dns-rr: tighten rules on parsing RR keys from JSON

let's ensure the name is actually a valid DNS name.

diff --git a/src/shared/dns-rr.c b/src/shared/dns-rr.c
index 0fa730c13baa289fed14821b66f81ffc01ea4749..58d26e3609b1b3f78b2eebe87528d8e4bb5e1328 100644 (file)
--- a/src/shared/dns-rr.c
+++ b/src/shared/dns-rr.c
@@ -2215,6 +2215,12 @@ int dns_resource_key_from_json(sd_json_variant *v, DnsResourceKey **ret) {
         if (r < 0)
                 return r;
 
+        r = dns_name_is_valid(p.name);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return -EBADMSG;
+
         key = dns_resource_key_new(p.class, p.type, p.name);
         if (!key)
                 return -ENOMEM;