From: Niels Provos Date: Mon, 28 May 2007 21:20:57 +0000 (+0000) Subject: fail quicker on bad replies; from tor cvs via Nick Mathewson X-Git-Tag: release-2.0.1-alpha~620 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5d3b6a83870d68c0ec4ed4fc60a6710d8ad938df;p=libevent fail quicker on bad replies; from tor cvs via Nick Mathewson svn:r361 --- diff --git a/evdns.c b/evdns.c index e68ab845..63dd1265 100644 --- a/evdns.c +++ b/evdns.c @@ -808,10 +808,11 @@ reply_parse(u8 *packet, int length) { u32 _t32; // used by the macros char tmp_name[256]; // used by the macros - u16 trans_id, flags, questions, answers, authority, additional, datalength; + u16 trans_id, questions, answers, authority, additional, datalength; + u16 flags = 0; u32 ttl, ttl_r = 0xffffffff; struct reply reply; - struct request *req; + struct request *req = NULL; unsigned int i; GET16(trans_id); @@ -825,15 +826,14 @@ reply_parse(u8 *packet, int length) { req = request_find_from_trans_id(trans_id); if (!req) return -1; - // XXXX should the other return points also call reply_handle? -NM memset(&reply, 0, sizeof(reply)); + // If it's not an answer, it doesn't correspond to any request. if (!(flags & 0x8000)) return -1; // must be an answer if (flags & 0x020f) { // there was an error - reply_handle(req, flags, 0, NULL); - return -1; + goto err; } // if (!answers) return; // must have an answer of some form @@ -852,7 +852,7 @@ reply_parse(u8 *packet, int length) { // SKIP_NAME; j += 4; - if (j >= length) return -1; + if (j >= length) goto err; } // now we have the answer section which looks like @@ -873,13 +873,13 @@ reply_parse(u8 *packet, int length) { j += datalength; continue; } if ((datalength & 3) != 0) /* not an even number of As. */ - return -1; + goto err; addrcount = datalength >> 2; addrtocopy = MIN(MAX_ADDRS - reply.data.a.addrcount, (unsigned)addrcount); ttl_r = MIN(ttl_r, ttl); // we only bother with the first four addresses. - if (j + 4*addrtocopy > length) return -1; + if (j + 4*addrtocopy > length) goto err; memcpy(&reply.data.a.addresses[reply.data.a.addrcount], packet + j, 4*addrtocopy); j += 4*addrtocopy; @@ -892,7 +892,7 @@ reply_parse(u8 *packet, int length) { } if (name_parse(packet, length, &j, reply.data.ptr.name, sizeof(reply.data.ptr.name))<0) - return -1; + goto err; ttl_r = MIN(ttl_r, ttl); reply.have_answer = 1; break; @@ -902,13 +902,13 @@ reply_parse(u8 *packet, int length) { j += datalength; continue; } if ((datalength & 15) != 0) /* not an even number of AAAAs. */ - return -1; + goto err; addrcount = datalength >> 4; // each address is 16 bytes long addrtocopy = MIN(MAX_ADDRS - reply.data.aaaa.addrcount, (unsigned)addrcount); ttl_r = MIN(ttl_r, ttl); // we only bother with the first four addresses. - if (j + 16*addrtocopy > length) return -1; + if (j + 16*addrtocopy > length) goto err; memcpy(&reply.data.aaaa.addresses[reply.data.aaaa.addrcount], packet + j, 16*addrtocopy); reply.data.aaaa.addrcount += addrtocopy; @@ -924,6 +924,8 @@ reply_parse(u8 *packet, int length) { reply_handle(req, flags, ttl_r, &reply); return 0; err: + if (req) + reply_handle(req, flags, 0, NULL); return -1; }