mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 14:35:26 +00:00
Code Issues Releases Wiki Activity

Merge branch 'fanf-dns-name-maxlabels' into 'main'

Browse Source 
Define DNS_NAME_MAXLABELS and DNS_NAME_LABELLEN

See merge request isc-projects/bind9!7598
This commit is contained in:
Tony Finch
2023-02-27 12:08:52 +00:00
parent c3ae4e125c c6bf51492d
commit 5f2f43e684
4 changed files with 31 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/dns/include/dns/name.h
View File

@@ -182,9 +182,11 @@ extern const dns_name_t *dns_wildcardname;
} }
/*% /*%
* Standard size of a wire format name * Standard sizes of a wire format name
*/ */
#define DNS_NAME_MAXWIRE 255 #define DNS_NAME_MAXWIRE 255
#define DNS_NAME_MAXLABELS 127
#define DNS_NAME_LABELLEN 63
/* /*
* Text output filter procedure. * Text output filter procedure.

1
lib/dns/include/dns/resolver.h
View File

@@ -177,7 +177,6 @@ typedef enum { dns_quotatype_zone = 0, dns_quotatype_server } dns_quotatype_t;
#define DNS_QMIN_MAXLABELS 7 #define DNS_QMIN_MAXLABELS 7
#define DNS_QMIN_MAX_NO_DELEGATION 3 #define DNS_QMIN_MAX_NO_DELEGATION 3
#define DNS_MAX_LABELS 127
isc_result_t isc_result_t
dns_resolver_create(dns_view_t *view, isc_loopmgr_t *loopmgr, dns_resolver_create(dns_view_t *view, isc_loopmgr_t *loopmgr,

