Ignore possible EXTRA-TEXT field in EDNS0 EDE data

Signed-off-by: DL6ER <dl6er@dl6er.de>
2023-04-07 18:56:36 +02:00 · 2023-04-07 18:56:36 +02:00 · 8a4488ceb0
parent 3ac34d323b
commit 8a4488ceb0
2 changed files with 23 additions and 5 deletions
--- a/src/dnsmasq_interface.c
+++ b/src/dnsmasq_interface.c
@ -2021,7 +2021,8 @@ static void FTL_reply(const unsigned int flags, const char *name, const union al
 	if(edns != NULL && edns->ede != EDE_UNSET)
 	{
 		query->ede = edns->ede;
-		log_debug(DEBUG_QUERIES, "     EDE: %s (%d)", edestr(edns->ede), edns->ede);
+		if(config.debug & DEBUG_QUERIES)
+			logg("     EDE: %s (%d)", edestr(edns->ede), edns->ede);
 	}

 	// Update upstream server (if applicable)
@ -2501,7 +2502,7 @@ static void FTL_upstream_error(const union all_addr *addr, const unsigned int fl
 		if(edns != NULL && edns->ede != EDE_UNSET)
 		{
 			query->ede = edns->ede;
-			log_debug(DEBUG_QUERIES, "     EDE: %s (%d)", edestr(edns->ede), edns->ede);
+			logg("     EDE: %s (%d)", edestr(edns->ede), edns->ede);
 		}
 	}
 	if(option_bool(OPT_DNSSEC_PROXY) && edns->ede >= EDE_DNSSEC_BOGUS && edns->ede <= EDE_NO_NSEC)
--- a/src/edns0.c
+++ b/src/edns0.c
@ -372,18 +372,35 @@ void FTL_parse_pseudoheaders(unsigned char *pheader, const size_t plen)
 			// Advance working pointer
 			p += optlen;
 		}
-		else if(code == EDNS0_OPTION_EDE && optlen == 2)
+		else if(code == EDNS0_OPTION_EDE && optlen >= 2)
 		{
 			// EDNS(0) EDE
 			// https://datatracker.ietf.org/doc/rfc8914/
-
+			//
+			//                                                1   1   1   1   1   1
+			//        0   1   2   3   4   5   6   7   8   9   0   1   2   3   4   5
+			//      +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
+			//   0: |                            OPTION-CODE                        |
+			//      +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
+			//   2: |                           OPTION-LENGTH                       |
+			//      +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
+			//   4: | INFO-CODE                                                     |
+			edns.ede = ntohs(((int)p[1] << 8) | p[0]);
+			//      +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
+			//   6: / EXTRA-TEXT ...                                                /
+			//      +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
+			//
 			// The INFO-CODE from the EDE EDNS option is used to
 			// serve as an index into the "Extended DNS Error" IANA
 			// registry, the initial values for which are defined in
 			// this document. The value of the INFO-CODE is encoded
 			// as a two-octet unsigned integer in network byte
 			// order.
-			edns.ede = ntohs(((int)p[1] << 8) | p[0]);
+			//
+			// The EXTRA-TEXT from the EDE EDNS option is ignored by
+			// FTL
+
+			// Debug output
 			if(config.debug & DEBUG_EDNS0)
 				logg("EDNS(0) EDE: %s (code %d)", edestr(edns.ede), edns.ede);