[ldns-users] ldns_wire2dname() doesn't reject some invalid pointers
Robert Edmonds
edmonds at debian.org
Sun Sep 6 18:31:55 UTC 2009
RFC 1035 section 4.1.4 says this about message compression:
"In this scheme, an entire domain name or a list of labels at the
end of a domain name is replaced with a pointer to a prior occurance
of the same name."
note that the pointer must point backwards in the packet (a prior
occurrence) and must point to a name.
here's a DNS message that ldns 1.6 parses successfully:
ca8884000001000000010000047864636a03636f6d00001c0001c01c0006000102000e10002c000a686f73746d61737465720a6e616d65736572766572000000000f0000708000001c2000093a8000003a80
the owner name of the first RR in the authority section starts with a
pointer *forward* one octet in the packet to the first octet of the type
field, which happens to be zero. and the type field of an RR isn't a
name, so a compression pointer can't point to it.
--
Robert Edmonds
edmonds at debian.org
More information about the ldns-users
mailing list