mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21175 Commits
28 Branches
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
rspamd/contrib/librdns/parse.c

parse.c 12KB
Raw Permalink Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461 
  1. /* Copyright (c) 2014, Vsevolod Stakhov

  2.  * All rights reserved.

  3.  *

  4.  * Redistribution and use in source and binary forms, with or without

  5.  * modification, are permitted provided that the following conditions are met:

  6.  *       * Redistributions of source code must retain the above copyright

  7.  *         notice, this list of conditions and the following disclaimer.

  8.  *       * Redistributions in binary form must reproduce the above copyright

  9.  *         notice, this list of conditions and the following disclaimer in the

  10.  *         documentation and/or other materials provided with the distribution.

  11.  *

  12.  * THIS SOFTWARE IS PROVIDED ''AS IS'' AND ANY

  13.  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

  14.  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

  15.  * DISCLAIMED. IN NO EVENT SHALL AUTHOR BE LIABLE FOR ANY

  16.  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

  17.  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  18.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND

  19.  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

  20.  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

  21.  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

  22.  */

  23. 

  24. #include "rdns.h"

  25. #include "dns_private.h"

  26. #include "parse.h"

  27. #include "logger.h"

  28. 

  29. static uint8_t *

  30. rdns_decompress_label (uint8_t *begin, uint16_t *len, uint16_t max)

  31. {

  32. 	uint16_t offset = (*len);

  33. 

  34. 	if (offset > max) {

  35. 		return NULL;

  36. 	}

  37. 	*len = *(begin + offset);

  38. 	return begin + offset;

  39. }

  40. 

  41. #define UNCOMPRESS_DNS_OFFSET(p) (((*(p)) ^ DNS_COMPRESSION_BITS) << 8) + *((p) + 1)

  42. 

  43. uint8_t *

  44. rdns_request_reply_cmp (struct rdns_request *req, uint8_t *in, int len)

  45. {

  46. 	uint8_t *p, *c, *l1, *l2;

  47. 	uint16_t len1, len2;

  48. 	int decompressed = 0;

  49. 	struct rdns_resolver *resolver = req->resolver;

  50. 

  51. 	/* QR format:

  52. 	 * labels - len:octets

  53. 	 * null label - 0

  54. 	 * class - 2 octets

  55. 	 * type - 2 octets

  56. 	 */

  57. 

  58. 	/* In p we would store current position in reply and in c - position in request */

  59. 	p = in;

  60. 	c = req->packet + req->pos;

  61. 

  62. 	for (;;) {

  63. 		/* Get current label */

  64. 		len1 = *p;

  65. 		len2 = *c;

  66. 		if (p - in > len) {

  67. 			rdns_info ("invalid dns reply");

  68. 			return NULL;

  69. 		}

  70. 		/* This may be compressed, so we need to decompress it */

  71. 		if (len1 & DNS_COMPRESSION_BITS) {

  72. 			len1 = UNCOMPRESS_DNS_OFFSET(p);

  73. 			l1 = rdns_decompress_label (in, &len1, len);

  74. 			if (l1 == NULL) {

  75. 				return NULL;

  76. 			}

  77. 			decompressed ++;

  78. 			l1 ++;

  79. 			p += 2;

  80. 		}

  81. 		else {

  82. 			l1 = ++p;

  83. 			p += len1;

  84. 		}

  85. 		if (len2 & DNS_COMPRESSION_BITS) {

  86. 			len2 = UNCOMPRESS_DNS_OFFSET(c);

  87. 			l2 = rdns_decompress_label (c, &len2, len);

  88. 			if (l2 == NULL) {

  89. 				rdns_info ("invalid DNS pointer, cannot decompress");

  90. 				return NULL;

  91. 			}

  92. 			decompressed ++;

  93. 			l2 ++;

  94. 			c += 2;

  95. 		}

  96. 		else {

  97. 			l2 = ++c;

  98. 			c += len2;

  99. 		}

  100. 		if (len1 != len2) {

  101. 			return NULL;

  102. 		}

  103. 		if (len1 == 0) {

  104. 			break;

  105. 		}

  106. 

  107. 		if (memcmp (l1, l2, len1) != 0) {

  108. 			return NULL;

  109. 		}

  110. 		if (decompressed == 2) {

  111. 			break;

  112. 		}

  113. 	}

  114. 

  115. 	/* p now points to the end of QR section */

  116. 	/* Compare class and type */

  117. 	if (memcmp (p, c, sizeof (uint16_t) * 2) == 0) {

  118. 		req->pos = c - req->packet + sizeof (uint16_t) * 2;

  119. 		return p + sizeof (uint16_t) * 2;

  120. 	}

  121. 	return NULL;

  122. }

  123. 

  124. #define MAX_RECURSION_LEVEL 10

  125. 

