978e96
commit c0a25aa92b612786f4e45292c4aee1d7d47123f8
978e96
Author: Florian Weimer <fweimer@redhat.com>
978e96
Date:   Sat Nov 11 11:51:08 2017 +0100
978e96
978e96
    resolv: More precise checks in res_hnok, res_dnok [BZ #22409] [BZ #22412]
978e96
    
978e96
    res_hnok rejected some host names used on the Internet, such as
978e96
    www-.example.com.  res_hnok and res_dnok failed to perform basic syntax
978e96
    checking on DNS domain names.
978e96
    
978e96
    Also fix res_mailok, res_ownok.
978e96
978e96
diff --git a/resolv/res_comp.c b/resolv/res_comp.c
978e96
index ffb2ed59147d3680..79760e891f607daa 100644
978e96
--- a/resolv/res_comp.c
978e96
+++ b/resolv/res_comp.c
978e96
@@ -1,3 +1,21 @@
978e96
+/* Domain name processing functions.
978e96
+   Copyright (C) 1995-2017 Free Software Foundation, Inc.
978e96
+   This file is part of the GNU C Library.
978e96
+
978e96
+   The GNU C Library is free software; you can redistribute it and/or
978e96
+   modify it under the terms of the GNU Lesser General Public
978e96
+   License as published by the Free Software Foundation; either
978e96
+   version 2.1 of the License, or (at your option) any later version.
978e96
+
978e96
+   The GNU C Library is distributed in the hope that it will be useful,
978e96
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
978e96
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
978e96
+   Lesser General Public License for more details.
978e96
+
978e96
+   You should have received a copy of the GNU Lesser General Public
978e96
+   License along with the GNU C Library; if not, see
978e96
+   <http://www.gnu.org/licenses/>.  */
978e96
+
978e96
 /*
978e96
  * Copyright (c) 1985, 1993
978e96
  *    The Regents of the University of California.  All rights reserved.
978e96
@@ -121,110 +139,118 @@ dn_skipname(const u_char *ptr, const u_char *eom) {
978e96
 }
978e96
 libresolv_hidden_def (dn_skipname)
978e96
 
978e96
-/*
978e96
- * Verify that a domain name uses an acceptable character set.
978e96
- */
978e96
+/* Return true if the string consists of printable ASCII characters
978e96
+   only.  */
978e96
+static bool
978e96
+printable_string (const char *dn)
978e96
+{
978e96
+  while (true)
978e96
+    {
978e96
+      char ch = *dn;
978e96
+      if (ch == '\0')
978e96
+	return true;
978e96
+      if (ch <= ' ' || ch > '~')
978e96
+	return false;
978e96
+      ++dn;
978e96
+    }
978e96
+}
978e96
 
978e96
-/*
978e96
- * Note the conspicuous absence of ctype macros in these definitions.  On
978e96
- * non-ASCII hosts, we can't depend on string literals or ctype macros to
978e96
- * tell us anything about network-format data.  The rest of the BIND system
978e96
- * is not careful about this, but for some reason, we're doing it right here.
978e96
- */
978e96
-#define PERIOD 0x2e
978e96
-#define	hyphenchar(c) ((c) == 0x2d)
978e96
-#define	underscorechar(c) ((c) == 0x5f)
978e96
-#define bslashchar(c) ((c) == 0x5c)
978e96
-#define periodchar(c) ((c) == PERIOD)
978e96
-#define asterchar(c) ((c) == 0x2a)
978e96
-#define alphachar(c) (((c) >= 0x41 && (c) <= 0x5a) \
978e96
-		   || ((c) >= 0x61 && (c) <= 0x7a))
978e96
-#define digitchar(c) ((c) >= 0x30 && (c) <= 0x39)
978e96
-
978e96
-#define borderchar(c) (alphachar(c) || digitchar(c))
978e96
-#define middlechar(c) (borderchar(c) || hyphenchar(c) || underscorechar(c))
978e96
-#define	domainchar(c) ((c) > 0x20 && (c) < 0x7f)
978e96
+/* Return true if DN points to a name consisting only of [0-9a-zA-Z_-]
978e96
+   characters.  DN must be in DNS wire format, without
978e96
+   compression.  */
978e96
+static bool
978e96
+binary_hnok (const unsigned char *dn)
978e96
+{
978e96
+  while (true)
978e96
+    {
978e96
+      size_t label_length = *dn;
978e96
+      if (label_length == 0)
978e96
+	break;
978e96
+      ++dn;
978e96
+      const unsigned char *label_end = dn + label_length;
978e96
+      do
978e96
+	{
978e96
+	  unsigned char ch = *dn;
978e96
+	  if (!(('0' <= ch && ch <= '9')
978e96
+		|| ('A' <= ch && ch <= 'Z')
978e96
+		|| ('a' <= ch && ch <= 'z')
978e96
+		|| ch == '-' || ch == '_'))
978e96
+	    return false;
978e96
+	  ++dn;
978e96
+	}
978e96
+      while (dn < label_end);
978e96
+    }
978e96
+  return true;
978e96
+}
978e96
+
978e96
+/* Return true if the binary domain name has a first labels which
978e96
+   starts with '-'.  */
978e96
+static inline bool
978e96
+binary_leading_dash (const unsigned char *dn)
978e96
+{
978e96
+  return dn[0] > 0 && dn[1] == '-';
978e96
+}
978e96
 
