From: Artem Boldariev <artem@boldariev.com>
Date: Fri, 28 Mar 2025 07:20:16 +0000 (+0200)
Subject: Add isc_tls_valid_sni_hostname()
X-Git-Tag: v9.21.7~12^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1f199ee60654e5cf47821f3b96b980bff34769bc;p=thirdparty%2Fbind9.git

Add isc_tls_valid_sni_hostname()

Add a function that checks if a 'hostname' is not a valid IPv4 or IPv6
address. Returns 'true' if the hostname is likely a domain name, and
'false' if it represents an IP address.
---

diff --git a/lib/isc/include/isc/tls.h b/lib/isc/include/isc/tls.h
index 6de0152c495..50755ac2b1e 100644
--- a/lib/isc/include/isc/tls.h
+++ b/lib/isc/include/isc/tls.h
@@ -608,6 +608,14 @@ isc_tlsctx_set_random_session_id_context(isc_tlsctx_t *ctx);
  *\li   'ctx' - a valid non-NULL pointer;
  */
 
+bool
+isc_tls_valid_sni_hostname(const char *hostname);
+/*%<
+ * Checks if a 'hostname' is not a valid IPv4 or IPv6 address
+ * string. Returns 'true' if the hostname is likely a domain name, and
+ * 'false' if it represents an IP address.
+ */
+
 #define isc_tlserr2result(category, module, funcname, fallback)            \
 	isc__tlserr2result(category, module, funcname, fallback, __FILE__, \
 			   __LINE__)
diff --git a/lib/isc/tls.c b/lib/isc/tls.c
index a52863e23ab..1d1990a9530 100644
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@@ -1528,6 +1528,29 @@ isc_tlsctx_set_random_session_id_context(isc_tlsctx_t *ctx) {
 		SSL_CTX_set_session_id_context(ctx, session_id_ctx, len) == 1);
 }
 
+bool
+isc_tls_valid_sni_hostname(const char *hostname) {
+	struct sockaddr_in sa_v4 = { 0 };
+	struct sockaddr_in6 sa_v6 = { 0 };
+	int ret = 0;
+
+	if (hostname == NULL) {
+		return false;
+	}
+
+	ret = inet_pton(AF_INET, hostname, &sa_v4.sin_addr);
+	if (ret == 1) {
+		return false;
+	}
+
+	ret = inet_pton(AF_INET6, hostname, &sa_v6.sin6_addr);
+	if (ret == 1) {
+		return false;
+	}
+
+	return true;
+}
+
 static isc_result_t
 isc__tls_toresult(isc_result_t fallback) {
 	isc_result_t result = fallback;