From adf13442027c74a889b354b2bb4372d27ff9ca30 Mon Sep 17 00:00:00 2001 From: Bert Hubert Date: Sat, 11 Sep 2010 10:13:25 +0000 Subject: [PATCH] make sure we are more query class safe, so auth now only replies to version.bind in the CHaos class. Guide to getting your PowerDNS bugs fixed: tweet about them! http://twitter.com/miekg/status/23990461681 Spotted by Miek Gieben & Marco Davids git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1709 d19b8d6e-7fed-0310-83ef-9ca221ded41b --- pdns/dnspacket.cc | 8 +++++--- pdns/packetcache.cc | 3 +++ pdns/packethandler.cc | 10 ++++++---- pdns/qtype.hh | 5 ++++- 4 files changed, 18 insertions(+), 8 deletions(-) diff --git a/pdns/dnspacket.cc b/pdns/dnspacket.cc index 10585c0c5..7d7fc5c7a 100644 --- a/pdns/dnspacket.cc +++ b/pdns/dnspacket.cc @@ -290,7 +290,7 @@ void DNSPacket::setCompress(bool compress) bool DNSPacket::couldBeCached() { - return d_ednsping.empty() && !d_wantsnsid; + return d_ednsping.empty() && !d_wantsnsid && qclass==QClass::IN; } /** Must be called before attempting to access getData(). This function stuffs all resource @@ -325,7 +325,7 @@ void DNSPacket::wrapup(void) d_wrapped=true; vector packet; - DNSPacketWriter pw(packet, qdomain, qtype.getCode(), 1); + DNSPacketWriter pw(packet, qdomain, qtype.getCode(), qclass); pw.getHeader()->rcode=d.rcode; pw.getHeader()->aa=d.aa; @@ -376,7 +376,8 @@ void DNSPacket::wrapup(void) if(pos->auth) toSign.push_back(drc); } - pw.startRecord(pos->qname, pos->qtype.getCode(), pos->ttl, 1, (DNSPacketWriter::Place)pos->d_place); + + pw.startRecord(pos->qname, pos->qtype.getCode(), pos->ttl, pos->qclass, (DNSPacketWriter::Place)pos->d_place); drc->toPacket(pw); @@ -463,6 +464,7 @@ DNSPacket *DNSPacket::replyPacket() const r->d_tcp = d_tcp; r->qdomain = qdomain; r->qtype = qtype; + r->qclass = qclass; r->d_maxreplylen = d_maxreplylen; r->d_ednsping = d_ednsping; r->d_wantsnsid = d_wantsnsid; diff --git a/pdns/packetcache.cc b/pdns/packetcache.cc index 026c64136..e57a3d903 100644 --- a/pdns/packetcache.cc +++ b/pdns/packetcache.cc @@ -119,6 +119,9 @@ void PacketCache::insert(DNSPacket *q, DNSPacket *r) return; // do not try to cache packets with multiple questions } + if(q->qclass != QClass::IN) // we only cache the INternet + return; + bool packetMeritsRecursion=d_doRecursion && q->d.rd; insert(q->qdomain, q->qtype, PacketCache::PACKETCACHE, r->getString(), packetMeritsRecursion ? d_recursivettl : d_ttl, -1, packetMeritsRecursion); diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc index 81f6fca9a..e8cb29d5c 100644 --- a/pdns/packethandler.cc +++ b/pdns/packethandler.cc @@ -266,7 +266,8 @@ int PacketHandler::doVersionRequest(DNSPacket *p, DNSPacket *r, string &target) // modes: anonymous, powerdns only, full, spoofed const string mode=::arg()["version-string"]; - if(p->qtype.getCode()==QType::TXT && target=="version.bind") {// TXT + + if(p->qclass == QClass::CHAOS && p->qtype.getCode()==QType::TXT && target=="version.bind") {// TXT if(mode.empty() || mode=="full") rr.content="Served by POWERDNS "VERSION" $Id$"; else if(mode=="anonymous") { @@ -280,7 +281,8 @@ int PacketHandler::doVersionRequest(DNSPacket *p, DNSPacket *r, string &target) rr.ttl=5; rr.qname=target; - rr.qtype=QType::TXT; // TXT + rr.qtype=QType::TXT; + rr.qclass=QClass::CHAOS; r->addRecord(rr); return 1; @@ -1152,7 +1154,7 @@ DNSPacket *PacketHandler::questionOrRecurse(DNSPacket *p, bool *shouldRecurse) if(p->qclass==255) // any class query r->setA(false); - else if(p->qclass!=1) // we only know about IN, so we don't find anything + else if(p->qclass != QClass::IN) // we only know about IN, so we don't find anything goto sendit; retargeted:; @@ -1215,7 +1217,7 @@ DNSPacket *PacketHandler::questionOrRecurse(DNSPacket *p, bool *shouldRecurse) rrset.push_back(rr); } - cerr<<"After first ANY query: weDone="<