Mirrors_Framework/nuttx
1
0
Fork 0
mirror of https://github.com/apache/nuttx.git synced 2026-05-21 21:34:07 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

libs/libc/netdb/lib_dnsquery.c: harden against DNS spoofing. This commit implements most of the RFC 5452 guidelines for making DNS more resilient. We now verify response matches against what was queried and use unpredictable query IDs. It is also checked that response come from correct DNS server. Also fixes a buffer overflow when querying hostnames longer than CONFIG_NETDB_DNSCLIENT_NAMESIZE.

Browse Source
This commit is contained in:
uha Niskanen
2018-11-16 06:56:45 -06:00
committed by Gregory Nutt
parent be1567d924
commit 23aa2839c3
2 changed files with 253 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files
include/nuttx/net/dns.h
+17 -6
View File
@@ -2,7 +2,8 @@
* include/nuttx/net/dns.h
* DNS resolver code header file.
*
* Copyright (C) 2007-2009, 2011-2012, 2014-2015 Gregory Nutt. All rights reserved.
* Copyright (C) 2007-2009, 2011-2012, 2014-2015, 2018 Gregory Nutt. All
* rights reserved.
* Author: Gregory Nutt <gnutt@nuttx.org>
*
* Inspired by/based on uIP logic by Adam Dunkels:
@@ -53,13 +54,14 @@
/****************************************************************************
* Pre-processor Definitions
****************************************************************************/
/* DNS classes */
#define DNS_CLASS_IN 1 /* RFC 1035 Internet */
#define DNS_CLASS_CH 3 /* N/A Chaos */
#define DNS_CLASS_HS 4 /* N/A Hesiod */
#define DNS_CLASS_QNONE 254 /* RFC 2136 QCLASS NONE */
#define DNS_CLASS_QANY 255 /* RFC 1035 QCLASS ANY */
#define DNS_CLASS_IN 1 /* RFC 1035 Internet */
#define DNS_CLASS_CH 3 /* N/A Chaos */
#define DNS_CLASS_HS 4 /* N/A Hesiod */
#define DNS_CLASS_QNONE 254 /* RFC 2136 QCLASS NONE */
#define DNS_CLASS_QANY 255 /* RFC 1035 QCLASS ANY */
/* DNS resource record types */
@@ -144,6 +146,14 @@ struct dns_header_s
uint16_t numextrarr;
};
/* The DNS question message structure */
struct dns_question_s
{
uint16_t type;
uint16_t class;
};
/* The DNS answer message structure */
struct dns_answer_s
@@ -220,3 +230,4 @@ int dns_foreach_nameserver(dns_callback_t callback, FAR void *arg);
#endif
#endif /* __INCLUDE_NUTTX_NET_DNS_H */
libs/libc/netdb/lib_dnsquery.c
+236 -59
View File
File diff suppressed because it is too large Load Diff