auth: Handle out_of_range exception when parsing serial

Unsure if we can actually get a bad serial here, but we are checking
the number of parts so it looks like it might happen.

diff --git a/pdns/resolver.cc b/pdns/resolver.cc
index df47980044f164772f670a3a53a6bedc2a3f3960..b9a62f6d65be133333090a5a1309f8b98f6eea6e 100644 (file)
--- a/pdns/resolver.cc
+++ b/pdns/resolver.cc
@@ -353,8 +353,13 @@ void Resolver::getSoaSerial(const string &ipport, const DNSName &domain, uint32_
   stringtok(parts, res[0].content);
   if(parts.size()<3)
     throw ResolverException("Query to '" + ipport + "' for SOA of '" + domain.toString() + "' produced an unparseable response");
-  
-  *serial=pdns_stou(parts[2]);
+
+  try {
+    *serial=pdns_stou(parts[2]);
+  }
+  catch(const std::out_of_range& oor) {
+    throw ResolverException("Query to '" + ipport + "' for SOA of '" + domain.toString() + "' produced an unparseable serial");
+  }
 }
 
 AXFRRetriever::AXFRRetriever(const ComboAddress& remote,

diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc
index eb9913fd84b94ebbdfd18327a315c1b200477026..c18c1f75a9581d67983f4a41dd542cbc9581115f 100644 (file)
--- a/pdns/tcpreceiver.cc
+++ b/pdns/tcpreceiver.cc
@@ -1041,7 +1041,15 @@ int TCPNameserver::doIXFR(shared_ptr<DNSPacket> q, int outsock)
       vector<string>parts;
       stringtok(parts, rr->d_content->getZoneRepresentation());
       if (parts.size() >= 3) {
-        serial=pdns_stou(parts[2]);
+        try {
+          serial=pdns_stou(parts[2]);
+        }
+        catch(const std::out_of_range& oor) {
+          L<<Logger::Error<<"Invalid serial in IXFR query"<<endl;
+          outpacket->setRcode(RCode::FormErr);
+          sendPacket(outpacket,outsock);
+          return 0;
+        }
       } else {
         L<<Logger::Error<<"No serial in IXFR query"<<endl;
         outpacket->setRcode(RCode::FormErr);