evdns_server_request_format_response() sets TC flag wrong

Severity: Normal Keywords: dns tor-relay prop219
Cc: arma, nickm, Sebastian
kenobi> evdns_server_request_format_response() with dnsname_to_labels()
wrongly implements part of rfc1035 about logic for sets of TC bit.
kenobi> " Messages carried by UDP are restricted to 512 bytes (not counting
the IP or UDP headers). Longer messages are truncated and the TC bit is set
in the header"
kenobi> TC bits should be sets only if lenght of all message via UDP was more
than 512 bytes. Not alone lables or names.
kenobi> for now TC bit sets for wrongly lengthed labels, which stricly limits
for 63, but those means transmited error not signaling truncate bit.

do you have a patch? :)

kenobi> I do not have patch, because it's should be designed for future tcp
transport too, so it's slightly hard for patch by one line.

(does this affect anything in practice, or is it just a theoretical

correctness issue?)
kenobi> It's can be exploit via exotic attack, if reverse lookup was
controled by attacker and exit relay was too. And resolv.conf contained ISP's

what would the attack achieve, in that case?

kenobi> ip address of ISP's DNS

kenobi> possible some examples for fixes of it via netfilter or flushing of
resolv.conf. I recall TorVM drops dns via tcp as example.

DNS bug. This should get done as part of any future dns revamp.

