Fix NSEC3/NSEC parsing. Looks much saner now
This commit is contained in:
parent
50a62b9c68
commit
96d79c6816
37
msg.go
37
msg.go
|
@ -632,28 +632,40 @@ func unpackStructValue(val reflect.Value, msg []byte, off int) (off1 int, ok boo
|
||||||
case "NSEC": // NSEC/NSEC3
|
case "NSEC": // NSEC/NSEC3
|
||||||
// Rest of the Record is the type bitmap
|
// Rest of the Record is the type bitmap
|
||||||
rdlength := int(val.FieldByName("Hdr").FieldByName("Rdlength").Uint())
|
rdlength := int(val.FieldByName("Hdr").FieldByName("Rdlength").Uint())
|
||||||
if off+1 > lenmsg {
|
var endrr int
|
||||||
println("dns: overflow unpacking NSEC")
|
// for NSEC and NSEC3 calculate back what end of the RR must be
|
||||||
|
switch val.Type().Name() {
|
||||||
|
case "RR_NSEC":
|
||||||
|
endrr = off + (rdlength - (len(val.FieldByName("NextDomain").String()) + 1))
|
||||||
|
case "RR_NSEC3":
|
||||||
|
// NextDomain is always 20 for NextDomain
|
||||||
|
endrr = off + (rdlength - (20 + 6 + len(val.FieldByName("Salt").String())/2))
|
||||||
|
}
|
||||||
|
|
||||||
|
if off+2 > lenmsg {
|
||||||
|
println("dns: overflow unpacking NSEC 22")
|
||||||
return lenmsg, false
|
return lenmsg, false
|
||||||
}
|
}
|
||||||
nsec := make([]uint16, 0)
|
nsec := make([]uint16, 0)
|
||||||
length := 0
|
length := 0
|
||||||
window := 0
|
window := 0
|
||||||
seen := 2
|
for off+2 < endrr {
|
||||||
for seen < rdlength {
|
|
||||||
window = int(msg[off])
|
window = int(msg[off])
|
||||||
//println("off", off, "lenmsg", lenmsg)
|
|
||||||
length = int(msg[off+1])
|
length = int(msg[off+1])
|
||||||
|
//println("off, windows, length, end", off, window, length, endrr)
|
||||||
if length == 0 {
|
if length == 0 {
|
||||||
// Last one
|
// A length window of zero is strange. If there
|
||||||
break
|
// the window should not have been specified. Bail out
|
||||||
|
println("dns: length == 0 when unpacking NSEC")
|
||||||
|
return lenmsg, false
|
||||||
}
|
}
|
||||||
if length > 32 {
|
if length > 32 {
|
||||||
//println("dns: overflow unpacking NSEC")
|
println("dns: length > 32 when unpacking NSEC")
|
||||||
// Funny, this happens, but isn't an error. TODO(mg)
|
return lenmsg, false
|
||||||
break
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Walk the bytes in the window - and check the bit
|
||||||
|
// setting..
|
||||||
off += 2
|
off += 2
|
||||||
for j := 0; j < length; j++ {
|
for j := 0; j < length; j++ {
|
||||||
b := msg[off+j]
|
b := msg[off+j]
|
||||||
|
@ -684,11 +696,6 @@ func unpackStructValue(val reflect.Value, msg []byte, off int) (off1 int, ok boo
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
off += length
|
off += length
|
||||||
seen += length + 2
|
|
||||||
if off+1 > lenmsg {
|
|
||||||
println("dns: overflow unpacking NSEC")
|
|
||||||
return lenmsg, false
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
fv.Set(reflect.ValueOf(nsec))
|
fv.Set(reflect.ValueOf(nsec))
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue