From: Jason Ish Date: Thu, 31 Oct 2024 21:40:40 +0000 (-0600) Subject: dns: truncate names larger than 1025 characters X-Git-Tag: suricata-7.0.8~9 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=58c41a7fa99f62d9a8688e970ab1a9b09c79723a;p=thirdparty%2Fsuricata.git dns: truncate names larger than 1025 characters Once a name has gone over 1025 chars it will be truncated to 1025 chars and no more labels will be added to it, however the name will continue to be parsed up to the label limit in attempt to find the end so parsing can continue. This introduces a new struct, DNSName which contains the name and any flags which indicate any name parsing errors which should not error out parsing the complete message, for example, infinite recursion after some labels are parsed can continue, or truncation of name where compression was used so we know the start of the next data to be parsed. This limits the logged DNS messages from being over our maximum size of 10Mb in the case of really long names. Ticket: #7280 (cherry picked from commit 3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d) --- diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs index d87577cfda..a1658036b0 100644 --- a/rust/src/dns/dns.rs +++ b/rust/src/dns/dns.rs @@ -144,7 +144,7 @@ pub struct DNSHeader { #[derive(Debug)] pub struct DNSQueryEntry { - pub name: Vec, + pub name: DNSName, pub rrtype: u16, pub rrclass: u16, } @@ -152,9 +152,9 @@ pub struct DNSQueryEntry { #[derive(Debug, PartialEq, Eq)] pub struct DNSRDataSOA { /// Primary name server for this zone - pub mname: Vec, + pub mname: DNSName, /// Authority's mailbox - pub rname: Vec, + pub rname: DNSName, /// Serial version number pub serial: u32, /// Refresh interval (seconds) @@ -186,7 +186,22 @@ pub struct DNSRDataSRV { /// Port pub port: u16, /// Target - pub target: Vec, + pub target: DNSName, +} + +bitflags! { + #[derive(Default)] + pub struct DNSNameFlags: u8 { + const INFINITE_LOOP = 0b0000_0001; + const TRUNCATED = 0b0000_0010; + const LABEL_LIMIT = 0b0000_0100; + } +} + +#[derive(Debug, Clone, PartialEq, Eq)] +pub struct DNSName { + pub value: Vec, + pub flags: DNSNameFlags, } /// Represents RData of various formats @@ -196,10 +211,10 @@ pub enum DNSRData { A(Vec), AAAA(Vec), // RData is a domain name - CNAME(Vec), - PTR(Vec), - MX(Vec), - NS(Vec), + CNAME(DNSName), + PTR(DNSName), + MX(DNSName), + NS(DNSName), // RData is text TXT(Vec), NULL(Vec), @@ -213,7 +228,7 @@ pub enum DNSRData { #[derive(Debug, PartialEq, Eq)] pub struct DNSAnswerEntry { - pub name: Vec, + pub name: DNSName, pub rrtype: u16, pub rrclass: u16, pub ttl: u32, @@ -873,9 +888,9 @@ pub unsafe extern "C" fn rs_dns_tx_get_query_name( if let Some(request) = &tx.request { if (i as usize) < request.queries.len() { let query = &request.queries[i as usize]; - if !query.name.is_empty() { - *len = query.name.len() as u32; - *buf = query.name.as_ptr(); + if !query.name.value.is_empty() { + *len = query.name.value.len() as u32; + *buf = query.name.value.as_ptr(); return 1; } } @@ -906,7 +921,7 @@ pub unsafe extern "C" fn rs_dns_tx_get_query_rrtype( if let Some(request) = &tx.request { if (i as usize) < request.queries.len() { let query = &request.queries[i as usize]; - if !query.name.is_empty() { + if !query.name.value.is_empty() { *rrtype = query.rrtype; return 1; } diff --git a/rust/src/dns/log.rs b/rust/src/dns/log.rs index 86325d5f07..f220158ed4 100644 --- a/rust/src/dns/log.rs +++ b/rust/src/dns/log.rs @@ -398,8 +398,8 @@ pub fn dns_print_addr(addr: &[u8]) -> std::string::String { fn dns_log_soa(soa: &DNSRDataSOA) -> Result { let