From: Peter van Dijk <peter.van.dijk@powerdns.com>
Date: Mon, 21 Jun 2021 10:18:04 +0000 (+0200)
Subject: SVCB: on parse error, throw instead of truncate. Fixes #10442
X-Git-Tag: dnsdist-1.7.0-alpha1~134^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F10511%2Fhead;p=thirdparty%2Fpdns.git

SVCB: on parse error, throw instead of truncate. Fixes #10442
---

diff --git a/pdns/dnslabeltext.rl b/pdns/dnslabeltext.rl
index 3731345739..87a5799672 100644
--- a/pdns/dnslabeltext.rl
+++ b/pdns/dnslabeltext.rl
@@ -293,6 +293,10 @@ size_t parseSVCBValueListFromParsedRFC1035CharString(const std::string &in, std:
   (void) dns_text_to_value_list_en_main;
   %% write exec;
 
+  if ( cs < dns_text_to_value_list_first_final ) {
+          throw runtime_error("Unable to parse DNS SVCB value list '"+in+"'");
+  }
+
   return counter;
 }
 
diff --git a/pdns/test-dnsrecords_cc.cc b/pdns/test-dnsrecords_cc.cc
index 6a1224e2e1..6c66cb2312 100644
--- a/pdns/test-dnsrecords_cc.cc
+++ b/pdns/test-dnsrecords_cc.cc
@@ -491,6 +491,13 @@ BOOST_AUTO_TEST_CASE(test_unknown_records_in) {
   }
 }
 
+// test that we reject invalid SVCB escaping
+BOOST_AUTO_TEST_CASE(test_svcb_records_in) {
+
+  BOOST_CHECK_THROW(auto invalidSVCB1=DNSRecordContent::mastermake(QType::SVCB, QClass::IN, R"FOO(1 . alpn=foo\\)FOO"), std::runtime_error);
+
+}
+
 // special record test, because EUI are odd
 BOOST_AUTO_TEST_CASE(test_eui_records_in) {