commit b3ee22310122a141475760fd30e77190785a614b
parent c2f6ac88a7e113bed7c260c4286453936148fd1e
Author: Conrad Hoffmann <ch@bitfehler.net>
Date: Mon, 7 Aug 2023 16:37:44 +0200
net::dns: enforce actual label size restriction
The length of a label is indicated by a one byte value, but the upper
two bits are reserved for the "compression" algorithm (aka pointers).
See RFC 1035 section 4.1.4 [1] or the decoding functions, where pointers
are already implemented.
While at it, return an error instead of asserting.
[1] https://datatracker.ietf.org/doc/html/rfc1035#section-4.1.4
Signed-off-by: Conrad Hoffmann <ch@bitfehler.net>
Diffstat:
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/net/dns/encode.ha b/net/dns/encode.ha
@@ -71,8 +71,9 @@ fn encode_raw(enc: *encoder, val: []u8) (void | error) = {
fn encode_labels(enc: *encoder, names: []str) (void | error) = {
// TODO: Assert that the labels are all valid ASCII?
for (let i = 0z; i < len(names); i += 1) {
- // XXX: Should I return an error instead of asserting?
- assert(len(names[i]) < 256);
+ if (len(names[i]) > 63) {
+ return format;
+ };
if (len(enc.buf) <= enc.offs + 1 + len(names[i])) {
return errors::overflow;
};
