mirror of
https://github.com/SerenityOS/serenity.git
synced 2025-01-23 09:51:57 -05:00
LibDNS: Ensure DNS name and label sizes are within expected limits
Previously, the DNS packet parser would happily parse a DNS packet containing an arbitrarily large domain name. We now limit each segment of a domain name to 63 characters and the total domain name length to 253 characters. This is consistent with RFC1035, which specifies that the maximum name length is 255 octets. This includes the initial length byte and final null byte, which accounts for the 2 byte difference.
This commit is contained in:
Tim Ledbetter
Andreas Kling
parent
1793f51bc6
commit
9a8cc5a98d
1 changed files with 11 additions and 0 deletions
|
|
@ -23,6 +23,9 @@ Name::Name(DeprecatedString const& name)
|
||||||
|
|
||||||
ErrorOr<Name> Name::parse(ReadonlyBytes data, size_t& offset, size_t recursion_level)
|
ErrorOr<Name> Name::parse(ReadonlyBytes data, size_t& offset, size_t recursion_level)
|
||||||
{
|
{
|
||||||
|
static constexpr size_t MAX_LABEL_SIZE = 63;
|
||||||
|
static constexpr size_t MAX_NAME_SIZE = 253;
|
||||||
|
|
||||||
if (recursion_level > 4)
|
if (recursion_level > 4)
|
||||||
return Name {};
|
return Name {};
|
||||||
|
|
||||||
|
|
@ -32,6 +35,8 @@ ErrorOr<Name> Name::parse(ReadonlyBytes data, size_t& offset, size_t recursion_l
|
||||||
return Error::from_string_literal("Unexpected EOF when parsing name");
|
return Error::from_string_literal("Unexpected EOF when parsing name");
|
||||||
u8 b = data[offset++];
|
u8 b = data[offset++];
|
||||||
if (b == '\0') {
|
if (b == '\0') {
|
||||||
|
if (builder.length() > MAX_NAME_SIZE)
|
||||||
|
return Error::from_string_literal("Domain name exceeds maximum allowed length");
|
||||||
// This terminates the name.
|
// This terminates the name.
|
||||||
return builder.to_deprecated_string();
|
return builder.to_deprecated_string();
|
||||||
} else if ((b & 0xc0) == 0xc0) {
|
} else if ((b & 0xc0) == 0xc0) {
|
||||||
|
|
@ -41,13 +46,19 @@ ErrorOr<Name> Name::parse(ReadonlyBytes data, size_t& offset, size_t recursion_l
|
||||||
size_t dummy = (b & 0x3f) << 8 | data[offset++];
|
size_t dummy = (b & 0x3f) << 8 | data[offset++];
|
||||||
auto rest_of_name = TRY(parse(data, dummy, recursion_level + 1));
|
auto rest_of_name = TRY(parse(data, dummy, recursion_level + 1));
|
||||||
builder.append(rest_of_name.as_string());
|
builder.append(rest_of_name.as_string());
|
||||||
|
if (builder.length() > MAX_NAME_SIZE)
|
||||||
|
return Error::from_string_literal("Domain name exceeds maximum allowed length");
|
||||||
return builder.to_deprecated_string();
|
return builder.to_deprecated_string();
|
||||||
} else {
|
} else {
|
||||||
// This is the length of a part.
|
// This is the length of a part.
|
||||||
if (offset + b >= data.size())
|
if (offset + b >= data.size())
|
||||||
return Error::from_string_literal("Unexpected EOF when parsing name");
|
return Error::from_string_literal("Unexpected EOF when parsing name");
|
||||||
|
if (b > MAX_LABEL_SIZE)
|
||||||
|
return Error::from_string_literal("DNS label exceeds maximum allowed length");
|
||||||
builder.append({ data.offset_pointer(offset), b });
|
builder.append({ data.offset_pointer(offset), b });
|
||||||
builder.append('.');
|
builder.append('.');
|
||||||
|
if (builder.length() > MAX_NAME_SIZE)
|
||||||
|
return Error::from_string_literal("Domain name exceeds maximum allowed length");
|
||||||
offset += b;
|
offset += b;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue