 header->ancount = htons(1);