dns-domain: don't accept overly long hostnames

Make sure dns_name_normalize(), dns_name_concat(), dns_name_is_valid()
do not accept/generate invalidly long hostnames, i.e. longer than 253
characters.

diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c
index 7a4093cc474236f6c0a79b66a4a3bc7aa0304dd6..ab61eb3b6ef52a0875465ea0c5829e4d680ed49b 100644 (file)
--- a/src/shared/dns-domain.c
+++ b/src/shared/dns-domain.c
@@ -442,6 +442,9 @@ int dns_name_concat(const char *a, const char *b, char **_ret) {
                 n += r;
         }
 
+        if (n > DNS_HOSTNAME_MAX)
+                return -EINVAL;
+
         if (_ret) {
                 if (!GREEDY_REALLOC(ret, allocated, n + 1))
                         return -ENOMEM;

diff --git a/src/shared/dns-domain.h b/src/shared/dns-domain.h
index c68f1945e1f5cf208bfb7290753c5f94387c468a..44a99755419ade88050a54e4adde0ff8424a1ba5 100644 (file)
--- a/src/shared/dns-domain.h
+++ b/src/shared/dns-domain.h
@@ -31,6 +31,9 @@
 /* Worst case length of a single label, with all escaping applied and room for a trailing NUL byte. */
 #define DNS_LABEL_ESCAPED_MAX (DNS_LABEL_MAX*4+1)
 
+/* Maximum length of a full hostname, consisting of a series of unescaped labels, and no trailing dot or NUL byte */
+#define DNS_HOSTNAME_MAX 253
+
 int dns_label_unescape(const char **name, char *dest, size_t sz);
 int dns_label_unescape_suffix(const char *name, const char **label_end, char *dest, size_t sz);
 int dns_label_escape(const char *p, size_t l, char *dest, size_t sz);

diff --git a/src/test/test-dns-domain.c b/src/test/test-dns-domain.c
index 7ad59d378a5f5999c932f5f2e53eb2efd9c7eb4a..3e470c0ef2a4fdefa0edca4b3efeeb59f07bf429 100644 (file)
--- a/src/test/test-dns-domain.c
+++ b/src/test/test-dns-domain.c
@@ -314,6 +314,24 @@ static void test_dns_name_is_valid(void) {
         test_dns_name_is_valid_one("\\zbar", 0);
         test_dns_name_is_valid_one("ä", 1);
         test_dns_name_is_valid_one("\n", 0);
+
+        /* 256 characters*/
+        test_dns_name_is_valid_one("a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345", 0);
+
+        /* 255 characters*/
+        test_dns_name_is_valid_one("a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a1234", 0);
+
+        /* 254 characters*/
+        test_dns_name_is_valid_one("a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a123", 0);
+
+        /* 253 characters*/
+        test_dns_name_is_valid_one("a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12", 1);
+
+        /* label of 64 chars length */
+        test_dns_name_is_valid_one("a123456789a123456789a123456789a123456789a123456789a123456789a123", 0);
+
+        /* label of 63 chars length */
+        test_dns_name_is_valid_one("a123456789a123456789a123456789a123456789a123456789a123456789a12", 1);
 }
 
 static void test_dns_service_name_is_valid(void) {