Skip to content

Fix DNS decompression bug and add descriptive exceptions #444

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Jun 9, 2021
Merged

Fix DNS decompression bug and add descriptive exceptions #444

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c20c82b
Fix pointer loop bug and add descriptive exceptions
gaya-cohen May 24, 2021
1650b60
change counter variable type and add exception description comment
gaya-cohen May 24, 2021
ed2b3c1
Make new exceptions inherit from malformed_packet and change exceptio…
gaya-cohen Jun 9, 2021
137b56d
fix exception inheritance and change exception names in DNS code
gaya-cohen Jun 9, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions include/tins/exceptions.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,22 @@ class malformed_packet : public exception_base {
malformed_packet() : exception_base("Malformed packet") { }
};

/**
* \brief Exception thrown when a DNS decompression pointer is out of bounds.
*/
class DNS_decompression_pointer_out_of_bounds : public exception_base {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Creating a new exception is fine for this case but we should make it derive from malformed_packet. Otherwise people catching malformed_packet when parsing a DNS packet will now be surprised that their catch no longer traps the exception after they upgrade their version of libtins.

On a side note, can you rename these so DNS is lowercase? e.g. dns_decompression_pointer_out_of_bounds. The rest of the exceptions don't capitalize any words (e.g. pdu_not_found) so we should keep names consistent.

public:
DNS_decompression_pointer_out_of_bounds() : exception_base("DNS decompression pointer out of bounds") { }
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: maybe add a colon after "decompression"? e.g. "DNS decompression: pointer out of bounds". Same for the other exception.

};

/**
* \brief Exception thrown when a DNS decompression pointer loops.
*/
class DNS_decompression_pointer_loops : public exception_base {
public:
DNS_decompression_pointer_loops() : exception_base("DNS decompression pointer loops") { }
};

/**
* \brief Exception thrown when serializing a packet fails.
*/
Expand Down
6 changes: 5 additions & 1 deletion src/dns.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -336,7 +336,11 @@ uint32_t DNS::compose_name(const uint8_t* ptr, char* out_ptr) const {
const uint8_t* end = &records_data_[0] + records_data_.size();
const uint8_t* end_ptr = 0;
char* current_out_ptr = out_ptr;
uint8_t pointer_counter = 0;
while (*ptr) {
if (pointer_counter++ > 30){
throw DNS_decompression_pointer_loops();
}
// It's an offset
if ((*ptr & 0xc0)) {
if (TINS_UNLIKELY(ptr + sizeof(uint16_t) > end)) {
Expand All @@ -347,7 +351,7 @@ uint32_t DNS::compose_name(const uint8_t* ptr, char* out_ptr) const {
index = Endian::be_to_host(index) & 0x3fff;
// Check that the offset is neither too low or too high
if (index < 0x0c || (&records_data_[0] + (index - 0x0c)) >= end) {
throw malformed_packet();
throw DNS_decompression_pointer_out_of_bounds();
}
// We've probably found the end of the original domain name. Save it.
if (end_ptr == 0) {
Expand Down