Validate RTM_PROPOSAL in resolver not frontend

The resolver is the actual consumer and shouldn't trust the frontend.
Fold the IPv4/IPv6 specific checks thanks to the previous commit.

Idea from florian
OK florian

diff --git a/sbin/unwind/frontend.c b/sbin/unwind/frontend.c
index 123d181..1b6333d 100644 (file)
--- a/sbin/unwind/frontend.c
+++ b/sbin/unwind/frontend.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: frontend.c,v 1.68 2021/02/06 18:01:02 florian Exp $   */
+/*     $OpenBSD: frontend.c,v 1.69 2021/11/16 16:45:23 kn Exp $        */
 
 /*
  * Copyright (c) 2018 Florian Obser <florian@openbsd.org>
@@ -1342,23 +1342,6 @@ handle_route_message(struct rt_msghdr *rtm, struct sockaddr **rti_info)
                        break;
 
                rtdns = (struct sockaddr_rtdns*)rti_info[RTAX_DNS];
-               switch (rtdns->sr_family) {
-               case AF_INET:
-                       if ((rtdns->sr_len - 2) % sizeof(struct in_addr) != 0) {
-                               log_warnx("ignoring invalid RTM_PROPOSAL");
-                               return;
-                       }
-                       break;
-               case AF_INET6:
-                       if ((rtdns->sr_len - 2) % sizeof(struct in6_addr) != 0) {
-                               log_warnx("ignoring invalid RTM_PROPOSAL");
-                               return;
-                       }
-                       break;
-               default:
-                       log_warnx("ignoring invalid RTM_PROPOSAL");
-                       return;
-               }
                rdns_proposal.if_index = rtm->rtm_index;
                rdns_proposal.src = rtm->rtm_priority;
                memcpy(&rdns_proposal.rtdns, rtdns, sizeof(rdns_proposal.rtdns));

diff --git a/sbin/unwind/resolver.c b/sbin/unwind/resolver.c
index 75d3c2c..24d1054 100644 (file)
--- a/sbin/unwind/resolver.c
+++ b/sbin/unwind/resolver.c
@@ -1,4 +1,5 @@
-/*     $OpenBSD: resolver.c,v 1.152 2021/11/16 16:37:52 kn Exp $       */
+/*     $OpenBSD: resolver.c,v 1.153 2021/11/16 16:45:23 kn Exp $       */
+
 
 /*
  * Copyright (c) 2018 Florian Obser <florian@openbsd.org>
@@ -1989,6 +1990,10 @@ replace_autoconf_forwarders(struct imsg_rdns_proposal *rdns_proposal)
                return;
        }
 
+       if ((rdns_proposal->rtdns.sr_len - 2) % addrsz != 0) {
+               log_warnx("ignoring invalid RTM_PROPOSAL");
+               return;
+       }
        rdns_count = (rdns_proposal->rtdns.sr_len -
            offsetof(struct sockaddr_rtdns, sr_dns)) / addrsz;