Strange response to mangled requests

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Apr 2 13:29:12 UTC 2020 

Testing robustness of servers, I see that Unbound reacts in a way I
don't approve when the incoming request is malformed. Instead of
replying with FORMERR, it echoes the invalid request.

The attached Python script shows this behavior. With Unbound 1.10.0, I
get:

% ./test_pub_resolv-trunc_data.py 127.0.0.1 9053
data sent: b'\xee\xd0\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04cu'
      hex: ee d0 01 00 00 01 00 00 00 00 00 00 04 63 75
      bin: 11101110 11010000 00000001 00000000 00000000 00000001 00000000 00000000 00000000 00000000 00000000 00000000 00000100 01100011 01110101

data recv: b'\xee\xd0\x81\x01\x00\x01\x00\x00\x00\x00\x00\x00\x04cu'
      hex: ee d0 81 01 00 01 00 00 00 00 00 00 04 63 75
      bin: 11101110 11010000 10000001 00000001 00000000 00000001 00000000 00000000 00000000 00000000 00000000 00000000 00000100 01100011 01110101

Traceback (most recent call last):
  File "./test_pub_resolv-trunc_data.py", line 51, in <module>
    resp = dns.message.from_wire(r_data)
  File "/usr/lib/python3/dist-packages/dns/message.py", line 823, in from_wire
    reader.read()
  File "/usr/lib/python3/dist-packages/dns/message.py", line 746, in read
    self._get_question(qcount)
  File "/usr/lib/python3/dist-packages/dns/message.py", line 621, in _get_question
    (qname, used) = dns.name.from_wire(self.wire, self.current)
  File "/usr/lib/python3/dist-packages/dns/name.py", line 975, in from_wire
    labels.append(message[current: current + count].unwrap())
  File "/usr/lib/python3/dist-packages/dns/wiredata.py", line 71, in __getitem__
    raise dns.exception.FormError
dns.exception.FormError: DNS message is malformed.

While I was expecting (this is with BIND):

% ./test_pub_resolv-trunc_data.py 127.0.0.1     
data sent: b'\xfc\xca\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04cu'
      hex: fc ca 01 00 00 01 00 00 00 00 00 00 04 63 75
      bin: 11111100 11001010 00000001 00000000 00000000 00000001 00000000 00000000 00000000 00000000 00000000 00000000 00000100 01100011 01110101

data recv: b'\xfc\xca\x81\x01\x00\x00\x00\x00\x00\x00\x00\x00'
      hex: fc ca 81 01 00 00 00 00 00 00 00 00
      bin: 11111100 11001010 10000001 00000001 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

id 64714
opcode QUERY
rcode FORMERR
flags QR RD
;QUESTION
;ANSWER
;AUTHORITY
;ADDITIONAL

More information about the Unbound-users mailing list