Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix some bugs in the way DNS compression is handled in dns.c #10

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Fix some bugs in the way DNS compression is handled in dns.c #10

wants to merge 2 commits into from

Conversation

pictyeye
Copy link

As described in issue #7 DNS decompression does not always work as expected.

This can lead to hangs (that we found with AFL). Some of them were due to a problem with operator precedence, but other were due to the fact the code carelessly follows compression pointers.

With the attached patches, we did not find hangs with AFL anymore.

Yet, the code is still not fully compliant, since it is possible to follow a pointer that does not correspond to a previously encountered label.

@pictyeye
Fix a precedence bug in dns.c
e385971 
The bug was first reported by @nigeltao on GitHub.

We hit the same bug while testing nail in our platform
(https://gitlab.com/pictyeye/langsec-pf).
The fix was proposed by Sebastien Naud, intern at Télécom SudParis.
@pictyeye
Fix another bug in dns.c.
2b4f48b 
DNS pointers used in compression should always point backwards.
Actually, they should really point at labels, but patching dns.c to do
that would require an internal state that is way more intrusive.

The fix was proposed by Sébastien Naud.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pictyeye