1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00

resolved: discard any reply packet that contains a bogus name

Only .in-addr.arpa and .local are considered local in mDNS, so discard the
packet if anything else is thrown at us.
This commit is contained in:
Daniel Mack 2015-12-10 16:08:43 +01:00
parent e4b0e86225
commit 40fa4728eb

View File

@ -86,7 +86,7 @@ static int on_mdns_packet(sd_event_source *s, int fd, uint32_t revents, void *us
}
if (dns_packet_validate_reply(p) > 0) {
unsigned i;
DnsResourceRecord *rr;
log_debug("Got mDNS reply packet");
@ -107,11 +107,15 @@ static int on_mdns_packet(sd_event_source *s, int fd, uint32_t revents, void *us
dns_scope_check_conflicts(scope, p);
for (i = 0; i < p->answer->n_rrs; i++) {
DnsResourceRecord *rr;
DNS_ANSWER_FOREACH(rr, p->answer) {
const char *name = DNS_RESOURCE_KEY_NAME(rr->key);
DnsTransaction *t;
rr = p->answer->items[i].rr;
/* If the received reply packet contains ANY record that is not .local or .in-addr.arpa,
* we assume someone's playing tricks on us and discard the packet completely. */
if (!(dns_name_endswith(name, "in-addr.arpa") > 0 ||
dns_name_endswith(name, "local") > 0))
return 0;
t = dns_scope_find_transaction(scope, rr->key, false);
if (t)