RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 16:57:34 +00:00
Code Issues Activity Actions

LookupServer: Verify that DNS response questions match the request

Browse source 
To protect against DNS spoof attacks, we now check that the questions
in incoming responses match the questions in the request we sent out.

Suggested by @zecke in #10.
This commit is contained in:
Andreas Kling 2020-01-26 13:06:00 +01:00
parent b4d55b16b6
commit 00be9b33b1
4 changed files with 26 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

14
Servers/LookupServer/LookupServer.cpp
View file

@ -216,10 +216,22 @@ Vector<String> LookupServer::lookup(const String& hostname, bool& did_timeout, u
dbgprintf("LookupServer: ID mismatch (%u vs %u) :(\n", response.id(), request.id());
return {};
}
if (response.question_count() != 1) {
if (response.question_count() != request.question_count()) {
dbgprintf("LookupServer: Question count (%u vs %u) :(\n", response.question_count(), request.question_count());
return {};
}
for (size_t i = 0; i < request.question_count(); ++i) {
auto& request_question = request.questions()[i];
auto& response_question = response.questions()[i];
if (request_question != response_question) {
dbg() << "Request and response questions do not match";
dbg() << " Request: {_" << request_question.name() << "_, " << request_question.record_type() << ", " << request_question.class_code() << "}";
dbg() << " Response: {_" << response_question.name() << "_, " << response_question.record_type() << ", " << response_question.class_code() << "}";
return {};
}
}
if (response.answer_count() < 1) {
dbgprintf("LookupServer: Not enough answers (%u) :(\n", response.answer_count());
return {};