Nits

Author: jedisct1

dnscrypt-proxy/dnsutils.go

@@ -23,19 +23,34 @@ func validateResponseQuestion(query, response *dns.Msg) error {
 	rQuestion := response.Question[0]
 	qHeader := qQuestion.Header()
 	rHeader := rQuestion.Header()
-	if dns.RRToType(qQuestion) != dns.RRToType(rQuestion) || qHeader.Class != rHeader.Class || !dns.EqualName(qHeader.Name, rHeader.Name) {
+	qType := dns.RRToType(qQuestion)
+	rType := dns.RRToType(rQuestion)
+	if qType != rType || qHeader.Class != rHeader.Class || !dns.EqualName(qHeader.Name, rHeader.Name) {
 		return fmt.Errorf("Response question does not match query: %s/%d/%d != %s/%d/%d",
 			rHeader.Name,
-			dns.RRToType(rQuestion),
+			rType,
 			rHeader.Class,
 			qHeader.Name,
-			dns.RRToType(qQuestion),
+			qType,
 			qHeader.Class,
 		)
 	}
 	return nil
 }
 
+func validateResponseForQuery(query, response *dns.Msg) error {
+	if query == nil || response == nil {
+		return errors.New("Missing query or response")
+	}
+	if !response.Response {
+		return errors.New("response bit is not set")
+	}
+	if response.ID != query.ID {
+		return fmt.Errorf("response ID mismatch: %d != %d", response.ID, query.ID)
+	}
+	return validateResponseQuestion(query, response)
+}
+
 func EmptyResponseFromMessage(srcMsg *dns.Msg) *dns.Msg {
 	dstMsg := &dns.Msg{}
 	dstMsg.ID = srcMsg.ID
@@ -522,13 +537,7 @@ func _dnsExchange(
 	if err := msg.Unpack(); err != nil {
 		return DNSExchangeResponse{err: err}
 	}
-	if !msg.Response {
-		return DNSExchangeResponse{err: errors.New("response bit is not set")}
-	}
-	if msg.ID != query.ID {
-		return DNSExchangeResponse{err: fmt.Errorf("response ID mismatch: %d != %d", msg.ID, query.ID)}
-	}
-	if err := validateResponseQuestion(query, &msg); err != nil {
+	if err := validateResponseForQuery(query, &msg); err != nil {
 		return DNSExchangeResponse{err: err}
 	}
 	return DNSExchangeResponse{response: &msg, rtt: rtt, err: nil}

dnscrypt-proxy/plugins.go

@@ -342,7 +342,7 @@ func (pluginsState *PluginsState) ApplyResponsePlugins(
 	if err := msg.Unpack(); err != nil {
 		return packet, err
 	}
-	if err := validateResponseQuestion(pluginsState.questionMsg, &msg); err != nil {
+	if err := validateResponseForQuery(pluginsState.questionMsg, &msg); err != nil {
 		return packet, err
 	}
 	switch Rcode(packet) {
@@ -381,6 +381,9 @@ func (pluginsState *PluginsState) ApplyResponsePlugins(
 		}
 		pluginsGlobals.RUnlock()
 	}
+	if err := validateResponseForQuery(pluginsState.questionMsg, &msg); err != nil {
+		return packet, err
+	}
 	if err := msg.Pack(); err != nil {
 		return packet, err
 	}

dnscrypt-proxy/query_processing.go

@@ -23,6 +23,10 @@ func validateQuery(query []byte) bool {
 
 // handleSynthesizedResponse - Handles a synthesized DNS response from plugins
 func handleSynthesizedResponse(pluginsState *PluginsState, synth *dns.Msg) ([]byte, error) {
+	if err := validateResponseForQuery(pluginsState.questionMsg, synth); err != nil {
+		pluginsState.returnCode = PluginsReturnCodeParseError
+		return nil, err
+	}
 	if err := synth.Pack(); err != nil {
 		pluginsState.returnCode = PluginsReturnCodeParseError
 		return nil, err
@@ -296,12 +300,11 @@ func processPlugins(
 	}
 
 	if pluginsState.synthResponse != nil {
-		if err = pluginsState.synthResponse.Pack(); err != nil {
-			pluginsState.returnCode = PluginsReturnCodeParseError
+		response, err = handleSynthesizedResponse(pluginsState, pluginsState.synthResponse)
+		if err != nil {
 			pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
 			return response, err
 		}
-		response = pluginsState.synthResponse.Data
 	}
 