978e96
+/* Return 1 if res_hnok is a valid host name.  Labels must only
978e96
+   contain [0-9a-zA-Z_-] characters, and the name must not start with
978e96
+   a '-'.  The latter is to avoid confusion with program options.  */
978e96
 int
978e96
-res_hnok(const char *dn) {
978e96
-	int pch = PERIOD, ch = *dn++;
978e96
-
978e96
-	while (ch != '\0') {
978e96
-		int nch = *dn++;
978e96
-
978e96
-		if (periodchar(ch)) {
978e96
-			(void)NULL;
978e96
-		} else if (periodchar(pch)) {
978e96
-			if (!borderchar(ch))
978e96
-				return (0);
978e96
-		} else if (periodchar(nch) || nch == '\0') {
978e96
-			if (!borderchar(ch))
978e96
-				return (0);
978e96
-		} else {
978e96
-			if (!middlechar(ch))
978e96
-				return (0);
978e96
-		}
978e96
-		pch = ch, ch = nch;
978e96
-	}
978e96
-	return (1);
978e96
+res_hnok (const char *dn)
978e96
+{
978e96
+  unsigned char buf[NS_MAXCDNAME];
978e96
+  if (!printable_string (dn)
978e96
+      || ns_name_pton (dn, buf, sizeof (buf)) < 0
978e96
+      || binary_leading_dash (buf))
978e96
+    return 0;
978e96
+  return binary_hnok (buf);
978e96
 }
978e96
 libresolv_hidden_def (res_hnok)
978e96
 
978e96
-/*
978e96
- * hostname-like (A, MX, WKS) owners can have "*" as their first label
978e96
- * but must otherwise be as a host name.
978e96
- */
978e96
+/* Hostname-like (A, MX, WKS) owners can have "*" as their first label
978e96
+   but must otherwise be as a host name.  */
978e96
 int
978e96
-res_ownok(const char *dn) {
978e96
-	if (asterchar(dn[0])) {
978e96
-		if (periodchar(dn[1]))
978e96
-			return (res_hnok(dn+2));
978e96
-		if (dn[1] == '\0')
978e96
-			return (1);
978e96
-	}
978e96
-	return (res_hnok(dn));
978e96
+res_ownok (const char *dn)
978e96
+{
978e96
+  unsigned char buf[NS_MAXCDNAME];
978e96
+  if (!printable_string (dn)
978e96
+      || ns_name_pton (dn, buf, sizeof (buf)) < 0
978e96
+      || binary_leading_dash (buf))
978e96
+    return 0;
978e96
+  if (buf[0] == 1 && buf [1] == '*')
978e96
+    /* Skip over the leading "*." part.  */
978e96
+    return binary_hnok (buf + 2);
978e96
+  else
978e96
+    return binary_hnok (buf);
978e96
 }
978e96
 
978e96
-/*
978e96
- * SOA RNAMEs and RP RNAMEs can have any printable character in their first
978e96
- * label, but the rest of the name has to look like a host name.
978e96
- */
978e96
+/* SOA RNAMEs and RP RNAMEs can have any byte in their first label,
978e96
+   but the rest of the name has to look like a host name.  */
978e96
 int
978e96
-res_mailok(const char *dn) {
978e96
-	int ch, escaped = 0;
978e96
-
978e96
-	/* "." is a valid missing representation */
978e96
-	if (*dn == '\0')
978e96
-		return (1);
978e96
-
978e96
-	/* otherwise <label>.<hostname> */
978e96
-	while ((ch = *dn++) != '\0') {
978e96
-		if (!domainchar(ch))
978e96
-			return (0);
978e96
-		if (!escaped && periodchar(ch))
978e96
-			break;
978e96
-		if (escaped)
978e96
-			escaped = 0;
978e96
-		else if (bslashchar(ch))
978e96
-			escaped = 1;
978e96
-	}
978e96
-	if (periodchar(ch))
978e96
-		return (res_hnok(dn));
978e96
-	return (0);
978e96
+res_mailok (const char *dn)
978e96
+{
978e96
+  unsigned char buf[NS_MAXCDNAME];
978e96
+  if (!printable_string (dn)
978e96
+      || ns_name_pton (dn, buf, sizeof (buf)) < 0)
978e96
+    return 0;
978e96
+  unsigned char label_length = buf[0];
978e96
+  /* "." is a valid missing representation */
978e96
+  if (label_length == 0)
978e96
+    return 1;
978e96
+  /* Skip over the first label.  */
978e96
+  unsigned char *tail = buf + 1 + label_length;
978e96
+  if (*tail == 0)
978e96
+    /* More than one label is required (except for ".").  */
978e96
+    return 0;
978e96
+  return binary_hnok (tail);
978e96
 }
978e96
 