  126. bool

  127. rdns_parse_labels (struct rdns_resolver *resolver,

  128. 		uint8_t *in, char **target, uint8_t **pos, struct rdns_reply *rep,

  129. 		int *remain, bool make_name)

  130. {

  131. 	uint16_t namelen = 0;

  132. 	uint8_t *p = *pos, *begin = *pos, *l, *t, *end = *pos + *remain, *new_pos = *pos;

  133. 	uint16_t llen;

  134. 	int length = *remain, new_remain = *remain;

  135. 	int ptrs = 0, labels = 0;

  136. 	bool got_compression = false;

  137. 

  138. 	/* First go through labels and calculate name length */

  139. 	while (p - begin < length) {

  140. 		if (ptrs > MAX_RECURSION_LEVEL) {

  141. 			rdns_info ("dns pointers are nested too much");

  142. 			return false;

  143. 		}

  144. 		llen = *p;

  145. 		if (llen == 0) {

  146. 			if (!got_compression) {

  147. 				/* In case of compression we have already decremented the processing position */

  148. 				new_remain -= sizeof (uint8_t);

  149. 				new_pos += sizeof (uint8_t);

  150. 			}

  151. 			break;

  152. 		}

  153. 		else if ((llen & DNS_COMPRESSION_BITS)) {

  154. 			if (end - p > 1) {

  155. 				ptrs ++;

  156. 				llen = UNCOMPRESS_DNS_OFFSET(p);

  157. 				l = rdns_decompress_label (in, &llen, end - in);

  158. 				if (l == NULL) {

  159. 					rdns_info ("invalid DNS pointer");

  160. 					return false;

  161. 				}

  162. 				if (!got_compression) {

  163. 					/* Our label processing is finished actually */

  164. 					new_remain -= sizeof (uint16_t);

  165. 					new_pos += sizeof (uint16_t);

  166. 					got_compression = true;

  167. 				}

  168. 				if (l < in || l > begin + length) {

  169. 					rdns_info  ("invalid pointer in DNS packet");

  170. 					return false;

  171. 				}

  172. 				begin = l;

  173. 				length = end - begin;

  174. 				p = l + *l + 1;

  175. 				namelen += *l;

  176. 				labels ++;

  177. 			}

  178. 			else {

  179. 				rdns_info ("DNS packet has incomplete compressed label, input length: %d bytes, remain: %d",

  180. 						*remain, new_remain);

  181. 				return false;

  182. 			}

  183. 		}

  184. 		else {

  185. 			namelen += llen;

  186. 			p += llen + 1;

  187. 			labels ++;

  188. 			if (!got_compression) {

  189. 				new_remain -= llen + 1;

  190. 				new_pos += llen + 1;

  191. 			}

  192. 		}

  193. 	}

  194. 

  195. 	if (!make_name) {

  196. 		goto end;

  197. 	}

  198. 	*target = malloc (namelen + labels + 3);

  199. 	t = (uint8_t *)*target;

  200. 	p = *pos;

  201. 	begin = *pos;

  202. 	length = *remain;

  203. 	/* Now copy labels to name */

  204. 	while (p - begin < length) {

  205. 		llen = *p;

  206. 		if (llen == 0) {

  207. 			break;

  208. 		}

  209. 		else if (llen & DNS_COMPRESSION_BITS) {

  210. 			llen = UNCOMPRESS_DNS_OFFSET(p);

  211. 			l = rdns_decompress_label (in, &llen, end - in);

  212. 

  213. 			if (l == NULL) {

  214. 				goto end;

  215. 			}

  216. 

  217. 			begin = l;

  218. 			length = end - begin;

  219. 			p = l + *l + 1;

  220. 			memcpy (t, l + 1, *l);

  221. 			t += *l;

  222. 			*t ++ = '.';

  223. 		}

  224. 		else {

  225. 			memcpy (t, p + 1, *p);

  226. 			t += *p;

  227. 			*t ++ = '.';

  228. 			p += *p + 1;

  229. 		}

  230. 	}

  231. 	if (t > (uint8_t *)*target) {

  232. 		*(t - 1) = '\0';

  233. 	}

  234. 	else {

  235. 		/* Handle empty labels */

  236. 		**target = '\0';

  237. 	}

  238. end:

  239. 	*remain = new_remain;

  240. 	*pos = new_pos;

  241. 

  242. 	return true;

  243. }

  244. 

  245. #define GET8(x) do {(x) = ((*p)); p += sizeof (uint8_t); *remain -= sizeof (uint8_t); } while(0)

  246. #define GET16(x) do {(x) = ((*p) << 8) + *(p + 1); p += sizeof (uint16_t); *remain -= sizeof (uint16_t); } while(0)

  247. #define GET32(x) do {(x) = ((*p) << 24) + ((*(p + 1)) << 16) + ((*(p + 2)) << 8) + *(p + 3); p += sizeof (uint32_t); *remain -= sizeof (uint32_t); } while(0)

  248. #define SKIP(type) do { p += sizeof(type); *remain -= sizeof(type); } while (0)

  249. 

