From: Lennart Poettering Date: Sun, 29 Nov 2015 13:27:28 +0000 (+0100) Subject: dns-domain: don't accept overly long hostnames X-Git-Tag: v229~240^2~4 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1dfbf0007af3023c2e3ae8282a0d0f229f3a89e3;p=thirdparty%2Fsystemd.git dns-domain: don't accept overly long hostnames Make sure dns_name_normalize(), dns_name_concat(), dns_name_is_valid() do not accept/generate invalidly long hostnames, i.e. longer than 253 characters. --- diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c index 7a4093cc474..ab61eb3b6ef 100644 --- a/src/shared/dns-domain.c +++ b/src/shared/dns-domain.c @@ -442,6 +442,9 @@ int dns_name_concat(const char *a, const char *b, char **_ret) { n += r; } + if (n > DNS_HOSTNAME_MAX) + return -EINVAL; + if (_ret) { if (!GREEDY_REALLOC(ret, allocated, n + 1)) return -ENOMEM; diff --git a/src/shared/dns-domain.h b/src/shared/dns-domain.h index c68f1945e1f..44a99755419 100644 --- a/src/shared/dns-domain.h +++ b/src/shared/dns-domain.h @@ -31,6 +31,9 @@ /* Worst case length of a single label, with all escaping applied and room for a trailing NUL byte. */ #define DNS_LABEL_ESCAPED_MAX (DNS_LABEL_MAX*4+1) +/* Maximum length of a full hostname, consisting of a series of unescaped labels, and no trailing dot or NUL byte */ +#define DNS_HOSTNAME_MAX 253 + int dns_label_unescape(const char **name, char *dest, size_t sz); int dns_label_unescape_suffix(const char *name, const char **label_end, char *dest, size_t sz); int dns_label_escape(const char *p, size_t l, char *dest, size_t sz); diff --git a/src/test/test-dns-domain.c b/src/test/test-dns-domain.c index 7ad59d378a5..3e470c0ef2a 100644 --- a/src/test/test-dns-domain.c +++ b/src/test/test-dns-domain.c @@ -314,6 +314,24 @@ static void test_dns_name_is_valid(void) { test_dns_name_is_valid_one("\\zbar", 0); test_dns_name_is_valid_one("ä", 1); test_dns_name_is_valid_one("\n", 0); + + /* 256 characters*/ + test_dns_name_is_valid_one("a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345", 0); + + /* 255 characters*/ + test_dns_name_is_valid_one("a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a1234", 0); + + /* 254 characters*/ + test_dns_name_is_valid_one("a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a123", 0); + + /* 253 characters*/ + test_dns_name_is_valid_one("a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12345678.a12", 1); + + /* label of 64 chars length */ + test_dns_name_is_valid_one("a123456789a123456789a123456789a123456789a123456789a123456789a123", 0); + + /* label of 63 chars length */ + test_dns_name_is_valid_one("a123456789a123456789a123456789a123456789a123456789a123456789a12", 1); } static void test_dns_service_name_is_valid(void) {