From 28bde999ee9b5f57c06b4761d130a193f0e51972 Mon Sep 17 00:00:00 2001 From: Nils Wisiol Date: Fri, 29 May 2020 12:47:38 +0200 Subject: [PATCH] Check character-string length for HINFO records --- dns/rdtypes/ANY/HINFO.py | 4 ++-- dns/tokenizer.py | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/dns/rdtypes/ANY/HINFO.py b/dns/rdtypes/ANY/HINFO.py index 5bc6a156..e3efb51a 100644 --- a/dns/rdtypes/ANY/HINFO.py +++ b/dns/rdtypes/ANY/HINFO.py @@ -48,8 +48,8 @@ class HINFO(dns.rdata.Rdata): @classmethod def from_text(cls, rdclass, rdtype, tok, origin=None, relativize=True, relativize_to=None): - cpu = tok.get_string() - os = tok.get_string() + cpu = tok.get_string(max_length=255) + os = tok.get_string(max_length=255) tok.get_eol() return cls(rdclass, rdtype, cpu, os) diff --git a/dns/tokenizer.py b/dns/tokenizer.py index 791e9948..a13268d9 100644 --- a/dns/tokenizer.py +++ b/dns/tokenizer.py @@ -533,10 +533,12 @@ class Tokenizer(object): '%d is not an unsigned 32-bit integer' % value) return value - def get_string(self, origin=None): + def get_string(self, origin=None, max_length=None): """Read the next token and interpret it as a string. Raises dns.exception.SyntaxError if not a string. + Raises dns.exception.SyntaxError if token value length + exceeds max_length (if specified). Returns a string. """ @@ -544,6 +546,8 @@ class Tokenizer(object): token = self.get().unescape() if not (token.is_identifier() or token.is_quoted_string()): raise dns.exception.SyntaxError('expecting a string') + if max_length and len(token.value) > max_length: + raise dns.exception.SyntaxError("string too long") return token.value def get_identifier(self, origin=None): -- 2.47.3