mirrors
/
rspamd
miroir de https://github.com/vstakhov/rspamd.git
Suivre 1
Ajouter aux favoris 0
Bifurcation 0
Code Tickets 0 Versions 159 Wiki Activité
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
3268 Révisions
28 Branches
Aborescence: 6e121a026f
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de '6e121a026f'
${ noResults }
rspamd/contrib/librdns/parse.c

parse.c 11KB
Brut Annotations Historique

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419 
  1. /* Copyright (c) 2014, Vsevolod Stakhov

  2.  * All rights reserved.

  3.  *

  4.  * Redistribution and use in source and binary forms, with or without

  5.  * modification, are permitted provided that the following conditions are met:

  6.  *       * Redistributions of source code must retain the above copyright

  7.  *         notice, this list of conditions and the following disclaimer.

  8.  *       * Redistributions in binary form must reproduce the above copyright

  9.  *         notice, this list of conditions and the following disclaimer in the

  10.  *         documentation and/or other materials provided with the distribution.

  11.  *

  12.  * THIS SOFTWARE IS PROVIDED ''AS IS'' AND ANY

  13.  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

  14.  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

  15.  * DISCLAIMED. IN NO EVENT SHALL AUTHOR BE LIABLE FOR ANY

  16.  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

  17.  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  18.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND

  19.  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

  20.  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

  21.  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

  22.  */

  23. 

  24. #include "rdns.h"

  25. #include "dns_private.h"

  26. #include "parse.h"

  27. #include "logger.h"

  28. 

  29. static uint8_t *

  30. rdns_decompress_label (uint8_t *begin, uint16_t *len, uint16_t max)

  31. {

  32. 	uint16_t offset = (*len);

  33. 

  34. 	if (offset > max) {

  35. 		return NULL;

  36. 	}

  37. 	*len = *(begin + offset);

  38. 	return begin + offset;

  39. }

  40. 

  41. #define UNCOMPRESS_DNS_OFFSET(p) (((*(p)) ^ DNS_COMPRESSION_BITS) << 8) + *((p) + 1)

  42. 

  43. uint8_t *

  44. rdns_request_reply_cmp (struct rdns_request *req, uint8_t *in, int len)

  45. {

  46. 	uint8_t *p, *c, *l1, *l2;

  47. 	uint16_t len1, len2;

  48. 	int decompressed = 0;

  49. 	struct rdns_resolver *resolver = req->resolver;

  50. 

  51. 	/* QR format:

  52. 	 * labels - len:octets

  53. 	 * null label - 0

  54. 	 * class - 2 octets

  55. 	 * type - 2 octets

  56. 	 */

  57. 

  58. 	/* In p we would store current position in reply and in c - position in request */

  59. 	p = in;

  60. 	c = req->packet + req->pos;

  61. 

  62. 	for (;;) {

  63. 		/* Get current label */

  64. 		len1 = *p;

  65. 		len2 = *c;

  66. 		if (p - in > len) {

  67. 			rdns_info ("invalid dns reply");

  68. 			return NULL;

  69. 		}

  70. 		/* This may be compressed, so we need to decompress it */

  71. 		if (len1 & DNS_COMPRESSION_BITS) {

  72. 			len1 = UNCOMPRESS_DNS_OFFSET(p);

  73. 			l1 = rdns_decompress_label (in, &len1, len);

  74. 			if (l1 == NULL) {

  75. 				return NULL;

  76. 			}

  77. 			decompressed ++;

  78. 			l1 ++;

  79. 			p += 2;

  80. 		}

  81. 		else {

  82. 			l1 = ++p;

  83. 			p += len1;

  84. 		}

  85. 		if (len2 & DNS_COMPRESSION_BITS) {

  86. 			len2 = UNCOMPRESS_DNS_OFFSET(c);

  87. 			l2 = rdns_decompress_label (c, &len2, len);

  88. 			if (l2 == NULL) {

  89. 				rdns_info ("invalid DNS pointer, cannot decompress");

  90. 				return NULL;

  91. 			}

  92. 			decompressed ++;

  93. 			l2 ++;

  94. 			c += 2;

  95. 		}

  96. 		else {

  97. 			l2 = ++c;

  98. 			c += len2;

  99. 		}

  100. 		if (len1 != len2) {

  101. 			return NULL;

  102. 		}

  103. 		if (len1 == 0) {

  104. 			break;

  105. 		}

  106. 

  107. 		if (memcmp (l1, l2, len1) != 0) {

  108. 			return NULL;

  109. 		}

  110. 		if (decompressed == 2) {

  111. 			break;

  112. 		}

  113. 	}

  114. 

  115. 	/* p now points to the end of QR section */

  116. 	/* Compare class and type */

  117. 	if (memcmp (p, c, sizeof (uint16_t) * 2) == 0) {

  118. 		req->pos = c - req->packet + sizeof (uint16_t) * 2;

  119. 		return p + sizeof (uint16_t) * 2;

  120. 	}

  121. 	return NULL;

  122. }

  123. 

  124. #define MAX_RECURSION_LEVEL 10

  125. 

  126. bool

  127. rdns_parse_labels (struct rdns_resolver *resolver,

  128. 		uint8_t *in, char **target, uint8_t **pos, struct rdns_reply *rep,

  129. 		int *remain, bool make_name)

  130. {

  131. 	uint16_t namelen = 0;

  132. 	uint8_t *p = *pos, *begin = *pos, *l, *t, *end = *pos + *remain, *new_pos = *pos;

  133. 	uint16_t llen;

  134. 	int length = *remain, new_remain = *remain;

  135. 	int ptrs = 0, labels = 0;

  136. 	bool got_compression = false;

  137. 

  138. 	/* First go through labels and calculate name length */

  139. 	while (p - begin < length) {

  140. 		if (ptrs > MAX_RECURSION_LEVEL) {

  141. 			rdns_info ("dns pointers are nested too much");

  142. 			return false;

  143. 		}

  144. 		llen = *p;

  145. 		if (llen == 0) {

  146. 			if (!got_compression) {

  147. 				/* In case of compression we have already decremented the processing position */

  148. 				new_remain -= sizeof (uint8_t);

  149. 				new_pos += sizeof (uint8_t);

  150. 			}

  151. 			break;

  152. 		}

  153. 		else if ((llen & DNS_COMPRESSION_BITS)) {

  154. 			if (end - p > 1) {

  155. 				ptrs ++;

  156. 				llen = UNCOMPRESS_DNS_OFFSET(p);

  157. 				l = rdns_decompress_label (in, &llen, end - in);

  158. 				if (l == NULL) {

  159. 					rdns_info ("invalid DNS pointer");

  160. 					return false;

  161. 				}

  162. 				if (!got_compression) {

  163. 					/* Our label processing is finished actually */

  164. 					new_remain -= sizeof (uint16_t);

  165. 					new_pos += sizeof (uint16_t);

  166. 					got_compression = true;

  167. 				}

  168. 				if (l < in || l > begin + length) {

  169. 					rdns_info  ("invalid pointer in DNS packet");

  170. 					return false;

  171. 				}

  172. 				begin = l;

  173. 				length = end - begin;

  174. 				p = l + *l + 1;

  175. 				namelen += *l;

  176. 				labels ++;

  177. 			}

  178. 			else {

  179. 				rdns_info ("DNS packet has incomplete compressed label, input length: %d bytes, remain: %d",

  180. 						*remain, new_remain);

  181. 				return false;

  182. 			}

  183. 		}

  184. 		else {

  185. 			namelen += llen;

  186. 			p += llen + 1;

  187. 			labels ++;

  188. 			if (!got_compression) {

  189. 				new_remain -= llen + 1;

  190. 				new_pos += llen + 1;

  191. 			}

  192. 		}

  193. 	}

  194. 

  195. 	if (!make_name) {

  196. 		goto end;

  197. 	}

  198. 	*target = malloc (namelen + labels + 3);

  199. 	t = (uint8_t *)*target;

  200. 	p = *pos;

  201. 	begin = *pos;

  202. 	length = *remain;

  203. 	/* Now copy labels to name */

  204. 	while (p - begin < length) {

  205. 		llen = *p;

  206. 		if (llen == 0) {

  207. 			break;

  208. 		}

  209. 		else if (llen & DNS_COMPRESSION_BITS) {

  210. 			llen = UNCOMPRESS_DNS_OFFSET(p);

  211. 			l = rdns_decompress_label (in, &llen, end - in);

  212. 			begin = l;

  213. 			length = end - begin;

  214. 			p = l + *l + 1;

  215. 			memcpy (t, l + 1, *l);

  216. 			t += *l;

  217. 			*t ++ = '.';

  218. 		}

  219. 		else {

  220. 			memcpy (t, p + 1, *p);

  221. 			t += *p;

  222. 			*t ++ = '.';

  223. 			p += *p + 1;

  224. 		}

  225. 	}

  226. 	if (t > (uint8_t *)*target) {

  227. 		*(t - 1) = '\0';

  228. 	}

  229. 	else {

  230. 		/* Handle empty labels */

  231. 		**target = '\0';

  232. 	}

  233. end:

  234. 	*remain = new_remain;

  235. 	*pos = new_pos;

  236. 