  250. int

  251. rdns_parse_rr (struct rdns_resolver *resolver,

  252. 		uint8_t *in, struct rdns_reply_entry *elt, uint8_t **pos,

  253. 		struct rdns_reply *rep, int *remain)

  254. {

  255. 	uint8_t *p = *pos, parts;

  256. 	uint16_t type, datalen, txtlen, copied;

  257. 	int32_t ttl;

  258. 	bool parsed = false;

  259. 

  260. 	/* Skip the whole name */

  261. 	if (!rdns_parse_labels (resolver, in, NULL, &p, rep, remain, false)) {

  262. 		rdns_info ("bad RR name");

  263. 		return -1;

  264. 	}

  265. 	if (*remain < (int)sizeof (uint16_t) * 6) {

  266. 		rdns_info ("stripped dns reply: %d bytes remain; domain %s", *remain,

  267. 				rep->requested_name);

  268. 		return -1;

  269. 	}

  270. 	GET16 (type);

  271. 	/* Skip class */

  272. 	SKIP (uint16_t);

  273. 	GET32 (ttl);

  274. 	GET16 (datalen);

  275. 	elt->type = type;

  276. 	/* Now p points to RR data */

  277. 	switch (type) {

  278. 	case DNS_T_A:

  279. 		if (!(datalen & 0x3) && datalen <= *remain) {

  280. 			memcpy (&elt->content.a.addr, p, sizeof (struct in_addr));

  281. 			p += datalen;

  282. 			*remain -= datalen;

  283. 			parsed = true;

  284. 		}

  285. 		else {

  286. 			rdns_info ("corrupted A record; domain: %s", rep->requested_name);

  287. 			return -1;

  288. 		}

  289. 		break;

  290. 	case DNS_T_AAAA:

  291. 		if (datalen == sizeof (struct in6_addr) && datalen <= *remain) {

  292. 			memcpy (&elt->content.aaa.addr, p, sizeof (struct in6_addr));

  293. 			p += datalen;

  294. 			*remain -= datalen;

  295. 			parsed = true;

  296. 		}

  297. 		else {

  298. 			rdns_info ("corrupted AAAA record; domain %s", rep->requested_name);

  299. 			return -1;

  300. 		}

  301. 		break;

  302. 	case DNS_T_PTR:

  303. 		if (! rdns_parse_labels (resolver, in, &elt->content.ptr.name, &p,

  304. 				rep, remain, true)) {

  305. 			rdns_info ("invalid labels in PTR record; domain %s", rep->requested_name);

  306. 			return -1;

  307. 		}

  308. 		parsed = true;

  309. 		break;

  310. 	case DNS_T_NS:

  311. 		if (! rdns_parse_labels (resolver, in, &elt->content.ns.name, &p,

  312. 				rep, remain, true)) {

  313. 			rdns_info ("invalid labels in NS record; domain %s", rep->requested_name);

  314. 			return -1;

  315. 		}

  316. 		parsed = true;

  317. 		break;

  318. 	case DNS_T_SOA:

  319. 		if (! rdns_parse_labels (resolver, in, &elt->content.soa.mname, &p,

  320. 				rep, remain, true)) {

  321. 			rdns_info ("invalid labels in SOA record; domain %s", rep->requested_name);

  322. 			return -1;

  323. 		}

  324. 		if (! rdns_parse_labels (resolver, in, &elt->content.soa.admin, &p,

  325. 				rep, remain, true)) {

  326. 			rdns_info ("invalid labels in SOA record; domain %s", rep->requested_name);

  327. 			return -1;

  328. 		}

  329. 		if (*remain >= sizeof(int32_t) * 5) {

  330. 			GET32 (elt->content.soa.serial);

  331. 			GET32 (elt->content.soa.refresh);

  332. 			GET32 (elt->content.soa.retry);

  333. 			GET32 (elt->content.soa.expire);

  334. 			GET32 (elt->content.soa.minimum);

  335. 		}

  336. 		else {

  337. 			rdns_info ("invalid data in SOA record; domain %s", rep->requested_name);

  338. 			return -1;

  339. 		}

  340. 		parsed = true;

  341. 		break;

  342. 	case DNS_T_MX:

  343. 		GET16 (elt->content.mx.priority);

  344. 		if (! rdns_parse_labels (resolver, in, &elt->content.mx.name, &p,

  345. 				rep, remain, true)) {

  346. 			rdns_info ("invalid labels in MX record; domain %s", rep->requested_name);

  347. 			return -1;

  348. 		}

  349. 		parsed = true;

  350. 		break;

  351. 	case DNS_T_TXT:

