net: dns: Generate and verify transaction ID

The transaction ID wasn't verified on received DNS responses, plus the
ID needs to be difficult to predict in order to avoid MitM (man in the
middle) being able to easily forge responses.

The ID is generated from the time of the request, probably not strongly
unpredictable, this what musl does and it is considered to be enough.

Signed-off-by: Jules Maselbas <jmaselbas@kalray.eu>
Link: https://lore.barebox.org/20220512143726.21614-1-jmaselbas@kalray.eu
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

1 files changed, 11 insertions, 1 deletions

diff --git a/net/dns.c b/net/dns.c
index 78588b96fd..8b5e8d59e8 100644
--- a/net/dns.c
+++ b/net/dns.c
@@ -58,6 +58,7 @@ struct header {
 
 static struct net_connection *dns_con;
 static uint64_t dns_timer_start;
+static uint16_t dns_req_id;
 static int dns_state;
 static IPaddr_t dns_ip;
 
@@ -70,9 +71,12 @@ static int dns_send(const char *name)
 	unsigned char *p, *s, *fullname, *dotptr;
 	const unsigned char *domain;
 
+	/* generate "difficult" to predict transaction id */
+	dns_req_id = dns_timer_start + (dns_timer_start >> 16);
+
 	/* Prepare DNS packet header */
 	header           = (struct header *)packet;
-	header->tid      = 1;
+	header->tid      = htons(dns_req_id);
 	header->flags    = htons(0x100);	/* standard query */
 	header->nqueries = htons(1);		/* Just one query */
 	header->nanswers = 0;
@@ -127,6 +131,12 @@ static void dns_recv(struct header *header, unsigned len)
 
 	pr_debug("%s\n", __func__);
 
+	/* Only accept responses with the expected request id */
+	if (ntohs(header->tid) != dns_req_id) {
+		pr_debug("DNS response with incorrect id\n");
+		return;
+	}
+
 	/* We sent 1 query. We want to see more that 1 answer. */
 	if (ntohs(header->nqueries) != 1)
 		return;