Check that ALPN is present when NO-DEFAULT-ALPN is present in fromwire

diff --git a/lib/dns/rdata/in_1/svcb_64.c b/lib/dns/rdata/in_1/svcb_64.c
index 2af6de074cc456727fad2bf4bf056bc42e2ba529..8fbb99c7b7bb9484b8c9cc7289c17242ed8417ee 100644 (file)
--- a/lib/dns/rdata/in_1/svcb_64.c
+++ b/lib/dns/rdata/in_1/svcb_64.c
@@ -755,7 +755,7 @@ static inline isc_result_t
 generic_fromwire_in_svcb(ARGS_FROMWIRE) {
        dns_name_t name;
        isc_region_t region, man = { .base = NULL, .length = 0 };
-       bool alias, first = true;
+       bool alias, first = true, have_alpn = false;
        uint16_t lastkey = 0, mankey = 0;
 
        UNUSED(type);
@@ -829,6 +829,15 @@ generic_fromwire_in_svcb(ARGS_FROMWIRE) {
                        }
                }
 
+               /*
+                * Check alpn present when no-default-alpn is set.
+                */
+               if (key == SVCB_ALPN_KEY) {
+                       have_alpn = true;
+               } else if (key == SVCB_NO_DEFAULT_ALPN_KEY && !have_alpn) {
+                       return (DNS_R_FORMERR);
+               }
+
                first = false;
                lastkey = key;
 

diff --git a/lib/dns/tests/rdata_test.c b/lib/dns/tests/rdata_test.c
index 5d0fc9cb07e2f26da38fe212f77585cb83853143..595fcf9dac6ee3bb6a93618048add8a9b494792e 100644 (file)
--- a/lib/dns/tests/rdata_test.c
+++ b/lib/dns/tests/rdata_test.c
@@ -2719,6 +2719,10 @@ https_svcb(void **state) {
                 */
                WIRE_VALID_LOOP(0x01, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x09,
                                5, 'h', '1', '\\', 'h', '2', 2, 'h', '3'),
+               /*
+                * no-default-alpn (0x00 0x02) without alpn, alpn is required.
+                */
+               WIRE_INVALID(0x00, 0x00, 0x01, 0x00, 0x00, 0x02, 0x00, 0x00),
                WIRE_SENTINEL()
        };
        /* Test vectors from RFCXXXX */