dhcp: extract the RCODE that was sent and abort query if non-zero and notify the

caller instaed of waiting for the timer to expire

Author: gasbytes

src/test/unit/unit.c

@@ -674,6 +674,7 @@ Suite *wolf_suite(void)
     tcase_add_test(tc_proto, test_regression_fast_recovery_cwnd_ssthresh_rfc5681);
     tcase_add_test(tc_proto, test_regression_paws_rejects_stale_timestamp);
     tcase_add_test(tc_proto, test_regression_dhcp_nak_restarts_configuration);
+    tcase_add_test(tc_proto, test_regression_dns_rcode_error_aborts_query);
 
     tcase_add_test(tc_utils, test_transport_checksum);
     tcase_add_test(tc_utils, test_iphdr_set_checksum);

src/test/unit/unit_tests_proto.c

@@ -4264,5 +4264,57 @@ START_TEST(test_regression_dhcp_nak_restarts_configuration)
 }
 END_TEST
 
+/* DNS response parser does not check the RCODE field.  An error response
+ * such as NXDOMAIN (RCODE=3) passes the QR+RD check, the empty answer
+ * section is silently skipped, and the query stays active until the
+ * retry timer fires.  RFC 1035 s4.1.1: RCODE != 0 is an error. */
+START_TEST(test_regression_dns_rcode_error_aborts_query)
+{
+    struct wolfIP s;
+    struct tsocket *ts;
+    uint8_t response[64];
+    struct dns_header *hdr = (struct dns_header *)response;
+    struct dns_question *q;
+    int pos;
+
+    wolfIP_init(&s);
+    mock_link_init(&s);
+    s.dns_server = 0x08080808U;
+
+    /* Set up an active DNS query */
+    s.dns_udp_sd = wolfIP_sock_socket(&s, AF_INET, IPSTACK_SOCK_DGRAM, WI_IPPROTO_UDP);
+    ck_assert_int_gt(s.dns_udp_sd, 0);
+    ts = &s.udpsockets[SOCKET_UNMARK(s.dns_udp_sd)];
+    s.dns_id = 0xABCD;
+    s.dns_query_type = DNS_QUERY_TYPE_A;
+    s.dns_lookup_cb = test_dns_lookup_cb;
+
+    /* Build a DNS response with RCODE=3 (NXDOMAIN).
+     * flags = 0x8183: QR=1, RD=1, RA=1, RCODE=3
+     * ancount=0 (no answers, as expected for NXDOMAIN). */
+    memset(response, 0, sizeof(response));
+    hdr->id = ee16(0xABCD);
+    hdr->flags = ee16(0x8183);
+    hdr->qdcount = ee16(1);
+    hdr->ancount = ee16(0);
+    pos = sizeof(struct dns_header);
+    response[pos++] = 3; memcpy(&response[pos], "foo", 3); pos += 3;
+    response[pos++] = 3; memcpy(&response[pos], "com", 3); pos += 3;
+    response[pos++] = 0;
+    q = (struct dns_question *)(response + pos);
+    q->qtype = ee16(DNS_A);
+    q->qclass = ee16(1);
+    pos += sizeof(struct dns_question);
+
+    enqueue_udp_rx(ts, response, (uint16_t)pos, DNS_PORT);
+    dns_callback(s.dns_udp_sd, CB_EVENT_READABLE, &s);
+
+    /* The query must be aborted after receiving an authoritative error,
+     * not left active for the retry timer to fire. */
+    ck_assert_uint_eq(s.dns_id, 0);
+    ck_assert_int_eq(s.dns_query_type, DNS_QUERY_TYPE_NONE);
+}
+END_TEST
+
 
 /* ----------------------------------------------------------------------- */

src/wolfip.c

@@ -6637,6 +6637,10 @@ void dns_callback(int dns_sd, uint16_t ev, void *arg)
     char buf[MAX_DNS_RESPONSE];
     struct dns_header *hdr = (struct dns_header *)buf;
     int dns_len;
+    int pos;
+    int qcount;
+    int ancount;
+
     if (!s)
         return;
     if (ev & CB_EVENT_READABLE) {
@@ -6653,9 +6657,14 @@ void dns_callback(int dns_sd, uint16_t ev, void *arg)
             return;
         /* Parse DNS response */
         if ((ee16(hdr->flags) & 0x8100) == 0x8100) {
-            int pos = sizeof(struct dns_header);
-            int qcount = ee16(hdr->qdcount);
-            int ancount = ee16(hdr->ancount);
+            /* RFC 1035 s4.1.1: RCODE != 0 is an error; abort query. */
+            if ((ee16(hdr->flags) & 0x000F) != 0) {
+                dns_abort_query(s);
+                return;
+            }
+            pos = sizeof(struct dns_header);
+            qcount = ee16(hdr->qdcount);
+            ancount = ee16(hdr->ancount);
             while (qcount-- > 0) {
                 pos = dns_skip_name((const uint8_t *)buf, dns_len, pos);
                 if (pos < 0 || pos + (int)sizeof(struct dns_question) > dns_len) {