| rfc9267v2.txt | rfc9267.txt | |||
|---|---|---|---|---|
| skipping to change at line 235 ¶ | skipping to change at line 235 ¶ | |||
| +----+----+----+----+----+----+----+----+----+----+----+----+ | +----+----+----+----+----+----+----+----+----+----+----+----+ | |||
| ->+0x0c |0xc0|0x0c| TYPE | CLASS |0x04| t | e | s | t |0x03| | ->+0x0c |0xc0|0x0c| TYPE | CLASS |0x04| t | e | s | t |0x03| | |||
| | +----+--|-+----+----+----+----+----+----+----+----+----+----+ | | +----+--|-+----+----+----+----+----+----+----+----+----+----+ | |||
| | +0x18 | c | o| | m |0x00| TYPE | CLASS | ................ | | | +0x18 | c | o| | m |0x00| TYPE | CLASS | ................ | | |||
| | +----+--|-+----+----+----+----+----+----+----+----+----+----+ | | +----+--|-+----+----+----+----+----+----+----+----+----+----+ | |||
| | | | | | | |||
| ----------------- | ----------------- | |||
| The packet begins with a DNS header at offset +0x00, and its DNS | The packet begins with a DNS header at offset +0x00, and its DNS | |||
| payload contains several RRs. The first RR begins at an offset of 12 | payload contains several RRs. The first RR begins at an offset of 12 | |||
| octets (+0xc0); its first label length octet is set to the value | octets (+0x0c); its first label length octet is set to the value | |||
| "0xc0", which indicates that it is a compression pointer. The | "0xc0", which indicates that it is a compression pointer. The | |||
| compression pointer offset is computed from the two octets "0xc00c" | compression pointer offset is computed from the two octets "0xc00c" | |||
| and is equal to 12. Since the broken implementation in Figure 1 | and is equal to 12. Since the broken implementation in Figure 1 | |||
| follows this offset value blindly, the pointer will jump back to the | follows this offset value blindly, the pointer will jump back to the | |||
| first octet of the first RR (+0xc0) over and over again. The code in | first octet of the first RR (+0x0c) over and over again. The code in | |||
| Figure 1 will enter an infinite-loop state, since it will never leave | Figure 1 will enter an infinite-loop state, since it will never leave | |||
| the "TRUE" branch of the "while" loop. | the "TRUE" branch of the "while" loop. | |||
| Apart from achieving infinite loops, the implementation flaws in | Apart from achieving infinite loops, the implementation flaws in | |||
| Figure 1 make it possible to achieve various pointer loops that have | Figure 1 make it possible to achieve various pointer loops that have | |||
| other undesirable effects. For instance, consider the DNS packet | other undesirable effects. For instance, consider the DNS packet | |||
| excerpt shown below: | excerpt shown below: | |||
| +----+----+----+----+----+----+----+----+----+----+----+----+ | +----+----+----+----+----+----+----+----+----+----+----+----+ | |||
| +0x00 | ID | FLAGS | QDCOUNT | ANCOUNT | NSCOUNT | ARCOUNT | | +0x00 | ID | FLAGS | QDCOUNT | ANCOUNT | NSCOUNT | ARCOUNT | | |||
| End of changes. 2 change blocks. | ||||
| 2 lines changed or deleted | 2 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||