diff -urN pdns-2.9.20.orig/pdns/packethandler.cc pdns-2.9.20/pdns/packethandler.cc
|
old
|
new
|
|
| 479 | 479 | return RCode::NoError; |
| 480 | 480 | } |
| 481 | 481 | |
| | 482 | #define SERIAL_WRAP 4294967296 |
| | 483 | #define SERIAL_MAX_INCREMENT 2147483648 |
| | 484 | |
| 482 | 485 | int PacketHandler::processNotify(DNSPacket *p) |
| 483 | 486 | { |
| 484 | 487 | /* now what? |
| … |
… |
|
| 504 | 507 | } |
| 505 | 508 | |
| 506 | 509 | uint32_t theirserial=0; |
| | 510 | uint64_t increment=0; |
| 507 | 511 | |
| 508 | 512 | /* to quote Rusty Russell - this code is so bad that you can actually hear it suck */ |
| 509 | 513 | /* this is an instant DoS, just spoof notifications from the address of the master and we block */ |
| … |
… |
|
| 514 | 518 | L<<Logger::Error<<"Unable to determine SOA serial for "<<p->qdomain<<" at "<<p->getRemote()<<endl; |
| 515 | 519 | return RCode::ServFail; |
| 516 | 520 | } |
| 517 | | |
| 518 | 521 | |
| 519 | | if(theirserial<=di.serial) { |
| | 522 | if (theirserial<=di.serial) { |
| | 523 | increment = SERIAL_WRAP; |
| | 524 | } |
| | 525 | increment += theirserial - di.serial; |
| | 526 | |
| | 527 | if(increment<0) { |
| 520 | 528 | L<<Logger::Error<<"Received NOTIFY for "<<p->qdomain<<" from master "<<p->getRemote()<<", we are up to date: "<< |
| 521 | 529 | theirserial<<"<="<<di.serial<<endl; |
| 522 | 530 | return RCode::NoError; |
| 523 | 531 | } |
| | 532 | else if (increment>SERIAL_MAX_INCREMENT) { |
| | 533 | L<<Logger::Error<<"Received NOTIFY for "<<p->qdomain<<" from master "<<p->getRemote()<<", increment too big: "<< |
| | 534 | increment<<">"<<MAX_SERIAL_INCREMENT<<endl; |
| | 535 | return RCode::NoError; |
| | 536 | } |
| 524 | 537 | else { |
| 525 | 538 | L<<Logger::Error<<"Received valid NOTIFY for "<<p->qdomain<<" (id="<<di.id<<") from master "<<p->getRemote()<<": "<< |
| 526 | 539 | theirserial<<" > "<<di.serial<<endl; |