mut js = JsonBuilder::try_new_object()?; - js.set_string_from_bytes("mname", &soa.mname)?; - js.set_string_from_bytes("rname", &soa.rname)?; + js.set_string_from_bytes("mname", &soa.mname.value)?; + js.set_string_from_bytes("rname", &soa.rname.value)?; js.set_uint("serial", soa.serial as u64)?; js.set_uint("refresh", soa.refresh as u64)?; js.set_uint("retry", soa.retry as u64)?; @@ -434,7 +434,7 @@ fn dns_log_srv(srv: &DNSRDataSRV) -> Result { js.set_uint("priority", srv.priority as u64)?; js.set_uint("weight", srv.weight as u64)?; js.set_uint("port", srv.port as u64)?; - js.set_string_from_bytes("name", &srv.target)?; + js.set_string_from_bytes("name", &srv.target.value)?; js.close()?; return Ok(js); @@ -443,7 +443,7 @@ fn dns_log_srv(srv: &DNSRDataSRV) -> Result { fn dns_log_json_answer_detail(answer: &DNSAnswerEntry) -> Result { let mut jsa = JsonBuilder::try_new_object()?; - jsa.set_string_from_bytes("rrname", &answer.name)?; + jsa.set_string_from_bytes("rrname", &answer.name.value)?; jsa.set_string("rrtype", &dns_rrtype_string(answer.rrtype))?; jsa.set_uint("ttl", answer.ttl as u64)?; @@ -451,12 +451,10 @@ fn dns_log_json_answer_detail(answer: &DNSAnswerEntry) -> Result { jsa.set_string("rdata", &dns_print_addr(addr))?; } - DNSRData::CNAME(bytes) - | DNSRData::MX(bytes) - | DNSRData::NS(bytes) - | DNSRData::TXT(bytes) - | DNSRData::NULL(bytes) - | DNSRData::PTR(bytes) => { + DNSRData::CNAME(name) | DNSRData::MX(name) | DNSRData::NS(name) | DNSRData::PTR(name) => { + jsa.set_string_from_bytes("rdata", &name.value)?; + } + DNSRData::TXT(bytes) | DNSRData::NULL(bytes) => { jsa.set_string_from_bytes("rdata", bytes)?; } DNSRData::SOA(soa) => { @@ -507,7 +505,7 @@ fn dns_log_json_answer( js.set_uint("opcode", opcode as u64)?; if let Some(query) = response.queries.first() { - js.set_string_from_bytes("rrname", &query.name)?; + js.set_string_from_bytes("rrname", &query.name.value)?; js.set_string("rrtype", &dns_rrtype_string(query.rrtype))?; } js.set_string("rcode", &dns_rcode_string(header.flags))?; @@ -530,12 +528,19 @@ fn dns_log_json_answer( a.append_string(&dns_print_addr(addr))?; } } - DNSRData::CNAME(bytes) - | DNSRData::MX(bytes) - | DNSRData::NS(bytes) - | DNSRData::TXT(bytes) - | DNSRData::NULL(bytes) - | DNSRData::PTR(bytes) => { + DNSRData::CNAME(name) + | DNSRData::MX(name) + | DNSRData::NS(name) + | DNSRData::PTR(name) => { + if !answer_types.contains_key(&type_string) { + answer_types + .insert(type_string.to_string(), JsonBuilder::try_new_array()?); + } + if let Some(a) = answer_types.get_mut(&type_string) { + a.append_string_from_bytes(&name.value)?; + } + } + DNSRData::TXT(bytes) | DNSRData::NULL(bytes) => { if !answer_types.contains_key(&type_string) { answer_types.insert(type_string.to_string(), JsonBuilder::try_new_array()?); } @@ -614,7 +619,7 @@ fn dns_log_query( if dns_log_rrtype_enabled(query.rrtype, flags) { jb.set_string("type", "query")?; jb.set_uint("id", request.header.tx_id as u64)?; - jb.set_string_from_bytes("rrname", &query.name)?; + jb.set_string_from_bytes("rrname", &query.name.value)?; jb.set_string("rrtype", &dns_rrtype_string(query.rrtype))?; jb.set_uint("tx_id", tx.id - 1)?; if request.header.flags & 0x0040 != 0 { diff --git a/rust/src/dns/lua.rs b/rust/src/dns/lua.rs index b9935f87da..f7b0c15641 100644 --- a/rust/src/dns/lua.rs +++ b/rust/src/dns/lua.rs @@ -34,12 +34,12 @@ pub extern "C" fn rs_dns_lua_get_rrname(clua: &mut CLuaState, tx: &mut DNSTransa if let Some(request) = &tx.request { if let Some(query) = request.queries.first() { - lua.pushstring(&String::from_utf8_lossy(&query.name)); + lua.pushstring(&String::from_utf8_lossy(&query.name.value)); return 