Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

EDNS0 OWNER Option isn't parsed correctly (because draft-cheshire-edns0-owner-option-01 isn't accurate) #4429

Open
evverx opened this issue Jun 15, 2024 · 1 comment

Comments

@evverx
Copy link
Contributor

evverx commented Jun 15, 2024

Brief description

https://datatracker.ietf.org/doc/html/draft-cheshire-edns0-owner-option-01 refers to the Len field in https://datatracker.ietf.org/doc/html/draft-cheshire-edns0-owner-option-01#section-3.2 but it's off by 4 there because the Len field should be the size of the option data (without the "Opt" and "Len" fields: https://datatracker.ietf.org/doc/html/rfc6891#section-6.1.2)

Scapy version

6b26ace

Python version

3.12.3

Operating system

6.8.11-300.fc40.x86_64

Additional environment information

No response

How to reproduce

DNSRROPT(b'\x00\x00)\x05\xa0\x00\x00\x11\x94\x00\x12\x00\x04\x00\x0e\x00F\x8f_\xef\xc6_|p\x9f\x03\x1e$s')

Actual result

###[ DNS OPT Resource Record ]###
  rrname    = b'.'
  type      = OPT
  rclass    = 1440
  extrcode  = 0
  version   = 0
  z         = 4500
  rdlen     = 18
  \rdata     \
   |###[ EDNS0 Owner (OWN) ]###
   |  optcode   = Owner
   |  optlen    = 14
   |  v         = 0
   |  s         = 70
   |  primary_mac= 8f:5f:ef:c6:5f:7c
   |###[ DNS EDNS0 TLV ]###
   |  optcode   = 28831
   |  optlen    = 798
   |  optdata   = b'$s'

Expected result

###[ DNS OPT Resource Record ]###
  rrname    = b'.'
  type      = OPT
  rclass    = 1440
  extrcode  = 0
  version   = 0
  z         = 4500
  rdlen     = 18
  \rdata     \
   |###[ EDNS0 Owner (OWN) ]###
   |  optcode   = Owner
   |  optlen    = 14
   |  v         = 0
   |  s         = 70
   |  primary_mac= 8f:5f:ef:c6:5f:7c
   |  wakeup_mac= 70:9f:03:1e:24:73

Related resources

Here's how mDNSResponder parses it:
https://github.com/apple-oss-distributions/mDNSResponder/blob/d5029b5dff8aa59d1fc07ed796e994106ef58dee/mDNSCore/mDNSEmbeddedAPI.h#L914-L917

#define DNSOpt_OwnerData_ID_Space          (4 + 2 + 6)
#define DNSOpt_OwnerData_ID_Wake_Space     (4 + 2 + 6 + 6)
#define DNSOpt_OwnerData_ID_Wake_PW4_Space (4 + 2 + 6 + 6 + 4)
#define DNSOpt_OwnerData_ID_Wake_PW6_Space (4 + 2 + 6 + 6 + 6)
...
#define ValidOwnerLength(X) (   (X) == DNSOpt_OwnerData_ID_Space          - 4 || \
                                (X) == DNSOpt_OwnerData_ID_Wake_Space     - 4 || \
                                (X) == DNSOpt_OwnerData_ID_Wake_PW4_Space - 4 || \
                                (X) == DNSOpt_OwnerData_ID_Wake_PW6_Space - 4    )

https://github.com/apple-oss-distributions/mDNSResponder/blob/d5029b5dff8aa59d1fc07ed796e994106ef58dee/mDNSCore/DNSCommon.c#L3601-L3617

@evverx
Copy link
Contributor Author

evverx commented Jun 15, 2024

It can be fixed by replacing 18 with 14 and so on but there is another issue because it isn't possible to build the option with wakeup_mac without having to specify the length explicitly. I'm not sure how to fix it yet.

@evverx evverx changed the title EDNS0 OWNER Option isn't parsed correctly (because draft-cheshire-edns0-owner-option-01 is wrong) EDNS0 OWNER Option isn't parsed correctly (because draft-cheshire-edns0-owner-option-01 isn't accurate) Jun 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant