MINOR: dns: proper domain name validation when receiving DNS response
The analyse of CNAME resolution and request's domain name was performed
twice:
- when validating the response buffer
- when loading the right IP address from the response
Now DNS response are properly loaded into a DNS response structure, we
do the domain name validation when loading/validating the response in
the DNS strcucture and later processing of this task is now useless.
backport: no
diff --git a/src/dns.c b/src/dns.c
index 7d5ab00..fc9354e 100644
--- a/src/dns.c
+++ b/src/dns.c
@@ -129,6 +129,7 @@
* - check if the packet requires processing (not outdated resolution)
* - ensure the DNS packet received is valid and call requester's callback
* - call requester's error callback if invalid response
+ * - check the dn_name in the packet against the one sent
*/
void dns_resolve_recv(struct dgram_conn *dgram)
{
@@ -710,8 +711,7 @@
* If existing IP not found, return the first IP matching family_priority,
* otherwise, first ip found
* The following tasks are the responsibility of the caller:
- * - resp contains an error free DNS response
- * - the response matches the dn_name
+ * - <dns_p> contains an error free DNS response
* For both cases above, dns_validate_dns_response is required
* returns one of the DNS_UPD_* code
*/
@@ -723,10 +723,8 @@
{
struct dns_answer_item *record;
int family_priority;
- char *dn_name;
- int dn_name_len;
- int i, cnamelen, currentip_found;
- unsigned char *cname, *newip4, *newip6;
+ int i, currentip_found;
+ unsigned char *newip4, *newip6;
struct {
void *ip;
unsigned char type;
@@ -737,28 +735,12 @@
int score, max_score;
family_priority = resol->opts->family_prio;
- dn_name = resol->hostname_dn;
- dn_name_len = resol->hostname_dn_len;
- cname = *newip = newip4 = newip6 = NULL;
- cnamelen = currentip_found = 0;
+ *newip = newip4 = newip6 = NULL;
+ currentip_found = 0;
*newip_sin_family = AF_UNSPEC;
/* now parsing response records */
list_for_each_entry(record, &dns_response.answer_list, list) {
- if (cname) {
- if (memcmp(record->name, cname, cnamelen) != 0) {
- return DNS_UPD_NAME_ERROR;
- }
- }
- else if (memcmp(record->name, dn_name, dn_name_len) != 0) {
- return DNS_UPD_NAME_ERROR;
- }
-
- /*
- * we know the record is either for our server hostname
- * or a valid CNAME in a crecursion
- */
-
/* analyzing record content */
switch (record->type) {
case DNS_RTYPE_A:
@@ -770,10 +752,9 @@
}
break;
+ /* we're looking for IPs only. CNAME validation is done when
+ * parsing the response buffer for the first time */
case DNS_RTYPE_CNAME:
- cname = record->target;
- cnamelen = record->data_len;
-
break;
case DNS_RTYPE_AAAA:
@@ -857,11 +838,6 @@
}
}
- /* only CNAMEs in the response, no IP found */
- if (cname && !newip4 && !newip6) {
- return DNS_UPD_CNAME;
- }
-
/* no IP found in the response */
if (!newip4 && !newip6) {
return DNS_UPD_NO_IP_FOUND;