From 9eae2bf3189c07e30a752e38b2ad3856450f1d06 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 9 Dec 2015 19:08:45 +0100 Subject: resolved: don't accept doing queries for invalid RR types --- src/resolve/resolved-dns-transaction.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'src/resolve/resolved-dns-transaction.c') diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index 00ecd3d11e..1dcd2c78c0 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -106,6 +106,14 @@ int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key) assert(s); assert(key); + /* Don't allow looking up invalid or pseudo RRs */ + if (IN_SET(key->type, DNS_TYPE_OPT, 0, DNS_TYPE_TSIG, DNS_TYPE_TKEY)) + return -EINVAL; + + /* We only support the IN class */ + if (key->class != DNS_CLASS_IN) + return -EOPNOTSUPP; + r = hashmap_ensure_allocated(&s->manager->dns_transactions, NULL); if (r < 0) return r; -- cgit v1.2.3