  352. 	case DNS_T_SPF:

  353. 		if (datalen <= *remain) {

  354. 			elt->content.txt.data = malloc(datalen + 1);

  355. 			if (elt->content.txt.data == NULL) {

  356. 				rdns_err ("failed to allocate %d bytes for TXT record; domain %s",

  357. 						(int) datalen + 1, rep->requested_name);

  358. 				return -1;

  359. 			}

  360. 			/* Now we should compose data from parts */

  361. 			copied = 0;

  362. 			parts = 0;

  363. 			while (copied + parts < datalen && *remain > 0) {

  364. 				txtlen = *p;

  365. 				if (txtlen + copied + parts <= datalen && *remain >= txtlen + 1) {

  366. 					parts++;

  367. 					memcpy (elt->content.txt.data + copied, p + 1, txtlen);

  368. 					copied += txtlen;

  369. 					p += txtlen + 1;

  370. 					*remain -= txtlen + 1;

  371. 				}

  372. 				else {

  373. 

  374. 					if (txtlen + copied + parts > datalen) {

  375. 						/* Incorrect datalen reported ! */

  376. 						rdns_err ("incorrect txtlen (%d) > datalen (%d) reported; domain %s",

  377. 								(txtlen + copied + parts), datalen,

  378. 								rep->requested_name);

  379. 						return -1;

  380. 					}

  381. 

  382. 					/* Reported equal to the actual data copied */

  383. 					break;

  384. 				}

  385. 			}

  386. 			*(elt->content.txt.data + copied) = '\0';

  387. 			parsed = true;

  388. 			elt->type = RDNS_REQUEST_TXT;

  389. 		}

  390. 		else {

  391. 			rdns_info ("stripped data in TXT record (%d bytes available, %d requested); "

  392. 			  "domain %s", (int)*remain, (int)datalen, rep->requested_name);

  393. 			return -1;

  394. 		}

  395. 		break;

  396. 	case DNS_T_SRV:

  397. 		if (p - *pos > (int)(*remain - sizeof (uint16_t) * 3)) {

  398. 			rdns_info ("stripped dns reply while reading SRV record; domain %s", rep->requested_name);

  399. 			return -1;

  400. 		}

  401. 		GET16 (elt->content.srv.priority);

  402. 		GET16 (elt->content.srv.weight);

  403. 		GET16 (elt->content.srv.port);

  404. 		if (! rdns_parse_labels (resolver, in, &elt->content.srv.target,

  405. 				&p, rep, remain, true)) {

  406. 			rdns_info ("invalid labels in SRV record; domain %s", rep->requested_name);

  407. 			return -1;

  408. 		}

  409. 		parsed = true;

  410. 		break;

  411. 	case DNS_T_TLSA:

  412. 		if (p - *pos > (int)(*remain - sizeof (uint8_t) * 3) || datalen <= 3) {

  413. 			rdns_info ("stripped dns reply while reading TLSA record; domain %s", rep->requested_name);

  414. 			return -1;

  415. 		}

  416. 

  417. 		if (datalen > *remain) {

  418. 			rdns_info ("too large datalen; domain %s", rep->requested_name);

  419. 			return -1;

  420. 		}

  421. 

  422. 		GET8 (elt->content.tlsa.usage);

  423. 		GET8 (elt->content.tlsa.selector);

  424. 		GET8 (elt->content.tlsa.match_type);

  425. 		datalen -= 3;

  426. 

  427. 		elt->content.tlsa.data = malloc (datalen);

  428. 		if (elt->content.tlsa.data == NULL) {

  429. 			rdns_err ("failed to allocate %d bytes for TLSA record; domain %s",

  430. 					(int)datalen + 1, rep->requested_name);

  431. 			return -1;

  432. 		}

  433. 

  434. 		elt->content.tlsa.datalen = datalen;

  435. 		memcpy (elt->content.tlsa.data, p, datalen);

  436. 		p += datalen;

  437. 		*remain -= datalen;

  438. 		parsed = true;

  439. 		break;

  440. 	case DNS_T_CNAME:

  441. 		if (! rdns_parse_labels (resolver, in, &elt->content.cname.name, &p,

  442. 				rep, remain, true)) {

  443. 			rdns_info ("invalid labels in CNAME record; domain %s", rep->requested_name);

  444. 			return -1;

  445. 		}

  446. 		parsed = true;

  447. 		break;

  448. 	default:

  449. 		rdns_info ("unexpected RR type: %d; domain %s", type, rep->requested_name);

  450. 		p += datalen;

  451. 		*remain -= datalen;

  452. 		break;

  453. 	}

  454. 	*pos = p;

  455. 

  456. 	if (parsed) {

  457. 		elt->ttl = ttl;

  458. 		return 1;

  459. 	}

  460. 	return 0;

  461. }