upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-08 21:02:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Dispatch: carefully check if the server name for SNI is a hostname

Browse source 
Previously the code would not check if the string intended to be used
for SNI is a hostname.
This commit is contained in:
Artem Boldariev 2025-03-18 12:52:18 +02:00
parent 16a306687a
commit 2592e309c7
1 changed files with 20 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
lib/dns/dispatch.c
View file

@ -1966,6 +1966,25 @@ udp_dispatch_connect(dns_dispatch_t *disp, dns_dispentry_t *resp) {
udp_connected, resp, resp->timeout);
}
static inline const char *
get_tls_sni_hostname(dns_dispentry_t *resp) {
char *hostname = NULL;
if (resp->transport != NULL) {
hostname = dns_transport_get_remote_hostname(resp->transport);
}
if (hostname == NULL) {
return NULL;
}
if (isc_tls_valid_sni_hostname(hostname)) {
return hostname;
}
return NULL;
}
static isc_result_t
tcp_dispatch_connect(dns_dispatch_t *disp, dns_dispentry_t *resp) {
dns_transport_type_t transport_type = DNS_TRANSPORT_TCP;
@ -2013,11 +2032,7 @@ tcp_dispatch_connect(dns_dispatch_t *disp, dns_dispentry_t *resp) {
"connecting from %s to %s, timeout %u", localbuf,
peerbuf, resp->connect_timeout);
char *hostname = NULL;
if (resp->transport != NULL) {
hostname = dns_transport_get_remote_hostname(
resp->transport);
}
const char *hostname = get_tls_sni_hostname(resp);
isc_nm_streamdnsconnect(disp->mgr->nm, &disp->local,
&disp->peer, tcp_connected, disp,