MEDIUM: dns: handling of truncated response
First dns client implementation simply ignored most of DNS response
flags.
This patch changes the way the flags are parsed, using bit masks and
also take care of truncated responses.
Such response are reported to the above layer which can handle it
properly.
diff --git a/src/dns.c b/src/dns.c
index d195217..ec3c9d1 100644
--- a/src/dns.c
+++ b/src/dns.c
@@ -334,7 +334,7 @@
int dns_validate_dns_response(unsigned char *resp, unsigned char *bufend, char *dn_name, int dn_name_len)
{
unsigned char *reader, *cname, *ptr;
- int i, len, type, ancount, cnamelen;
+ int i, len, flags, type, ancount, cnamelen;
reader = resp;
cname = NULL;
@@ -347,29 +347,33 @@
return DNS_RESP_INVALID;
/*
- * analyzing flags
- * 1st byte can be ignored for now
- * rcode is at the beginning of the second byte
+ * flags are stored over 2 bytes
+ * First byte contains:
+ * - response flag (1 bit)
+ * - opcode (4 bits)
+ * - authoritative (1 bit)
+ * - truncated (1 bit)
+ * - recursion desired (1 bit)
*/
- reader += 1;
- if (reader >= bufend)
+ if (reader + 2 >= bufend)
return DNS_RESP_INVALID;
- /*
- * rcode is 4 latest bits
- * ignore response if it contains an error
- */
- if ((*reader & 0x0f) != DNS_RCODE_NO_ERROR) {
- if ((*reader & 0x0f) == DNS_RCODE_NX_DOMAIN)
+ flags = reader[0] * 256 + reader[1];
+
+ if (flags & DNS_FLAG_TRUNCATED)
+ return DNS_RESP_TRUNCATED;
+
+ if ((flags & DNS_FLAG_REPLYCODE) != DNS_RCODE_NO_ERROR) {
+ if ((flags & DNS_FLAG_REPLYCODE) == DNS_RCODE_NX_DOMAIN)
return DNS_RESP_NX_DOMAIN;
- else if ((*reader & 0x0f) == DNS_RCODE_REFUSED)
+ else if ((flags & DNS_FLAG_REPLYCODE) == DNS_RCODE_REFUSED)
return DNS_RESP_REFUSED;
return DNS_RESP_ERROR;
}
- /* move forward 1 byte for rcode */
- reader += 1;
+ /* move forward 2 bytes for flags */
+ reader += 2;
if (reader >= bufend)
return DNS_RESP_INVALID;