978e96
-/*
978e96
- * This function is quite liberal, since RFC 1034's character sets are only
978e96
- * recommendations.
978e96
- */
978e96
+/* Return 1 if DN is a syntactically valid domain name.  Empty names
978e96
+   are accepted.  */
978e96
 int
978e96
-res_dnok(const char *dn) {
978e96
-	int ch;
978e96
-
978e96
-	while ((ch = *dn++) != '\0')
978e96
-		if (!domainchar(ch))
978e96
-			return (0);
978e96
-	return (1);
978e96
+res_dnok (const char *dn)
978e96
+{
978e96
+  unsigned char buf[NS_MAXCDNAME];
978e96
+  return printable_string (dn) && ns_name_pton (dn, buf, sizeof (buf)) >= 0;
978e96
 }
978e96
 libresolv_hidden_def (res_dnok)
978e96
 
978e96
diff --git a/resolv/tst-res_hnok.c b/resolv/tst-res_hnok.c
978e96
index 9c923038218e965c..314477a2ce2661c0 100644
978e96
--- a/resolv/tst-res_hnok.c
978e96
+++ b/resolv/tst-res_hnok.c
978e96
@@ -51,19 +51,31 @@ static const struct test_case tests[] =
978e96
   {
978e96
     { "", allok },
978e96
     { ".", allok },
978e96
+    { "..", 0 },
978e96
     { "www", allnomailok },
978e96
+    { "www.", allnomailok },
978e96
     { "example", allnomailok },
978e96
     { "example.com", allok },
978e96
     { "www.example.com", allok },
978e96
     { "www.example.com.", allok },
978e96
+    { "www-.example.com.", allok },
978e96
+    { "www.-example.com.", allok },
978e96
     { "*.example.com", dnok | mailok | ownok },
978e96
     { "-v", dnok },
978e96
     { "-v.example.com", mailok | dnok },
978e96
     { "**.example.com", dnok | mailok },
978e96
+    { "www.example.com\\", 0 },
978e96
     { STRING63, allnomailok },
978e96
+    { STRING63 ".", allnomailok },
978e96
+    { STRING63 "\\.", 0 },
978e96
+    { STRING63 "z", 0 },
978e96
     { STRING63 ".example.com", allok },
978e96
     { STRING63 "." STRING63 "." STRING63 "." STRING60 "z", allok },
978e96
+    { STRING63 "." STRING63 "." STRING63 "." STRING60 "z.", allok },
978e96
+    { STRING63 "." STRING63 "." STRING63 "." STRING60 "zz", 0 },
978e96
+    { STRING63 "." STRING63 "." STRING63 "." STRING60 "zzz", 0 },
978e96
     { "hostmaster@mail.example.com", dnok | mailok },
978e96
+    { "hostmaster\\@mail.example.com", dnok | mailok },
978e96
     { "with whitespace", 0 },
978e96
     { "with\twhitespace", 0 },
978e96
     { "with\nwhitespace", 0 },
978e96
@@ -116,6 +128,12 @@ one_char (const char *prefix, const char *accepted, const char *suffix,
978e96
     }
978e96
 }
978e96
 
978e96
+#define LETTERSDIGITS \
978e96
+  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
978e96
+
978e96
+#define PRINTABLE \
978e96
+  "!\"#$%&'()*+,/:;<=>?@[\\]^`{|}~"
978e96
+
978e96
 static int
978e96
 do_test (void)
978e96
 {
978e96
@@ -131,20 +149,18 @@ do_test (void)
978e96
     }
978e96
 
978e96
   one_char
978e96
-    ("", "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789.",
978e96
-     "", "res_hnok", res_hnok);
978e96
+    ("", LETTERSDIGITS "._", "", "res_hnok", res_hnok);
978e96
   one_char
978e96
     ("middle",
978e96
-     "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789.-_",
978e96
+     LETTERSDIGITS ".-_\\", /* "middle\\suffix" == "middlesuffix", so good.  */
978e96
      "suffix", "res_hnok", res_hnok);
978e96
   one_char
978e96
     ("middle",
978e96
-     "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789.-_"
978e96
-     "!\"#$%&'()*+,/:;<=>?@[\\]^`{|}~",
978e96
+     LETTERSDIGITS ".-_" PRINTABLE,
978e96
      "suffix.example", "res_mailok", res_mailok);
978e96
   one_char
978e96
     ("mailbox.middle",
978e96
-     "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789.-_",
978e96
+     LETTERSDIGITS ".-_\\",
978e96
      "suffix.example", "res_mailok", res_mailok);
978e96
 
978e96
   return 0;