From b31b99d76fa221bd2f01f593e8426d64fa1b40d1 Mon Sep 17 00:00:00 2001
From: Ronan Pigott <ronan@rjp.ie>
Date: Mon, 28 Oct 2024 21:26:51 -0700
Subject: [PATCH] network: Restrict the valid charset of DNR names

Not all possible DNS names will survive serialization. Restrict the set
of valid dns names to LDH encoded names.

Fixes: 25c33e350042 (network: parse RFC9463 DHCPv4 DNR option, 2024-01-16)
Fixes: a07e83cc58f6 (network: Parse RFC9463 DHCPv6 DNR option, 2024-01-17)
Fixes: 0c90d1d2f243 (ndisc: Parse RFC9463 encrypted DNS (DNR) option, 2024-01-19)
---
 src/libsystemd-network/ndisc-option.c   | 5 +++++
 src/libsystemd-network/sd-dhcp-lease.c  | 5 +++++
 src/libsystemd-network/sd-dhcp6-lease.c | 6 ++++++
 3 files changed, 16 insertions(+)

diff --git a/src/libsystemd-network/ndisc-option.c b/src/libsystemd-network/ndisc-option.c
index 1071d98b190..d784ffb3ff0 100644
--- a/src/libsystemd-network/ndisc-option.c
+++ b/src/libsystemd-network/ndisc-option.c
@@ -1358,6 +1358,11 @@ static int ndisc_option_parse_encrypted_dns(Set **options, size_t offset, size_t
         r = ndisc_get_dns_name(opt + off, ilen, &res.auth_name);
         if (r < 0)
                 return r;
+        r = dns_name_is_valid_ldh(res.auth_name);
+        if (r < 0)
+                return r;
+        if (!r)
+                return -EBADMSG;
         if (dns_name_is_root(res.auth_name))
                 return -EBADMSG;
         off += ilen;
diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c
index 6b2d8106451..fc891a0b045 100644
--- a/src/libsystemd-network/sd-dhcp-lease.c
+++ b/src/libsystemd-network/sd-dhcp-lease.c
@@ -628,6 +628,11 @@ static int lease_parse_dnr(const uint8_t *option, size_t len, sd_dns_resolver **
                 r = lease_parse_dns_name(option + offset, ilen, &res.auth_name);
                 if (r < 0)
                         return r;
+                r = dns_name_is_valid_ldh(res.auth_name);
+                if (r < 0)
+                        return r;
+                if (!r)
+                        return -EBADMSG;
                 if (dns_name_is_root(res.auth_name))
                         return -EBADMSG;
                 offset += ilen;
diff --git a/src/libsystemd-network/sd-dhcp6-lease.c b/src/libsystemd-network/sd-dhcp6-lease.c
index bc054c42b22..2ff1e87a2e4 100644
--- a/src/libsystemd-network/sd-dhcp6-lease.c
+++ b/src/libsystemd-network/sd-dhcp6-lease.c
@@ -8,6 +8,7 @@
 #include "alloc-util.h"
 #include "dhcp6-internal.h"
 #include "dhcp6-lease-internal.h"
+#include "dns-domain.h"
 #include "network-common.h"
 #include "sort-util.h"
 #include "strv.h"
@@ -465,6 +466,11 @@ static int dhcp6_lease_add_dnr(sd_dhcp6_lease *lease, const uint8_t *optval, siz
         r = dhcp6_option_parse_domainname(optval + offset, ilen, &res.auth_name);
         if (r < 0)
                 return r;
+        r = dns_name_is_valid_ldh(res.auth_name);
+        if (r < 0)
+                return r;
+        if (!r)
+                return -EBADMSG;
         offset += ilen;
 
         /* RFC9463 § 3.1.6: adn only mode */
-- 
2.47.3