diff options
| author | Lennart Poettering <lennart@poettering.net> | 2015-11-29 14:27:28 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2015-11-30 19:42:35 +0100 |
| commit | 1dfbf0007af3023c2e3ae8282a0d0f229f3a89e3 (patch) | |
| tree | c50e23e955b9d7151fb0f4f55c833daf8e7eff01 | |
| parent | 3b37fa735224e58fcc23c737b764d13e22c2885b (diff) | |
dns-domain: don't accept overly long hostnames
Make sure dns_name_normalize(), dns_name_concat(), dns_name_is_valid()
do not accept/generate invalidly long hostnames, i.e. longer than 253
characters.
| -rw-r--r-- | src/shared/dns-domain.c | 3 | ||||
| -rw-r--r-- | src/shared/dns-domain.h | 3 | ||||
| -rw-r--r-- | src/test/test-dns-domain.c | 18 |
3 files changed, 24 insertions, 0 deletions
diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c index 7a4093cc47..ab61eb3b6e 100644 --- a/src/shared/dns-domain.c +++ b/src/shared/dns-domain.c @@ -442,6 +442,9 @@ int dns_name_concat(const char *a, const char *b, char **_ret) { n += r; } + if (n > DNS_HOSTNAME_MAX) + return -EINVAL; + if (_ret) { if (!GREEDY_REALLOC(ret, allocated, n + 1)) return -ENOMEM; diff --git a/src/shared/dns-domain.h b/src/shared/dns-domain.h index c68f1945e1..44a9975541 100644 --- a/src/shared/dns-domain.h +++ b/src/shared/dns-domain.h @@ -31,6 +31,9 @@ /* Worst case length of a single label, with all escaping applied and room for a trailing NUL byte. */ #define DNS_LABEL_ESCAPED_MAX (DNS_LABEL_MAX*4+1) +/* Maximum length of a full hostname, consisting of a series of unescaped labels, and no trailing dot or NUL byte */ +#define DNS_HOSTNAME_MAX 253 + int dns_label_unescape(const char **name, char *dest, size_t sz); int dns_label_unescape_suffix(const char *name, const char **label_end, char *dest, size_t sz); int dns_label_escape(const char *p, size_t l, char *dest, size_t sz); diff --git a/src/test/test-dns-domain.c b/src/test/test-dns-domain.c index 7ad59d378a..3e470c0ef2 100644 --- a/src/test/test-dns-domain.c +++ b/src/test/test-dns-domain.c @@ -314,6 +314,24 @@ static void test_dns_name_is_valid(void) { test_dns_name_is_valid_one("\\zbar", 0); test_dns_name_is_valid_one("รค", 1); test_dns_name_is_valid_one("\n", 0); + + /* 256 characters*/ + test_dns_name_is_valid_one("a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345", 0); + + /* 255 characters*/ + test_dns_name_is_valid_one("a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a1234", 0); + + /* 254 characters*/ + test_dns_name_is_valid_one("a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a123", 0); + + /* 253 characters*/ + test_dns_name_is_valid_one("a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12", 1); + + /* label of 64 chars length */ + test_dns_name_is_valid_one("a123456789a123456789a123456789a123456789a123456789a123456789a123", 0); + + /* label of 63 chars length */ + test_dns_name_is_valid_one("a123456789a123456789a123456789a123456789a123456789a123456789a12", 1); } static void test_dns_service_name_is_valid(void) { |