  237. 	return true;

  238. }

  239. 

  240. #define GET8(x) do {(x) = ((*p)); p += sizeof (uint8_t); *remain -= sizeof (uint8_t); } while(0)

  241. #define GET16(x) do {(x) = ((*p) << 8) + *(p + 1); p += sizeof (uint16_t); *remain -= sizeof (uint16_t); } while(0)

  242. #define GET32(x) do {(x) = ((*p) << 24) + ((*(p + 1)) << 16) + ((*(p + 2)) << 8) + *(p + 3); p += sizeof (uint32_t); *remain -= sizeof (uint32_t); } while(0)

  243. #define SKIP(type) do { p += sizeof(type); *remain -= sizeof(type); } while (0)

  244. 

  245. int

  246. rdns_parse_rr (struct rdns_resolver *resolver,

  247. 		uint8_t *in, struct rdns_reply_entry *elt, uint8_t **pos,

  248. 		struct rdns_reply *rep, int *remain)

  249. {

  250. 	uint8_t *p = *pos, parts;

  251. 	uint16_t type, datalen, txtlen, copied;

  252. 	int32_t ttl;

  253. 	bool parsed = false;

  254. 

  255. 	/* Skip the whole name */

  256. 	if (! rdns_parse_labels (resolver, in, NULL, &p, rep, remain, false)) {

  257. 		rdns_info ("bad RR name");

  258. 		return -1;

  259. 	}

  260. 	if (*remain < (int)sizeof (uint16_t) * 6) {

  261. 		rdns_info ("stripped dns reply: %d bytes remain", *remain);

  262. 		return -1;

  263. 	}

  264. 	GET16 (type);

  265. 	/* Skip class */

  266. 	SKIP (uint16_t);

  267. 	GET32 (ttl);

  268. 	GET16 (datalen);

  269. 	elt->type = type;

  270. 	/* Now p points to RR data */

  271. 	switch (type) {

  272. 	case DNS_T_A:

  273. 		if (!(datalen & 0x3) && datalen <= *remain) {

  274. 			memcpy (&elt->content.a.addr, p, sizeof (struct in_addr));

  275. 			p += datalen;

  276. 			*remain -= datalen;

  277. 			parsed = true;

  278. 		}

  279. 		else {

  280. 			rdns_info ("corrupted A record");

  281. 			return -1;

  282. 		}

  283. 		break;

  284. 	case DNS_T_AAAA:

  285. 		if (datalen == sizeof (struct in6_addr) && datalen <= *remain) {

  286. 			memcpy (&elt->content.aaa.addr, p, sizeof (struct in6_addr));

  287. 			p += datalen;

  288. 			*remain -= datalen;

  289. 			parsed = true;

  290. 		}

  291. 		else {

  292. 			rdns_info ("corrupted AAAA record");

  293. 			return -1;

  294. 		}

  295. 		break;

  296. 	case DNS_T_PTR:

  297. 		if (! rdns_parse_labels (resolver, in, &elt->content.ptr.name, &p,

  298. 				rep, remain, true)) {

  299. 			rdns_info ("invalid labels in PTR record");

  300. 			return -1;

  301. 		}

  302. 		parsed = true;

  303. 		break;

  304. 	case DNS_T_NS:

  305. 		if (! rdns_parse_labels (resolver, in, &elt->content.ns.name, &p,

  306. 				rep, remain, true)) {

  307. 			rdns_info ("invalid labels in NS record");

  308. 			return -1;

  309. 		}

  310. 		parsed = true;

  311. 		break;

  312. 	case DNS_T_SOA:

  313. 		if (! rdns_parse_labels (resolver, in, &elt->content.soa.mname, &p,

  314. 				rep, remain, true)) {

  315. 			rdns_info ("invalid labels in NS record");

  316. 			return -1;

