evdns_server_request_format_response() sets TC flag wrong
kenobi> evdns_server_request_format_response() with dnsname_to_labels() wrongly implements part of rfc1035 about logic for sets of TC bit. kenobi> " Messages carried by UDP are restricted to 512 bytes (not counting the IP or UDP headers). Longer messages are truncated and the TC bit is set in the header" kenobi> TC bits should be sets only if lenght of all message via UDP was more than 512 bytes. Not alone lables or names. kenobi> for now TC bit sets for wrongly lengthed labels, which stricly limits for 63, but those means transmited error not signaling truncate bit.
do you have a patch? :) kenobi> I do not have patch, because it's should be designed for future tcp transport too, so it's slightly hard for patch by one line.
(does this affect anything in practice, or is it just a theoretical correctness issue?) kenobi> It's can be exploit via exotic attack, if reverse lookup was controled by attacker and exit relay was too. And resolv.conf contained ISP's DNS. what would the attack achieve, in that case? kenobi> ip address of ISP's DNS
[Automatically added by flyspray2trac: Operating System: All]