 	// Check rcode and handle failures

dnscrypt-proxy/serversInfo.go

@@ -874,30 +874,24 @@ func fetchDNSCryptServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp
 			&name,
 			false,
 		)
-		if err == nil && len(msg.Question) > 0 {
-			question := msg.Question[0]
-			if dns.RRToType(question) == dns.RRToType(query.Question[0]) && strings.EqualFold(question.Header().Name, query.Question[0].Header().Name) {
-				dlog.Debugf("[%s] also serves plaintext DNS", name)
-				if msg.ID != 0xcafe {
-					dlog.Infof("[%s] handling of DNS message identifiers is broken", name)
-				}
-				for _, rr := range msg.Answer {
-					rrType := dns.RRToType(rr)
-					if rrType == dns.TypeA || rrType == dns.TypeAAAA {
-						dlog.Warnf("[%s] may be a lying resolver -- skipping", name)
-						return ServerInfo{}, fmt.Errorf("[%s] unexpected record: [%s]", name, rr.String())
-					}
+		if err == nil {
+			dlog.Debugf("[%s] also serves plaintext DNS", name)
+			for _, rr := range msg.Answer {
+				rrType := dns.RRToType(rr)
+				if rrType == dns.TypeA || rrType == dns.TypeAAAA {
+					dlog.Warnf("[%s] may be a lying resolver -- skipping", name)
+					return ServerInfo{}, fmt.Errorf("[%s] unexpected record: [%s]", name, rr.String())
 				}
-				for _, rr := range msg.Extra {
-					if dns.RRToType(rr) == dns.TypeTXT {
-						dlog.Warnf("[%s] may be a dummy resolver -- skipping", name)
-						txts := rr.(*dns.TXT).Txt
-						cause := ""
-						if len(txts) > 0 {
-							cause = txts[0]
-						}
-						return ServerInfo{}, fmt.Errorf("[%s] unexpected record: [%s]", name, cause)
+			}
+			for _, rr := range msg.Extra {
+				if dns.RRToType(rr) == dns.TypeTXT {
+					dlog.Warnf("[%s] may be a dummy resolver -- skipping", name)
+					txts := rr.(*dns.TXT).Txt
+					cause := ""
+					if len(txts) > 0 {
+						cause = txts[0]
 					}
+					return ServerInfo{}, fmt.Errorf("[%s] unexpected record: [%s]", name, cause)
 				}
 			}
 		}
@@ -919,7 +913,7 @@ func fetchDNSCryptServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp
 	}, nil
 }
 
-func dohTestPacket(msgID uint16) []byte {
+func dohTestPacket(msgID uint16) *dns.Msg {
 	msg := dns.NewMsg(".", dns.TypeNS)
 	msg.ID = msgID
 	msg.RecursionDesired = true
@@ -932,10 +926,10 @@ func dohTestPacket(msgID uint16) []byte {
 	if err := msg.Pack(); err != nil {
 		dlog.Fatal(err)
 	}
-	return msg.Data
+	return msg
 }
 
