shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-07 17:17:44 +03:00
Code

resolved: don't follow CNAMEs originating from DNS on LLMNR

Browse Source 
Fixes: #2514
This commit is contained in:
Lennart Poettering 2016-02-04 00:14:25 +01:00
parent 089b64d5f8
commit 8e5de09f44
1 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/resolve/resolved-dns-query.c
View File

@ -967,6 +967,17 @@ static int dns_query_cname_redirect(DnsQuery *q, const DnsResourceRecord *cname)
if (r == 0 && k == 0) /* No actual cname happened? */
return -ELOOP;
if (q->answer_protocol == DNS_PROTOCOL_DNS) {
/* Don't permit CNAME redirects from unicast DNS to LLMNR or MulticastDNS, so that global resources
* cannot invade the local namespace. The opposite way we permit: local names may redirect to global
* ones. */
q->flags &= ~(SD_RESOLVED_LLMNR|SD_RESOLVED_MDNS); /* mask away the local protocols */
}
/* Turn off searching for the new name */
q->flags |= SD_RESOLVED_NO_SEARCH;
dns_question_unref(q->question_idna);
q->question_idna = nq_idna;
nq_idna = NULL;
@ -977,10 +988,8 @@ static int dns_query_cname_redirect(DnsQuery *q, const DnsResourceRecord *cname)
dns_query_free_candidates(q);
dns_query_reset_answer(q);
q->state = DNS_TRANSACTION_NULL;
/* Turn off searching for the new name */
q->flags |= SD_RESOLVED_NO_SEARCH;
q->state = DNS_TRANSACTION_NULL;
return 0;
}