From: florian Date: Tue, 18 Apr 2023 09:57:51 +0000 (+0000) Subject: If rcode is SERVFAIL, there is no need to look at the packet. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=09899521c9c575927ab5ebfe57157ea6f50ee31a;p=openbsd If rcode is SERVFAIL, there is no need to look at the packet. This pulls the check for rcode up, before we check if the answer packet has sensible length. Since we are not touching the packet at all, we don't care about the size and don't need to log if the size is wrong from a DNS perspective. With asr error reporting improved in the previous commit, this probably gets rid of all "bad packet: too short" messages. OK semarie --- diff --git a/sbin/unwind/resolver.c b/sbin/unwind/resolver.c index 0682e9e4d70..98c5f472205 100644 --- a/sbin/unwind/resolver.c +++ b/sbin/unwind/resolver.c @@ -1,4 +1,4 @@ -/* $OpenBSD: resolver.c,v 1.159 2023/04/18 09:57:08 florian Exp $ */ +/* $OpenBSD: resolver.c,v 1.160 2023/04/18 09:57:51 florian Exp $ */ /* @@ -953,6 +953,12 @@ resolve_done(struct uw_resolver *res, void *arg, int rcode, running_res = --rq->running; + if (rcode == LDNS_RCODE_SERVFAIL) { + if (res->stop != 1) + check_resolver(res); + goto servfail; + } + if (answer_len < LDNS_HEADER_SIZE) { log_warnx("bad packet: too short"); goto servfail; @@ -965,12 +971,6 @@ resolve_done(struct uw_resolver *res, void *arg, int rcode, } answer_header->answer_len = answer_len; - if (rcode == LDNS_RCODE_SERVFAIL) { - if (res->stop != 1) - check_resolver(res); - goto servfail; - } - if ((result = calloc(1, sizeof(*result))) == NULL) goto servfail; if ((buf = sldns_buffer_new(answer_len)) == NULL) @@ -1545,12 +1545,6 @@ check_resolver_done(struct uw_resolver *res, void *arg, int rcode, prev_state = checked_resolver->state; - if (answer_len < LDNS_HEADER_SIZE) { - checked_resolver->state = DEAD; - log_warnx("%s: bad packet: too short", __func__); - goto out; - } - if (rcode == LDNS_RCODE_SERVFAIL) { log_debug("%s: %s rcode: SERVFAIL", __func__, uw_resolver_type_str[checked_resolver->type]); @@ -1559,6 +1553,12 @@ check_resolver_done(struct uw_resolver *res, void *arg, int rcode, goto out; } + if (answer_len < LDNS_HEADER_SIZE) { + checked_resolver->state = DEAD; + log_warnx("%s: bad packet: too short", __func__); + goto out; + } + if (sec == SECURE) { if (dns64_present && (res->type == UW_RES_AUTOCONF || res->type == UW_RES_ODOT_AUTOCONF)) { @@ -1902,6 +1902,11 @@ trust_anchor_resolve_done(struct uw_resolver *res, void *arg, int rcode, uint16_t dnskey_flags; char rdata_buf[1024], *ta; + if (rcode == LDNS_RCODE_SERVFAIL) { + log_debug("%s: rcode: SERVFAIL", __func__); + goto out; + } + if (answer_len < LDNS_HEADER_SIZE) { log_warnx("bad packet: too short"); goto out;