From: Willy Tarreau <w@1wt.eu>
Date: Fri, 15 Oct 2021 05:45:38 +0000 (+0200)
Subject: MEDIUM: resolvers: lower-case labels when converting from/to DNS names
X-Git-Tag: v2.5-dev11~43
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=814889c28a3ce1bf0bfe2669d43489feba5b4e91;p=thirdparty%2Fhaproxy.git

MEDIUM: resolvers: lower-case labels when converting from/to DNS names

The whole code relies on performing case-insensitive comparison on
lookups, which is extremely inefficient.

Let's make sure that all labels to be looked up or sent are first
converted to lower case. Doing so is also the opportunity to eliminate
an inefficient memcpy() in resolv_dn_label_to_str() that essentially
runs over a few unaligned bytes at once. As a side note, that call
was dangerous because it relied on a sign-extended size taken from a
string that had to be sanitized first.

This is tagged medium because while this is 100% safe, it may cause
visible changes on the wire at the packet level and trigger bugs in
test programs.
---

diff --git a/src/resolvers.c b/src/resolvers.c
index 9586f3e47b..6fe38fbe0f 100644
--- a/src/resolvers.c
+++ b/src/resolvers.c
@@ -1639,9 +1639,9 @@ int resolv_dn_label_to_str(const char *dn, int dn_len, char *str, int str_len)
 		sz = dn[i];
 		if (i)
 			*ptr++ = '.';
-		memcpy(ptr, dn+i+1, sz);
-		ptr += sz;
-		i   += sz;
+		/* copy the string at i+1 to lower case */
+		for (; sz > 0; sz--)
+			*(ptr++) = tolower(dn[++i]);
 	}
 	*ptr++ = '\0';
 	return (ptr - str);
@@ -1683,7 +1683,7 @@ int resolv_str_to_dn_label(const char *str, int str_len, char *dn, int dn_len)
 			offset = i+1;
 			continue;
 		}
-		dn[i+1] = str[i];
+		dn[i+1] = tolower(str[i]);
 	}
 	dn[offset] = i - offset;
 	dn[i+1] = '\0';