From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 28 Apr 2016 09:59:01 +0000 (+0200)
Subject: Add consistency checks to segmentDNSNameRaw()
X-Git-Tag: rec-4.0.0-alpha3~30^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F3789%2Fhead;p=thirdparty%2Fpdns.git

Add consistency checks to segmentDNSNameRaw()

This fixes most issues found by fuzzing loadRPZFromFile() with
American Fuzzy Lop.
---

diff --git a/pdns/dnslabeltext.rl b/pdns/dnslabeltext.rl
index fb3c3d210f..fe64966fd0 100644
--- a/pdns/dnslabeltext.rl
+++ b/pdns/dnslabeltext.rl
@@ -111,6 +111,9 @@ DNSName::string_t segmentDNSNameRaw(const char* realinput)
         unsigned int lenpos=0;
         %%{
                 action labelEnd { 
+                        if (labellen < 0 || labellen > 63) {
+                          throw runtime_error("Unable to parse DNS name '"+string(realinput)+"': invalid label length "+std::to_string(labellen));
+                        }
                         ret[lenpos]=labellen;
                         labellen=0;
                 }
diff --git a/pdns/dnsname.cc b/pdns/dnsname.cc
index cfc4d4bebe..369fb4f870 100644
--- a/pdns/dnsname.cc
+++ b/pdns/dnsname.cc
@@ -51,8 +51,12 @@ DNSName::DNSName(const char* p)
       }
       d_storage.append(1, (char)0);
     }
-    else
+    else {
       d_storage=segmentDNSNameRaw(p); 
+      if(d_storage.size() > 255) {
+        throw std::range_error("name too long");
+      }
+    }
   }
 }