mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-11-09 04:51:01 +01:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: resolvers: Apply dns-accept-family setting on additional records

Browse Source 
dns-accept-family setting was only evaluated for responses to A / AAAA DNS
queries. It was ignored when additional records in SRV responses were
parsed.

With this patch, whena SRV responses is parsed, additional records not
matching the dns-accept-family setting are ignored, as expected.

This patch must be backported to 3.2.
This commit is contained in:
Christopher Faulet 2025-10-29 11:11:43 +01:00
parent dc35a3487b
commit c84c15d393
1 changed files with 20 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
src/resolvers.c
View File

@ -1480,31 +1480,26 @@ static int resolv_validate_dns_response(unsigned char *resp, unsigned char *bufe
goto invalid_resp;
/* Analyzing record content */
switch (answer_record->type) {
case DNS_RTYPE_A:
/* ipv4 is stored on 4 bytes */
if (answer_record->data_len != 4)
goto invalid_resp;
answer_record->data.in4.sin_family = AF_INET;
memcpy(&answer_record->data.in4.sin_addr, reader, answer_record->data_len);
break;
case DNS_RTYPE_AAAA:
/* ipv6 is stored on 16 bytes */
if (answer_record->data_len != 16)
goto invalid_resp;
answer_record->data.in6.sin6_family = AF_INET6;
memcpy(&answer_record->data.in6.sin6_addr, reader, answer_record->data_len);
break;
default:
pool_free(resolv_answer_item_pool, answer_record);
answer_record = NULL;
continue;
} /* switch (record type) */
if (answer_record->type == DNS_RTYPE_A && (resolv_active_families() & RSLV_ACCEPT_IPV4)) {
/* ipv4 is stored on 4 bytes */
if (answer_record->data_len != 4)
goto invalid_resp;
answer_record->data.in4.sin_family = AF_INET;
memcpy(&answer_record->data.in4.sin_addr, reader, answer_record->data_len);
}
else if (answer_record->type == DNS_RTYPE_AAAA && (resolv_active_families() & RSLV_ACCEPT_IPV6)) {
/* ipv6 is stored on 16 bytes */
if (answer_record->data_len != 16)
goto invalid_resp;
answer_record->data.in6.sin6_family = AF_INET6;
memcpy(&answer_record->data.in6.sin6_addr, reader, answer_record->data_len);
break;
}
else {
pool_free(resolv_answer_item_pool, answer_record);
answer_record = NULL;
continue;
}
/* Increment the counter for number of records saved into our
* local response */