From: Kees Monshouwer Date: Wed, 15 Jun 2016 09:34:35 +0000 (+0200) Subject: re enable validDNSName check X-Git-Tag: auth-4.0.0-rc1~15^2~1 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1d563353e4254eb65d090d7a8cbf844bc2cc923f;p=thirdparty%2Fpdns.git re enable validDNSName check --- diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc index 5202c21d11..e35e4be14a 100644 --- a/pdns/packethandler.cc +++ b/pdns/packethandler.cc @@ -881,6 +881,24 @@ int PacketHandler::processNotify(DNSPacket *p) return 0; } +bool validDNSName(const DNSName &name) +{ + string::size_type pos, length; + char c; + for(const auto& s : name.getRawLabels()) { + length=s.length(); + for(pos=0; pos < length; ++pos) { + c=s[pos]; + if(!((c >= 'a' && c <= 'z') || + (c >= 'A' && c <= 'Z') || + (c >= '0' && c <= '9') || + c =='-' || c == '_' || c=='*' || c=='.' || c=='/' || c=='@' || c==' ' || c=='\\' || c==':')) + return false; + } + } + return true; +} + DNSPacket *PacketHandler::question(DNSPacket *p) { DNSPacket *ret; @@ -1158,15 +1176,15 @@ DNSPacket *PacketHandler::questionOrRecurse(DNSPacket *p, bool *shouldRecurse) // XXX FIXME do this in DNSPacket::parse ? - // if(!validDNSName(p->qdomain)) { - // if(d_logDNSDetails) - // L<getRemote()<<", '"<qdomain<<"': sending servfail"<d_remote); - // S.inc("servfail-packets"); - // r->setRcode(RCode::ServFail); - // return r; - // } + if(!validDNSName(p->qdomain)) { + if(d_logDNSDetails) + L<getRemote()<<", '"<qdomain<<"': sending servfail"<d_remote); + S.inc("servfail-packets"); + r->setRcode(RCode::ServFail); + return r; + } if(p->d.opcode) { // non-zero opcode (again thanks RA!) if(p->d.opcode==Opcode::Update) { S.inc("dnsupdate-queries");