46
lib/dns/name.c
View File

@@ -149,7 +149,9 @@ dns_name_isvalid(const dns_name_t *name) {
return (false); return (false);
} }
if (name->length > 255U || name->labels > 127U) { if (name->length > DNS_NAME_MAXWIRE ||
name->labels > DNS_NAME_MAXLABELS)
{
return (false); return (false);
} }
@@ -161,7 +163,7 @@ dns_name_isvalid(const dns_name_t *name) {
while (offset != length) { while (offset != length) {
count = *ndata; count = *ndata;
if (count > 63U) { if (count > DNS_NAME_LABELLEN) {
return (false); return (false);
} }
if (offsets != NULL && offsets[nlabels] != offset) { if (offsets != NULL && offsets[nlabels] != offset) {
@@ -253,7 +255,7 @@ dns_name_ismailbox(const dns_name_t *name) {
ndata = name->ndata; ndata = name->ndata;
n = *ndata++; n = *ndata++;
INSIST(n <= 63); INSIST(n <= DNS_NAME_LABELLEN);
while (n--) { while (n--) {
ch = *ndata++; ch = *ndata++;
if (!domainchar(ch)) { if (!domainchar(ch)) {
@@ -270,7 +272,7 @@ dns_name_ismailbox(const dns_name_t *name) {
*/ */
while (ndata < (name->ndata + name->length)) { while (ndata < (name->ndata + name->length)) {
n = *ndata++; n = *ndata++;
INSIST(n <= 63); INSIST(n <= DNS_NAME_LABELLEN);
first = true; first = true;
while (n--) { while (n--) {
ch = *ndata++; ch = *ndata++;
@@ -319,7 +321,7 @@ dns_name_ishostname(const dns_name_t *name, bool wildcard) {
*/ */
while (ndata < (name->ndata + name->length)) { while (ndata < (name->ndata + name->length)) {
n = *ndata++; n = *ndata++;
INSIST(n <= 63); INSIST(n <= DNS_NAME_LABELLEN);
first = true; first = true;
while (n--) { while (n--) {
ch = *ndata++; ch = *ndata++;
@@ -377,7 +379,7 @@ dns_name_internalwildcard(const dns_name_t *name) {
*/ */
ndata = name->ndata; ndata = name->ndata;
count = *ndata++; count = *ndata++;
INSIST(count <= 63); INSIST(count <= DNS_NAME_LABELLEN);
ndata += count; ndata += count;
label = 1; label = 1;
/* /*
@@ -385,7 +387,7 @@ dns_name_internalwildcard(const dns_name_t *name) {
*/ */
while (label + 1 < name->labels) { while (label + 1 < name->labels) {
count = *ndata++; count = *ndata++;
INSIST(count <= 63); INSIST(count <= DNS_NAME_LABELLEN);
if (count == 1 && *ndata == '*') { if (count == 1 && *ndata == '*') {
return (true); return (true);
} }
@@ -687,7 +689,7 @@ dns_name_countlabels(const dns_name_t *name) {
REQUIRE(VALID_NAME(name)); REQUIRE(VALID_NAME(name));
ENSURE(name->labels <= 128); ENSURE(name->labels <= DNS_NAME_MAXLABELS);
return (name->labels); return (name->labels);
} }
@@ -920,8 +922,8 @@ dns_name_fromtext(dns_name_t *name, isc_buffer_t *source,
tused = 0; tused = 0;
ndata = isc_buffer_used(target); ndata = isc_buffer_used(target);
nrem = isc_buffer_availablelength(target); nrem = isc_buffer_availablelength(target);
if (nrem > 255) { if (nrem > DNS_NAME_MAXWIRE) {
nrem = 255; nrem = DNS_NAME_MAXWIRE;
} }
nused = 0; nused = 0;
labels = 0; labels = 0;
@@ -977,7 +979,7 @@ dns_name_fromtext(dns_name_t *name, isc_buffer_t *source,
} }
*label = count; *label = count;
labels++; labels++;
INSIST(labels <= 127); INSIST(labels <= DNS_NAME_MAXLABELS);
offsets[labels] = nused; offsets[labels] = nused;
if (tlen == 0) { if (tlen == 0) {
labels++; labels++;
@@ -990,7 +992,7 @@ dns_name_fromtext(dns_name_t *name, isc_buffer_t *source,
} else if (c == '\\') { } else if (c == '\\') {
state = ft_escape; state = ft_escape;
} else { } else {
if (count >= 63) { if (count >= DNS_NAME_LABELLEN) {
return (DNS_R_LABELTOOLONG); return (DNS_R_LABELTOOLONG);
} }
count++; count++;
@@ -1015,7 +1017,7 @@ dns_name_fromtext(dns_name_t *name, isc_buffer_t *source,
FALLTHROUGH; FALLTHROUGH;
case ft_escape: case ft_escape:
if (!isdigit((unsigned char)c)) { if (!isdigit((unsigned char)c)) {
if (count >= 63) { if (count >= DNS_NAME_LABELLEN) {
return (DNS_R_LABELTOOLONG); return (DNS_R_LABELTOOLONG);
} }
count++; count++;
@@ -1042,7 +1044,7 @@ dns_name_fromtext(dns_name_t *name, isc_buffer_t *source,
if (value > 255) { if (value > 255) {
return (DNS_R_BADESCAPE); return (DNS_R_BADESCAPE);
} }
if (count >= 63) { if (count >= DNS_NAME_LABELLEN) {
return (DNS_R_LABELTOOLONG); return (DNS_R_LABELTOOLONG);
} }
count++; count++;
@@ -1074,7 +1076,7 @@ dns_name_fromtext(dns_name_t *name, isc_buffer_t *source,
INSIST(label != NULL); INSIST(label != NULL);
*label = count; *label = count;
labels++; labels++;
INSIST(labels <= 127); INSIST(labels <= DNS_NAME_MAXLABELS);
offsets[labels] = nused; offsets[labels] = nused;
} }
if (origin != NULL) { if (origin != NULL) {
@@ -1087,7 +1089,7 @@ dns_name_fromtext(dns_name_t *name, isc_buffer_t *source,
POST(nrem); POST(nrem);
while (n1 > 0) { while (n1 > 0) {
n2 = *label++; n2 = *label++;
INSIST(n2 <= 63); /* no bitstring support */ INSIST(n2 <= DNS_NAME_LABELLEN);
*ndata++ = n2; *ndata++ = n2;
n1 -= n2 + 1; n1 -= n2 + 1;
nused += n2 + 1; nused += n2 + 1;
@@ -1101,7 +1103,7 @@ dns_name_fromtext(dns_name_t *name, isc_buffer_t *source,
} }
labels++; labels++;
if (n1 > 0) { if (n1 > 0) {
INSIST(labels <= 127); INSIST(labels <= DNS_NAME_MAXLABELS);
offsets[labels] = nused; offsets[labels] = nused;
} }
} }
@@ -1220,7 +1222,7 @@ dns_name_totext2(const dns_name_t *name, unsigned int options,
saw_root = true; saw_root = true;
break; break;
} }
if (count < 64) { if (count <= DNS_NAME_LABELLEN) {
INSIST(nlen >= count); INSIST(nlen >= count);
while (count > 0) { while (count > 0) {
c = *ndata; c = *ndata;
@@ -1365,7 +1367,7 @@ dns_name_tofilenametext(const dns_name_t *name, bool omit_final_dot,
if (count == 0) { if (count == 0) {
break; break;
} }
if (count < 64) { if (count <= DNS_NAME_LABELLEN) {
INSIST(nlen >= count); INSIST(nlen >= count);
while (count > 0) { while (count > 0) {
c = *ndata; c = *ndata;
@@ -1495,10 +1497,10 @@ set_offsets(const dns_name_t *name, unsigned char *offsets,
nlabels = 0; nlabels = 0;
absolute = false; absolute = false;
while (offset != length) { while (offset != length) {
INSIST(nlabels < 128); INSIST(nlabels <= DNS_NAME_MAXLABELS);
offsets[nlabels++] = offset; offsets[nlabels++] = offset;
count = *ndata; count = *ndata;
INSIST(count <= 63); INSIST(count <= DNS_NAME_LABELLEN);
offset += count + 1; offset += count + 1;
ndata += count + 1; ndata += count + 1;
INSIST(offset <= length); INSIST(offset <= length);
@@ -1622,7 +1624,7 @@ dns_name_fromwire(dns_name_t *const name, isc_buffer_t *const source,
*/ */
while (cursor < source_max) { while (cursor < source_max) {
const uint8_t label_len = *cursor++; const uint8_t label_len = *cursor++;
if (label_len < 64) { if (label_len <= DNS_NAME_LABELLEN) {
/* /*
* Normal label: record its offset, and check bounds on * Normal label: record its offset, and check bounds on
* the name length, which also ensures we don't overrun * the name length, which also ensures we don't overrun

