Robert Edmonds authored 3 years ago and Daniel Salzman committed 3 years ago

Previously, after "mod-dnstap: Restore the original query QNAME case",
the dnstap module would copy the original QNAME into the query packet
buffer passed to the dnstap module, so that the originally cased query
message would be written out to the dnstap logging stream.

However, there are error conditions that can result in the query
packet's 'qname_size' field being updated to a non-zero value (the
question section was successfully parsed), but the packet was ultimately
rejected.

In the prepare_answer() function in src/knot/nameserver/process_query.c,
there are several error return paths that prevent the 'orig_qname' field
from being written by the call to memcpy(). In this case, the
'orig_qname' field in the corresponding knotd_qdata_extra_t object will
remain at an initialized (zeroed out) value.

Before this patch, in some cases (e.g. in responses to some queries that
return FORMERR), mod-dnstap would overwrite the QNAME in the query
packet buffer with 'qname_size' bytes from the 'orig_qname' field. With
'qname_size' set to a non-zero value (due to successful parsing of the
QNAME) but with 'orig_qname' set to its original initialized (zeroed
out) value, this would result in zeroing out the QNAME in the query
packet buffer. This would then result in writing a corrupted query
message into the dnstap logging stream.

Since mod-dnstap writes directly to the query packet buffer rather than
making a copy, this corruption would also be visible to modules
executing after mod-dnstap as well as the rest of knotd.

This patch updates mod-dnstap's msg_query_qname_restore() so that it
avoids copying the original QNAME into the query packet buffer if the
'orig_qname' field has been left in its initialized (zeroed out) value.

fixes #777

Josh Soref authored 3 years ago and Daniel Salzman committed 3 years ago

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

- Enabled fastparser
- Temporarily disabled unittests (dthreads test fails on armhf)
- Added release tag

- New option FASTPARSER=disable|enable
- New option CHECK=disable|enable for unittests execution
- Explicit CFLAGS="-g -O2 -DNDEBUG -D_FORTIFY_SOURCE=2 -fstack-protector-strong"
- Added --enable-dnstap

David Vasek authored 3 years ago and Daniel Salzman committed 3 years ago

This prevents a situtation when the deleted item may repeat in the array.
This solution is based on the assumption that the duplicate entries are rather rare.