Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

createServer crash on malformed packet #11

Open
ghost opened this issue Sep 4, 2014 · 2 comments
Open

createServer crash on malformed packet #11

ghost opened this issue Sep 4, 2014 · 2 comments

Comments

@ghost
Copy link

ghost commented Sep 4, 2014

It is possible to crash a DNS server created with .createServer by sending it a bad packet. An exception is thrown by the DNS message parser which cannot be caught using the .createServer API.

The crash can be reproduced by running the following server code:

var dnsd = require('dnsd');

dnsd.createServer(function(req, res) {
  res.end('1.2.3.4');
}).listen(5300);

Once the server is started, send it a non-DNS packet:

netcat -u localhost 5300 <<< test

The server crashes with the following message:

buffer.js:582
    throw new RangeError('Trying to access beyond buffer length');
          ^
RangeError: Trying to access beyond buffer length
    at checkOffset (buffer.js:582:11)
    at Buffer.readUInt16BE (buffer.js:602:5)
    at record_count (/home/tim/test/node_modules/dnsd/parse.js:76:16)
    at Object.sections (/home/tim/test/node_modules/dnsd/parse.js:144:30)
    at Request.DNSMessage.parse (/home/tim/test/node_modules/dnsd/message.js:99:30)
    at Request.DNSMessage (/home/tim/test/node_modules/dnsd/message.js:55:10)
    at new Request (/home/tim/test/node_modules/dnsd/server.js:177:11)
    at Server.on_udp (/home/tim/test/node_modules/dnsd/server.js:167:13)
    at Socket.<anonymous> (/home/tim/test/node_modules/dnsd/server.js:45:54)
    at Socket.emit (events.js:98:17)
@ghost
Copy link
Author

ghost commented Sep 4, 2014

Here is the patch I used for silently ignoring malformed DNS packets:

commit 17cd4d84b0d35c4a34473b3bb37017cc7788e108
Author: Tim Cooper <[email protected]>
Date:   Thu Sep 4 11:38:32 2014 -0300

    silently ignore any malformed packets when using the .createServer API

diff --git a/server.js b/server.js
index 25e095d..9eec51f 100644
--- a/server.js
+++ b/server.js
@@ -142,11 +142,13 @@ Server.prototype.on_tcp_connection = function(connection) {

     if(length !== null && bytes_received == 2 + length) {
       // All of the data (plus the 2-byte length prefix) is received.
-      var data = Buffer.concat(bufs)
-        , req = new Request(data, connection)
-        , res = new Response(data, connection)
+      try {
+        var data = Buffer.concat(bufs)
+          , req = new Request(data, connection)
+          , res = new Response(data, connection)

-      self.emit('request', req, res)
+        self.emit('request', req, res)
+      } catch (ex) { }
     }
   })
 }
@@ -164,10 +166,12 @@ Server.prototype.on_udp = function(data, rinfo) {
                    , 'end'          : function() {}
                    }

-  var req = new Request(data, connection)
-    , res = new Response(data, connection)
+  try {
+    var req = new Request(data, connection)
+      , res = new Response(data, connection)

-  self.emit('request', req, res)
+    self.emit('request', req, res)
+  } catch (ex) { }
 }

@codewise-nicolas codewise-nicolas mentioned this issue Nov 22, 2014
Open
@jhs
Copy link
Member

jhs commented Nov 24, 2014

Great catch! Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jhs