-func dohNXTestPacket(msgID uint16) []byte {
+func dohNXTestPacket(msgID uint16) *dns.Msg {
 	qName := make([]byte, 16)
 	charset := "abcdefghijklmnopqrstuvwxyz"
 	for i := range qName {
@@ -953,7 +947,7 @@ func dohNXTestPacket(msgID uint16) []byte {
 	if err := msg.Pack(); err != nil {
 		dlog.Fatal(err)
 	}
-	return msg.Data
+	return msg
 }
 
 func plainNXTestPacket(msgID uint16) *dns.Msg {
@@ -985,7 +979,7 @@ func fetchDoHServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp, isN
 		Host:   stamp.ProviderName,
 		Path:   stamp.Path,
 	}
-	body := dohTestPacket(0xcafe)
+	body := dohTestPacket(0xcafe).Data
 	useGet := false
 	if _, _, _, _, err := proxy.xTransport.DoHQuery(useGet, url, body, proxy.timeout); err != nil {
 		useGet = true
@@ -994,25 +988,21 @@ func fetchDoHServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp, isN
 		}
 		dlog.Debugf("Server [%s] doesn't appear to support POST; falling back to GET requests", name)
 	}
-	body = dohNXTestPacket(0xcafe)
-	serverResponse, _, tls, rtt, err := proxy.xTransport.DoHQuery(useGet, url, body, proxy.timeout)
+	queryMsg := dohNXTestPacket(0xcafe)
+	serverResponse, _, tls, rtt, err := proxy.xTransport.DoHQuery(useGet, url, queryMsg.Data, proxy.timeout)
 	if err != nil {
 		dlog.Infof("[%s] [%s]: %v", name, url, err)
 		return ServerInfo{}, err
 	}
 	if tls == nil || !tls.HandshakeComplete {
 		return ServerInfo{}, errors.New("TLS handshake failed")
 	}
-	queryMsg := dns.Msg{Data: body}
-	if err := queryMsg.Unpack(); err != nil {
-		return ServerInfo{}, err
-	}
 	msg := dns.Msg{Data: serverResponse}
 	if err := msg.Unpack(); err != nil {
 		dlog.Warnf("[%s]: %v", name, err)
 		return ServerInfo{}, err
 	}
-	if err := validateResponseQuestion(&queryMsg, &msg); err != nil {
+	if err := validateResponseForQuery(queryMsg, &msg); err != nil {
 		return ServerInfo{}, err
 	}
 	if msg.Rcode != dns.RcodeNameError {
@@ -1133,8 +1123,7 @@ func _fetchODoHTargetInfo(proxy *Proxy, name string, stamp stamps.ServerStamp, i
 	for _, odohTargetConfig := range odohTargetConfigs {
 		url := relay.ODoH.URL
 
-		query := dohTestPacket(0xcafe)
-		odohQuery, err := odohTargetConfig.encryptQuery(query)
+		odohQuery, err := odohTargetConfig.encryptQuery(dohTestPacket(0xcafe).Data)
 		if err != nil {
 			continue
 		}
@@ -1148,8 +1137,8 @@ func _fetchODoHTargetInfo(proxy *Proxy, name string, stamp stamps.ServerStamp, i
 			dlog.Debugf("Server [%s] doesn't appear to support POST; falling back to GET requests", name)
 		}
 
-		query = dohNXTestPacket(0xcafe)
-		odohQuery, err = odohTargetConfig.encryptQuery(query)
+		queryMsg := dohNXTestPacket(0xcafe)
+		odohQuery, err = odohTargetConfig.encryptQuery(queryMsg.Data)
 		if err != nil {
 			continue
 		}
@@ -1173,16 +1162,12 @@ func _fetchODoHTargetInfo(proxy *Proxy, name string, stamp stamps.ServerStamp, i
 		}
 		workingConfigs = append(workingConfigs, odohTargetConfig)
 
-		queryMsg := dns.Msg{Data: query}
-		if err := queryMsg.Unpack(); err != nil {
-			return ServerInfo{}, err
-		}
 		msg := dns.Msg{Data: serverResponse}
 		if err := msg.Unpack(); err != nil {
 			dlog.Warnf("[%s]: %v", name, err)
 			return ServerInfo{}, err
 		}
-		if err := validateResponseQuestion(&queryMsg, &msg); err != nil {
+		if err := validateResponseForQuery(queryMsg, &msg); err != nil {
 			return ServerInfo{}, err
 		}
 		if msg.Rcode != dns.RcodeNameError {