From d2f6c69a2cd0e6294316d935e0dd2744d260a376 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Sat, 27 Jan 2018 16:59:45 +0100
Subject: [PATCH] More checks on the response

---
 dnscrypt-proxy/serversInfo.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/dnscrypt-proxy/serversInfo.go b/dnscrypt-proxy/serversInfo.go
index 24bb130a..c8df5d23 100644
--- a/dnscrypt-proxy/serversInfo.go
+++ b/dnscrypt-proxy/serversInfo.go
@@ -215,7 +215,7 @@ func (serversInfo *ServersInfo) fetchDoHServerInfo(proxy *Proxy, name string, st
 		return ServerInfo{}, err
 	}
 	body := ioutil.NopCloser(bytes.NewReader([]byte{
-		0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x29, 0x10, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00,
+		0xca, 0xfe, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x29, 0x10, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00,
 	}))
 	req := &http.Request{
 		Method: "POST",
@@ -243,7 +243,8 @@ func (serversInfo *ServersInfo) fetchDoHServerInfo(proxy *Proxy, name string, st
 	if err != nil {
 		return ServerInfo{}, err
 	}
-	if len(respBody) < MinDNSPacketSize || len(respBody) > MaxDNSPacketSize {
+	if len(respBody) < MinDNSPacketSize || len(respBody) > MaxDNSPacketSize ||
+		respBody[0] != 0xca || respBody[1] != 0xfe || respBody[4] != 0x00 || respBody[5] != 0x01 {
 		return ServerInfo{}, errors.New("Webserver returned an unexpected response")
 	}
 	dlog.Noticef("[%s] OK (DoH) - rtt: %dms", name, rtt.Nanoseconds()/1000000)