1; } } else if let Some(response) = &tx.response { if let Some(query) = response.queries.first() { - lua.pushstring(&String::from_utf8_lossy(&query.name)); + lua.pushstring(&String::from_utf8_lossy(&query.name.value)); return 1; } } @@ -86,7 +86,7 @@ pub extern "C" fn rs_dns_lua_get_query_table( lua.settable(-3); lua.pushstring("rrname"); - lua.pushstring(&String::from_utf8_lossy(&query.name)); + lua.pushstring(&String::from_utf8_lossy(&query.name.value)); lua.settable(-3); lua.settable(-3); @@ -103,7 +103,7 @@ pub extern "C" fn rs_dns_lua_get_query_table( lua.settable(-3); lua.pushstring("rrname"); - lua.pushstring(&String::from_utf8_lossy(&query.name)); + lua.pushstring(&String::from_utf8_lossy(&query.name.value)); lua.settable(-3); lua.settable(-3); @@ -142,11 +142,11 @@ pub extern "C" fn rs_dns_lua_get_answer_table( lua.settable(-3); lua.pushstring("rrname"); - lua.pushstring(&String::from_utf8_lossy(&answer.name)); + lua.pushstring(&String::from_utf8_lossy(&answer.name.value)); lua.settable(-3); // All rdata types are pushed to "addr" for backwards compatibility - match answer.data { + match &answer.data { DNSRData::A(ref bytes) | DNSRData::AAAA(ref bytes) => { if !bytes.is_empty() { lua.pushstring("addr"); @@ -154,12 +154,18 @@ pub extern "C" fn rs_dns_lua_get_answer_table( lua.settable(-3); } } - DNSRData::CNAME(ref bytes) - | DNSRData::MX(ref bytes) - | DNSRData::NS(ref bytes) - | DNSRData::TXT(ref bytes) + DNSRData::CNAME(name) + | DNSRData::MX(name) + | DNSRData::NS(name) + | DNSRData::PTR(name) => { + if !name.value.is_empty() { + lua.pushstring("addr"); + lua.pushstring(&String::from_utf8_lossy(&name.value)); + lua.settable(-3); + } + } + DNSRData::TXT(ref bytes) | DNSRData::NULL(ref bytes) - | DNSRData::PTR(ref bytes) | DNSRData::Unknown(ref bytes) => { if !bytes.is_empty() { lua.pushstring("addr"); @@ -168,9 +174,9 @@ pub extern "C" fn rs_dns_lua_get_answer_table( } } DNSRData::SOA(ref soa) => { - if !soa.mname.is_empty() { + if !soa.mname.value.is_empty() { lua.pushstring("addr"); - lua.pushstring(&String::from_utf8_lossy(&soa.mname)); + lua.pushstring(&String::from_utf8_lossy(&soa.mname.value)); lua.settable(-3); } } @@ -181,7 +187,7 @@ pub extern "C" fn rs_dns_lua_get_answer_table( } DNSRData::SRV(ref srv) => { lua.pushstring("addr"); - lua.pushstring(&String::from_utf8_lossy(&srv.target)); + lua.pushstring(&String::from_utf8_lossy(&srv.target.value)); lua.settable(-3); } } @@ -221,7 +227,7 @@ pub extern "C" fn rs_dns_lua_get_authority_table( lua.settable(-3); lua.pushstring("rrname"); - lua.pushstring(&String::from_utf8_lossy(&answer.name)); + lua.pushstring(&String::from_utf8_lossy(&answer.name.value)); lua.settable(-3); lua.settable(-3); diff --git a/rust/src/dns/parser.rs b/rust/src/dns/parser.rs index a1d97a53fd..12929bcae7 100644 --- a/rust/src/dns/parser.rs +++ b/rust/src/dns/parser.rs @@ -45,16 +45,48 @@ pub fn dns_parse_header(i: &[u8]) -> IResult<&[u8], DNSHeader> { )) } +// Set a maximum assembled hostname length of 1025, this value was +// chosen as its what DNSMasq uses, a popular DNS server, even if most +// tooling limits names to 256 chars without special options. +static MAX_NAME_LEN: usize = 1025; + /// Parse a DNS name. /// +/// Names are parsed with the following restrictions: +/// +/// - Only 255 segments will be processed, if more the parser may +/// error out. This is also our safeguard against an infinite loop. If +/// a pointer had been followed a truncated name will be +/// returned. However if pointer has been processed