Fix some bugs in the way DNS compression is handled in dns.c#10
Open
pictyeye wants to merge 2 commits intojbangert:masterfrom
Open
Fix some bugs in the way DNS compression is handled in dns.c#10pictyeye wants to merge 2 commits intojbangert:masterfrom
pictyeye wants to merge 2 commits intojbangert:masterfrom
Conversation
The bug was first reported by @nigeltao on GitHub. We hit the same bug while testing nail in our platform (https://gitlab.com/pictyeye/langsec-pf). The fix was proposed by Sebastien Naud, intern at Télécom SudParis.
DNS pointers used in compression should always point backwards. Actually, they should really point at labels, but patching dns.c to do that would require an internal state that is way more intrusive. The fix was proposed by Sébastien Naud.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
As described in issue #7 DNS decompression does not always work as expected.
This can lead to hangs (that we found with AFL). Some of them were due to a problem with operator precedence, but other were due to the fact the code carelessly follows compression pointers.
With the attached patches, we did not find hangs with AFL anymore.
Yet, the code is still not fully compliant, since it is possible to follow a pointer that does not correspond to a previously encountered label.