TrueCloudLab/coredns
16
0
Fork 2
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

request.Match check Response bit as well (#1775)

Browse source 
* request.Match check Response bit as well

We should check this bit and reject them as invalid.

* Fix test
This commit is contained in:
Miek Gieben 2018-05-09 12:35:42 +01:00 committed by GitHub
parent 68b45f5377
commit 0e5e59c327
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 24 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
plugin/cache/cache.go vendored
View file

@ -130,7 +130,6 @@ func (w *ResponseWriter) WriteMsg(res *dns.Msg) error {
} }
if key != -1 && duration > 0 { if key != -1 && duration > 0 {
if w.state.Match(res) { if w.state.Match(res) {
w.set(res, key, mt, duration) w.set(res, key, mt, duration)
cacheSize.WithLabelValues(w.server, Success).Set(float64(w.pcache.Len())) cacheSize.WithLabelValues(w.server, Success).Set(float64(w.pcache.Len()))

22
plugin/cache/spoof_test.go vendored
View file

@ -14,7 +14,7 @@ import (
func TestSpoof(t *testing.T) { func TestSpoof(t *testing.T) {
// Send query for example.org, get reply for example.net; should not be cached. // Send query for example.org, get reply for example.net; should not be cached.
c := New() c := New()
c.Next = spoofHandler() c.Next = spoofHandler(true)
req := new(dns.Msg) req := new(dns.Msg)
req.SetQuestion("example.org.", dns.TypeA) req.SetQuestion("example.org.", dns.TypeA)
@ -39,13 +39,29 @@ func TestSpoof(t *testing.T) {
} }
} }
func TestResponse(t *testing.T) {
// Send query for example.org, get reply for example.net; should not be cached.
c := New()
c.Next = spoofHandler(false)
req := new(dns.Msg)
req.SetQuestion("example.net.", dns.TypeA)
rec := dnstest.NewRecorder(&test.ResponseWriter{})
c.ServeDNS(context.TODO(), rec, req)
if c.pcache.Len() != 0 {
t.Errorf("cached %s, while reply had response set to %t", "example.net.", rec.Msg.Response)
}
}
// spoofHandler is a fake plugin implementation which returns a single A records for example.org. The qname in the // spoofHandler is a fake plugin implementation which returns a single A records for example.org. The qname in the
// question section is set to example.NET (i.e. they *don't* match). // question section is set to example.NET (i.e. they *don't* match).
func spoofHandler() plugin.Handler { func spoofHandler(response bool) plugin.Handler {
return plugin.HandlerFunc(func(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) { return plugin.HandlerFunc(func(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
m := new(dns.Msg) m := new(dns.Msg)
m.SetQuestion("example.net.", dns.TypeA) m.SetQuestion("example.net.", dns.TypeA)
m.Response = true m.Response = response
m.Answer = []dns.RR{test.A("example.org. IN A 127.0.0.53")} m.Answer = []dns.RR{test.A("example.org. IN A 127.0.0.53")}
w.WriteMsg(m) w.WriteMsg(m)
return dns.RcodeSuccess, nil return dns.RcodeSuccess, nil

4
request/request.go
View file

@ -380,6 +380,10 @@ func (r *Request) Match(reply *dns.Msg) bool {
return false return false
} }
if reply.Response == false {
return false
}
if strings.ToLower(reply.Question[0].Name) != r.Name() { if strings.ToLower(reply.Question[0].Name) != r.Name() {
return false return false
} }

1
request/request_test.go
View file

@ -162,6 +162,7 @@ func TestRequestScrubAnswerExact(t *testing.T) {
func TestRequestMatch(t *testing.T) { func TestRequestMatch(t *testing.T) {
st := testRequest() st := testRequest()
reply := new(dns.Msg) reply := new(dns.Msg)
reply.Response = true
reply.SetQuestion("example.com.", dns.TypeMX) reply.SetQuestion("example.com.", dns.TypeMX)
if b := st.Match(reply); b { if b := st.Match(reply); b {