we error out as we +/// don't know where the next data point starts without more +/// iterations. +/// +/// - The maximum name parsed in representation format is MAX_NAME_LEN +/// characters. Once larger, the truncated name will be returned with +/// a flag specifying the name was truncated. Note that parsing +/// continues if no pointer has been used as we still need to find the +/// start of the next protocol unit. +/// +/// As some error in parsing the name are recoverable, a DNSName +/// object is returned with flags signifying a recoverable +/// error. These errors include: +/// +/// - infinite loop: as we know the end of the name in the input +/// stream, we can return what we've parsed with the remain data. +/// +/// - maximum number of segments/labels parsed +/// +/// - truncation of name when too long +/// /// Parameters: /// start: the start of the name /// message: the complete message that start is a part of with the DNS header -pub fn dns_parse_name<'b>(start: &'b [u8], message: &'b [u8]) -> IResult<&'b [u8], Vec> { +pub fn dns_parse_name<'b>(start: &'b [u8], message: &'b [u8]) -> IResult<&'b [u8], DNSName> { let mut pos = start; let mut pivot = start; let mut name: Vec = Vec::with_capacity(32); let mut count = 0; + let mut flags = DNSNameFlags::default(); loop { if pos.is_empty() { @@ -68,10 +100,12 @@ pub fn dns_parse_name<'b>(start: &'b [u8], message: &'b [u8]) -> IResult<&'b [u8 break; } else if len & 0b1100_0000 == 0 { let (rem, label) = length_data(be_u8)(pos)?; - if !name.is_empty() { - name.push(b'.'); + if !flags.contains(DNSNameFlags::TRUNCATED) { + if !name.is_empty() { + name.push(b'.'); + } + name.extend(label); } - name.extend(label); pos = rem; } else if len & 0b1100_0000 == 0b1100_0000 { let (rem, leader) = be_u16(pos)?; @@ -79,6 +113,21 @@ pub fn dns_parse_name<'b>(start: &'b [u8], message: &'b [u8]) -> IResult<&'b [u8 if offset > message.len() { return Err(Err::Error(error_position!(pos, ErrorKind::OctDigit))); } + + if &message[offset..] == pos { + // Self reference, immedate infinite loop. + flags.insert(DNSNameFlags::INFINITE_LOOP); + + // If we have followed a pointer, we can just break as + // we've already found the end of the input. But if we + // have not followed a pointer yet return a parse + // error. + if pivot != start { + break; + } + return Err(Err::Error(error_position!(pos, ErrorKind::OctDigit))); + } + pos = &message[offset..]; if pivot == start { pivot = rem; @@ -89,19 +138,43 @@ pub fn dns_parse_name<'b>(start: &'b [u8], message: &'b [u8]) -> IResult<&'b [u8 // Return error if we've looped a certain number of times. count += 1; + if count > 255 { + flags.insert(DNSNameFlags::LABEL_LIMIT); + + // Our segment limit has been reached, if we have hit a + // pointer we can just return the truncated name. If we + // have not hit a pointer, we need to bail with an error. + if pivot != start { + flags.insert(DNSNameFlags::TRUNCATED); + break; + } return Err(Err::Error(error_position!(pos, ErrorKind::OctDigit))); } + + if name.len() > MAX_NAME_LEN { + name.truncate(MAX_NAME_LEN); + flags.insert(DNSNameFlags::TRUNCATED); + + // If we have pivoted due to a pointer we know where the + // end of the data is, so we can break early. Otherwise + // we'll keep parsing in hopes to find the end of the name + // so parsing can continue. + if pivot != start { + break; + } + } } // If we followed a pointer we return the position after the first // pointer followed. Is there a better way to see if these slices // diverged from each other? A straight up comparison would // actually check the contents. - if