LibDNS: Ensure DNS name and label sizes are within expected limits

Previously, the DNS packet parser would happily parse a DNS packet containing an arbitrarily large domain name. We now limit each segment of a domain name to 63 characters and the total domain name length to 253 characters. This is consistent with RFC1035, which specifies that the maximum name length is 255 octets. This includes the initial length byte and final null byte, which accounts for the 2 byte difference.
2025-01-23 01:41:59 -05:00 · 2023-11-13 23:33:23 +00:00 · 2023-11-13 23:33:23 +00:00 · 9a8cc5a98d
commit 9a8cc5a98d
parent 1793f51bc6
1 changed files with 11 additions and 0 deletions
--- a/Userland/Libraries/LibDNS/Name.cpp
+++ b/Userland/Libraries/LibDNS/Name.cpp
@ -23,6 +23,9 @@ Name::Name(DeprecatedString const& name)

 ErrorOr<Name> Name::parse(ReadonlyBytes data, size_t& offset, size_t recursion_level)
 {
+    static constexpr size_t MAX_LABEL_SIZE = 63;
+    static constexpr size_t MAX_NAME_SIZE = 253;
+
    if (recursion_level > 4)
        return Name {};

@ -32,6 +35,8 @@ ErrorOr<Name> Name::parse(ReadonlyBytes data, size_t& offset, size_t recursion_l
            return Error::from_string_literal("Unexpected EOF when parsing name");
        u8 b = data[offset++];
        if (b == '\0') {
+            if (builder.length() > MAX_NAME_SIZE)
+                return Error::from_string_literal("Domain name exceeds maximum allowed length");
            // This terminates the name.
            return builder.to_deprecated_string();
        } else if ((b & 0xc0) == 0xc0) {
@ -41,13 +46,19 @@ ErrorOr<Name> Name::parse(ReadonlyBytes data, size_t& offset, size_t recursion_l
            size_t dummy = (b & 0x3f) << 8 | data[offset++];
            auto rest_of_name = TRY(parse(data, dummy, recursion_level + 1));
            builder.append(rest_of_name.as_string());
+            if (builder.length() > MAX_NAME_SIZE)
+                return Error::from_string_literal("Domain name exceeds maximum allowed length");
            return builder.to_deprecated_string();
        } else {
            // This is the length of a part.
            if (offset + b >= data.size())
                return Error::from_string_literal("Unexpected EOF when parsing name");
+            if (b > MAX_LABEL_SIZE)
+                return Error::from_string_literal("DNS label exceeds maximum allowed length");
            builder.append({ data.offset_pointer(offset), b });
            builder.append('.');
+            if (builder.length() > MAX_NAME_SIZE)
+                return Error::from_string_literal("Domain name exceeds maximum allowed length");
            offset += b;
        }
    }