  317. 		}

  318. 		if (! rdns_parse_labels (resolver, in, &elt->content.soa.admin, &p,

  319. 				rep, remain, true)) {

  320. 			rdns_info ("invalid labels in NS record");

  321. 			return -1;

  322. 		}

  323. 		GET32 (elt->content.soa.serial);

  324. 		GET32 (elt->content.soa.refresh);

  325. 		GET32 (elt->content.soa.retry);

  326. 		GET32 (elt->content.soa.expire);

  327. 		GET32 (elt->content.soa.minimum);

  328. 		parsed = true;

  329. 		break;

  330. 	case DNS_T_MX:

  331. 		GET16 (elt->content.mx.priority);

  332. 		if (! rdns_parse_labels (resolver, in, &elt->content.mx.name, &p,

  333. 				rep, remain, true)) {

  334. 			rdns_info ("invalid labels in MX record");

  335. 			return -1;

  336. 		}

  337. 		parsed = true;

  338. 		break;

  339. 	case DNS_T_TXT:

  340. 	case DNS_T_SPF:

  341. 		elt->content.txt.data = malloc (datalen + 1);

  342. 		if (elt->content.txt.data == NULL) {

  343. 			rdns_err ("failed to allocate %d bytes for TXT record", (int)datalen + 1);

  344. 			return -1;

  345. 		}

  346. 		/* Now we should compose data from parts */

  347. 		copied = 0;

  348. 		parts = 0;

  349. 		while (copied + parts < datalen) {

  350. 			txtlen = *p;

  351. 			if (txtlen + copied + parts <= datalen) {

  352. 				parts ++;

  353. 				memcpy (elt->content.txt.data + copied, p + 1, txtlen);

  354. 				copied += txtlen;

  355. 				p += txtlen + 1;

  356. 				*remain -= txtlen + 1;

  357. 			}

  358. 			else {

  359. 				break;

  360. 			}

  361. 		}

  362. 		*(elt->content.txt.data + copied) = '\0';

  363. 		parsed = true;

  364. 		elt->type = RDNS_REQUEST_TXT;

  365. 		break;

  366. 	case DNS_T_SRV:

  367. 		if (p - *pos > (int)(*remain - sizeof (uint16_t) * 3)) {

  368. 			rdns_info ("stripped dns reply while reading SRV record");

  369. 			return -1;

  370. 		}

  371. 		GET16 (elt->content.srv.priority);

  372. 		GET16 (elt->content.srv.weight);

  373. 		GET16 (elt->content.srv.port);

  374. 		if (! rdns_parse_labels (resolver, in, &elt->content.srv.target,

  375. 				&p, rep, remain, true)) {

  376. 			rdns_info ("invalid labels in SRV record");

  377. 			return -1;

  378. 		}

  379. 		parsed = true;

  380. 		break;

  381. 	case DNS_T_TLSA:

  382. 		if (p - *pos > (int)(*remain - sizeof (uint8_t) * 3) || datalen <= 3) {

  383. 			rdns_info ("stripped dns reply while reading TLSA record");

  384. 			return -1;

  385. 		}

  386. 		GET8 (elt->content.tlsa.usage);

  387. 		GET8 (elt->content.tlsa.selector);

  388. 		GET8 (elt->content.tlsa.match_type);

  389. 		datalen -= 3;

  390. 		elt->content.tlsa.data = malloc (datalen);

  391. 		if (elt->content.tlsa.data == NULL) {

  392. 			rdns_err ("failed to allocate %d bytes for TLSA record", (int)datalen + 1);

  393. 			return -1;

  394. 		}

  395. 		elt->content.tlsa.datalen = datalen;

  396. 		memcpy (elt->content.tlsa.data, p, datalen);

  397. 		p += datalen;

  398. 		*remain -= datalen;

  399. 		parsed = true;

  400. 		break;

  401. 	case DNS_T_CNAME:

  402. 		/* Skip cname records */

  403. 		p += datalen;

  404. 		*remain -= datalen;

  405. 		break;

  406. 	default:

  407. 		rdns_debug ("unexpected RR type: %d", type);

  408. 		p += datalen;

  409. 		*remain -= datalen;

  410. 		break;

  411. 	}

  412. 	*pos = p;

  413. 

  414. 	if (parsed) {

  415. 		elt->ttl = ttl;

  416. 		return 1;

  417. 	}

  418. 	return 0;

  419. }