pivot.len() != start.len() { - return Ok((pivot, name)); + if pivot != start { + Ok((pivot, DNSName { value: name, flags })) + } else { + Ok((pos, DNSName { value: name, flags })) } - return Ok((pos, name)); } /// Parse answer entries. @@ -121,7 +194,7 @@ fn dns_parse_answer<'a>( let mut input = slice; struct Answer<'a> { - name: Vec, + name: DNSName, rrtype: u16, rrclass: u16, ttl: u32, @@ -375,7 +448,7 @@ mod tests { ]; let expected_remainder: &[u8] = &[0x00, 0x01, 0x00]; let (remainder, name) = dns_parse_name(buf, buf).unwrap(); - assert_eq!("client-cf.dropbox.com".as_bytes(), &name[..]); + assert_eq!("client-cf.dropbox.com".as_bytes(), &name.value[..]); assert_eq!(remainder, expected_remainder); } @@ -411,7 +484,13 @@ mod tests { let res1 = dns_parse_name(start1, message); assert_eq!( res1, - Ok((&start1[22..], "www.suricata-ids.org".as_bytes().to_vec())) + Ok(( + &start1[22..], + DNSName { + value: "www.suricata-ids.org".as_bytes().to_vec(), + flags: DNSNameFlags::default(), + } + )) ); // The second name starts at offset 80, but is just a pointer @@ -420,7 +499,13 @@ mod tests { let res2 = dns_parse_name(start2, message); assert_eq!( res2, - Ok((&start2[2..], "www.suricata-ids.org".as_bytes().to_vec())) + Ok(( + &start2[2..], + DNSName { + value: "www.suricata-ids.org".as_bytes().to_vec(), + flags: DNSNameFlags::default() + } + )) ); // The third name starts at offset 94, but is a pointer to a @@ -429,7 +514,13 @@ mod tests { let res3 = dns_parse_name(start3, message); assert_eq!( res3, - Ok((&start3[2..], "suricata-ids.org".as_bytes().to_vec())) + Ok(( + &start3[2..], + DNSName { + value: "suricata-ids.org".as_bytes().to_vec(), + flags: DNSNameFlags::default() + } + )) ); // The fourth name starts at offset 110, but is a pointer to a @@ -438,7 +529,13 @@ mod tests { let res4 = dns_parse_name(start4, message); assert_eq!( res4, - Ok((&start4[2..], "suricata-ids.org".as_bytes().to_vec())) + Ok(( + &start4[2..], + DNSName { + value: "suricata-ids.org".as_bytes().to_vec(), + flags: DNSNameFlags::default() + } + )) ); } @@ -473,7 +570,13 @@ mod tests { let res = dns_parse_name(start, message); assert_eq!( res, - Ok((&start[2..], "block.g1.dropbox.com".as_bytes().to_vec())) + Ok(( + &start[2..], + DNSName { + value: "block.g1.dropbox.com".as_bytes().to_vec(), + flags: DNSNameFlags::default() + } + )) ); } @@ -512,7 +615,7 @@ mod tests { assert_eq!(request.queries.len(), 1); let query = &request.queries[0]; - assert_eq!(query.name, "www.suricata-ids.org".as_bytes().to_vec()); + assert_eq!(query.name.value, "www.suricata-ids.org".as_bytes().to_vec()); assert_eq!(query.rrtype, 1); assert_eq!(query.rrclass, 1); } @@ -569,20 +672,26 @@ mod tests { assert_eq!(response.answers.len(), 3); let answer1 = &response.answers[0]; - assert_eq!(answer1.name, "www.suricata-ids.org".as_bytes().to_vec()); + assert_eq!(answer1.name.value, "www.suricata-ids.org".as_bytes().to_vec()); assert_eq!(answer1.rrtype, 5); assert_eq!(answer1.rrclass, 1); assert_eq!(answer1.ttl, 3544); assert_eq!( answer1.data, - DNSRData::CNAME("suricata-ids.org".as_bytes().to_vec()) + DNSRData::CNAME(DNSName { + value: "suricata-ids.org".as_bytes().to_vec(), + flags: Default::default(), + }) ); let answer2 = &response.answers[1]; assert_eq!( answer2, &DNSAnswerEntry { - name: "suricata-ids.org".as_bytes().to_vec(), + name: DNSName { + value: "suricata-ids.org".as_bytes().to_vec(), + flags: Default::default(), + }, rrtype: 1, rrclass: 1, ttl: 244, @@ -594,7 +703,10 @@ mod tests { assert_eq!