From 95dd3b905f7e3eafdc16d8ff82bbf4b87f54fd2b Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Thu, 4 Aug 2016 19:01:22 +0200 Subject: [PATCH] auth: Handle out_of_range exception when parsing serial Unsure if we can actually get a bad serial here, but we are checking the number of parts so it looks like it might happen. --- pdns/resolver.cc | 9 +++++++-- pdns/tcpreceiver.cc | 10 +++++++++- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/pdns/resolver.cc b/pdns/resolver.cc index df4798004..b9a62f6d6 100644 --- a/pdns/resolver.cc +++ b/pdns/resolver.cc @@ -353,8 +353,13 @@ void Resolver::getSoaSerial(const string &ipport, const DNSName &domain, uint32_ stringtok(parts, res[0].content); if(parts.size()<3) throw ResolverException("Query to '" + ipport + "' for SOA of '" + domain.toString() + "' produced an unparseable response"); - - *serial=pdns_stou(parts[2]); + + try { + *serial=pdns_stou(parts[2]); + } + catch(const std::out_of_range& oor) { + throw ResolverException("Query to '" + ipport + "' for SOA of '" + domain.toString() + "' produced an unparseable serial"); + } } AXFRRetriever::AXFRRetriever(const ComboAddress& remote, diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc index eb9913fd8..c18c1f75a 100644 --- a/pdns/tcpreceiver.cc +++ b/pdns/tcpreceiver.cc @@ -1041,7 +1041,15 @@ int TCPNameserver::doIXFR(shared_ptr q, int outsock) vectorparts; stringtok(parts, rr->d_content->getZoneRepresentation()); if (parts.size() >= 3) { - serial=pdns_stou(parts[2]); + try { + serial=pdns_stou(parts[2]); + } + catch(const std::out_of_range& oor) { + L<setRcode(RCode::FormErr); + sendPacket(outpacket,outsock); + return 0; + } } else { L<setRcode(RCode::FormErr); -- 2.40.0