MINOR: dns: Update analysis of TRUNCATED response for SRV records
First implementation of the DNS parser used to consider TRUNCATED
responses as errors and triggered a failover to an other query type
(usually A to AAAA or vice-versa).
When we query for SRV records, a TRUNCATED response still contains valid
records we can exploit, so we shouldn't trigger a failover in such case.
Note that we had to move the maching against the flag later in the
response parsing (actually, until we can read the query type....)
diff --git a/src/dns.c b/src/dns.c
index 00f7b10..c3905f9 100644
--- a/src/dns.c
+++ b/src/dns.c
@@ -1037,6 +1037,7 @@
reader = resp;
len = 0;
previous_dname = NULL;
+ dns_query = NULL;
/* initialization of response buffer and structure */
dns_p = &resolution->response;
@@ -1061,9 +1062,6 @@
flags = reader[0] * 256 + reader[1];
- if (flags & DNS_FLAG_TRUNCATED)
- return DNS_RESP_TRUNCATED;
-
if ((flags & DNS_FLAG_REPLYCODE) != DNS_RCODE_NO_ERROR) {
if ((flags & DNS_FLAG_REPLYCODE) == DNS_RCODE_NX_DOMAIN)
return DNS_RESP_NX_DOMAIN;
@@ -1148,6 +1146,12 @@
reader += 2;
}
+ /* TRUNCATED flag must be checked after we could read the query type
+ * because a TRUNCATED SRV query type response can still be exploited
+ */
+ if (dns_query->type != DNS_RTYPE_SRV && flags & DNS_FLAG_TRUNCATED)
+ return DNS_RESP_TRUNCATED;
+
/* now parsing response records */
nb_saved_records = 0;
for (i = 0; i < dns_p->header.ancount; i++) {