5
lib/dns/resolver.c
View File

@@ -51,6 +51,7 @@
#include <dns/keytable.h> #include <dns/keytable.h>
#include <dns/log.h> #include <dns/log.h>
#include <dns/message.h> #include <dns/message.h>
#include <dns/name.h>
#include <dns/ncache.h> #include <dns/ncache.h>
#include <dns/nsec.h> #include <dns/nsec.h>
#include <dns/nsec3.h> #include <dns/nsec3.h>
@@ -4361,7 +4362,7 @@ resume_qmin(void *arg) {
case ISC_R_FAILURE: case ISC_R_FAILURE:
if ((fctx->options & DNS_FETCHOPT_QMIN_STRICT) == 0) { if ((fctx->options & DNS_FETCHOPT_QMIN_STRICT) == 0) {
/* Disable minimization in relaxed mode */ /* Disable minimization in relaxed mode */
fctx->qmin_labels = DNS_MAX_LABELS + 1; fctx->qmin_labels = DNS_NAME_MAXLABELS + 1;
/* /*
* We store the result. If we succeed in the end * We store the result. If we succeed in the end
* we'll issue a warning that the server is * we'll issue a warning that the server is
@@ -10414,7 +10415,7 @@ fctx_minimize_qname(fetchctx_t *fctx) {
fctx->qmin_labels = nlabels; fctx->qmin_labels = nlabels;
} }
} else if (fctx->qmin_labels > DNS_QMIN_MAXLABELS) { } else if (fctx->qmin_labels > DNS_QMIN_MAXLABELS) {
fctx->qmin_labels = DNS_MAX_LABELS + 1; fctx->qmin_labels = DNS_NAME_MAXLABELS + 1;
} }
if (fctx->qmin_labels < nlabels) { if (fctx->qmin_labels < nlabels) {