( answer3, &DNSAnswerEntry { - name: "suricata-ids.org".as_bytes().to_vec(), + name: DNSName { + value: "suricata-ids.org".as_bytes().to_vec(), + flags: Default::default(), + }, rrtype: 1, rrclass: 1, ttl: 244, @@ -653,15 +765,21 @@ mod tests { assert_eq!(response.authorities.len(), 1); let authority = &response.authorities[0]; - assert_eq!(authority.name, "oisf.net".as_bytes().to_vec()); + assert_eq!(authority.name.value, "oisf.net".as_bytes().to_vec()); assert_eq!(authority.rrtype, 6); assert_eq!(authority.rrclass, 1); assert_eq!(authority.ttl, 899); assert_eq!( authority.data, DNSRData::SOA(DNSRDataSOA { - mname: "ns-110.awsdns-13.com".as_bytes().to_vec(), - rname: "awsdns-hostmaster.amazon.com".as_bytes().to_vec(), + mname: DNSName { + value: "ns-110.awsdns-13.com".as_bytes().to_vec(), + flags: DNSNameFlags::default() + }, + rname: DNSName { + value: "awsdns-hostmaster.amazon.com".as_bytes().to_vec(), + flags: DNSNameFlags::default() + }, serial: 1, refresh: 7200, retry: 900, @@ -712,14 +830,14 @@ mod tests { assert_eq!(response.queries.len(), 1); let query = &response.queries[0]; - assert_eq!(query.name, "vaaaakardli.pirate.sea".as_bytes().to_vec()); + assert_eq!(query.name.value, "vaaaakardli.pirate.sea".as_bytes().to_vec()); assert_eq!(query.rrtype, DNS_RECORD_TYPE_NULL); assert_eq!(query.rrclass, 1); assert_eq!(response.answers.len(), 1); let answer = &response.answers[0]; - assert_eq!(answer.name, "vaaaakardli.pirate.sea".as_bytes().to_vec()); + assert_eq!(answer.name.value, "vaaaakardli.pirate.sea".as_bytes().to_vec()); assert_eq!(answer.rrtype, DNS_RECORD_TYPE_NULL); assert_eq!(answer.rrclass, 1); assert_eq!(answer.ttl, 0); @@ -819,7 +937,7 @@ mod tests { assert_eq!(srv.weight, 1); assert_eq!(srv.port, 5060); assert_eq!( - srv.target, + srv.target.value, "sip-anycast-2.voice.google.com".as_bytes().to_vec() ); } @@ -834,7 +952,7 @@ mod tests { assert_eq!(srv.weight, 1); assert_eq!(srv.port, 5060); assert_eq!( - srv.target, + srv.target.value, "sip-anycast-1.voice.google.com".as_bytes().to_vec() ); } @@ -848,4 +966,65 @@ mod tests { } } } + + #[test] + fn test_dns_parse_name_truncated() { + // Generate a non-compressed hostname over our maximum of 1024. + let mut buf: Vec = vec![]; + for _ in 0..17 { + buf.push(0b0011_1111); + for _ in 0..63 { + buf.push(b'a'); + } + } + + let (rem, name) = dns_parse_name(&buf, &buf).unwrap(); + assert_eq!(name.value.len(), MAX_NAME_LEN); + assert!(name.flags.contains(DNSNameFlags::TRUNCATED)); + assert!(rem.is_empty()); + } + + #[test] + fn test_dns_parse_name_truncated_max_segments_no_pointer() { + let mut buf: Vec = vec![]; + for _ in 0..256 { + buf.push(0b0000_0001); + buf.push(b'a'); + } + + // This should fail as we've hit the segment limit without a + // pointer, we'd need to keep parsing more segments to figure + // out where the next data point lies. + assert!(dns_parse_name(&buf, &buf).is_err()); + } + + #[test] + fn test_dns_parse_name_truncated_max_segments_with_pointer() { + let mut buf: Vec = vec![]; + + // "a" at the beginning of the buffer. + buf.push(0b0000_0001); + buf.push(b'a'); + + // Followed by a pointer back to the beginning. + buf.push(0b1100_0000); + buf.push(0b0000_0000); + + // The start of the name, which is pointer to the beginning of + // the buffer. + buf.push(0b1100_0000); + buf.push(0b000_0000); + + let (_rem, name) = dns_parse_name(&buf[4..], &buf).unwrap(); + assert_eq!(name.value.len(), 255); + assert!(name.flags.contains(DNSNameFlags::TRUNCATED)); + } + + #[test] + fn test_dns_parse_name_self_reference() { + let mut buf = vec![]; + buf.push(0b1100_0000); + buf.push(0b0000_0000); + assert!(dns_parse_name(&buf, &buf).is_err()); + } }