Description
When working with DNS requests from bad actors (robots, vulnerability scanners, etc), we sometimes stumble upon below exception:
java.lang.NullPointerException: Cannot invoke "java.util.List.get(int)" because "l" is null at org.xbill.DNS.Message.getTSIG(Message.java:303)
My understanding is that the -possibly forged- DNS request header has the counts set wrong for the ADDITIONAL section. Replacing
int count = header.getCount(Section.ADDITIONAL); if (count == 0) { return null; } List<Record> l = sections[Section.ADDITIONAL];
with
List<Record> l = sections[Section.ADDITIONAL]; if (l == null) { return null; }
would probably handle this case without the NPE.
Metadata
Metadata
Assignees
Labels
No labels