Commit 79929c62 authored by Alexandre's avatar Alexandre
Browse files

[DoT] Catch malformed received DNS message

parent 469c4a06
......@@ -223,6 +223,8 @@ class Request:
class RequestDoT(Request):
def check_response(self):
if not self.rcode:
return
if self.response.id != self.message.id:
raise Exception("The ID in the answer does not match the one in the query")
......@@ -415,8 +417,12 @@ class ConnectionDoT(Connection):
buf = self.session.recv(2)
request.response_size = int.from_bytes(buf, byteorder='big')
buf = self.session.recv(request.response_size)
request.response = dns.message.from_wire(buf)
request.rcode = True
try:
request.response = dns.message.from_wire(buf)
request.rcode = True
except dns.exception.FormError:
request.response = f'Received DNS message is malformed: {buf}'
request.rcode = False
def send_and_receive(self, request):
self.send_data(request.data)
......@@ -696,8 +702,10 @@ def run_check_trunc(connection):
except OpenSSL.SSL.ZeroReturnError: # This is acceptable
return ok
request.check_response()
if print_result(connection, request, prefix=test_name, display_err=False): # The test must fail, or returns FORMERR.
if print_result(connection, request, prefix=test_name, display_err=True): # The test must fail, or returns FORMERR.
ok = (request.rcode == dns.rcode.FORMERR)
else:
ok = False
return ok
def run_check_additionals(connection):
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment