From: Alan T. DeKok <aland@freeradius.org>
Date: Fri, 13 Aug 2021 14:51:32 +0000 (-0400)
Subject: ensure that we don't ask for length of DNS labels
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9c0be247c22be63ef1e09401d3df7ed2539ef1d2;p=thirdparty%2Ffreeradius-server.git

ensure that we don't ask for length of DNS labels

the length is not fixed, but is instead dependent on the length
of the label.  However, unlike normal "string" attributes, the
field is delimited, so we can figure out the length just by
looking at the data.
---

diff --git a/src/protocols/dhcpv6/base.c b/src/protocols/dhcpv6/base.c
index 2ee1d6a28f5..6dfaaaaa3d9 100644
--- a/src/protocols/dhcpv6/base.c
+++ b/src/protocols/dhcpv6/base.c
@@ -151,6 +151,15 @@ size_t fr_dhcpv6_option_len(fr_pair_t const *vp)
 {
 	switch (vp->vp_type) {
 	case FR_TYPE_VARIABLE_SIZE:
+#ifndef NDEBUG
+		if (!vp->da->flags.extra &&
+		    ((vp->da->flags.subtype == FLAG_ENCODE_DNS_LABEL) ||
+		     (vp->da->flags.subtype == FLAG_ENCODE_PARTIAL_DNS_LABEL))) {
+			fr_assert_fail("DNS labels MUST be encoded/decoded with their own function, and not with generic 'string' functions");
+			return 0;
+		}
+#endif
+
 		if (vp->da->flags.length) return vp->da->flags.length;	/* Variable type with fixed length */
 		return vp->vp_length;