net/dns/resolver: EDNS OPT record off-by-one

I don't know how to get access to a real packet. Basing this commit entirely off: +------------+--------------+------------------------------+ | Field Name | Field Type | Description | +------------+--------------+------------------------------+ | NAME | domain name | MUST be 0 (root domain) | | TYPE | u_int16_t | OPT (41) | | CLASS | u_int16_t | requestor's UDP payload size | | TTL | u_int32_t | extended RCODE and flags | | RDLEN | u_int16_t | length of all RDATA | | RDATA | octet stream | {attribute,value} pairs | +------------+--------------+------------------------------+ From https://datatracker.ietf.org/doc/html/rfc6891#section-6.1.2 Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2024-11-29 13:05:46 +00:00 · 2021-07-27 16:23:07 -07:00 · 2021-07-27 16:23:07 -07:00 · f414a9cc01
commit f414a9cc01
parent 1034b17bc7
1 changed files with 3 additions and 2 deletions
--- a/net/dns/resolver/forwarder.go
+++ b/net/dns/resolver/forwarder.go
@ -125,6 +125,7 @@ func clampEDNSSize(packet []byte, maxSize uint16) {
 		return
 	}

+	// https://datatracker.ietf.org/doc/html/rfc6891#section-6.1.2
 	opt := packet[len(packet)-optFixedBytes:]

 	if opt[0] != 0 {
@ -141,8 +142,8 @@ func clampEDNSSize(packet []byte, maxSize uint16) {
 		// Be conservative and don't touch unknown versions.
 		return
 	}
-	// Ignore flags in opt[7:9]
-	if binary.BigEndian.Uint16(opt[10:12]) != 0 {
+	// Ignore flags in opt[6:9]
+	if binary.BigEndian.Uint16(opt[9:11]) != 0 {
 		// RDLEN must be 0 (no variable length data). We're at the end of the
 		// packet so this should be 0 anyway)..
 		return