upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-10 10:10:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

[9.18] fix: usr: SVBC alpn text parsing failed to reject zero length alpn

Browse source 
Closes #4775

Backport of MR !9106

Merge branch 'backport-4775-reject-zero-length-alpn-in-alpn-fromtext-9.18' into 'bind-9.18'

See merge request isc-projects/bind9!9210
This commit is contained in:
Mark Andrews 2024-08-01 02:28:23 +00:00
commit 8f7be89052
8 changed files with 117 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
bin/tests/system/checkzone/zones/bad-svcb-alpn1.db Normal file
View file

@ -0,0 +1,17 @@
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; SPDX-License-Identifier: MPL-2.0
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, you can obtain one at https://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
$TTL 600
@ SOA ns hostmaster 2011012708 3600 1200 604800 1200
NS ns
ns A 192.0.2.1
; invalid zero length alpn (at start) due to missing double escape
svcb SVCB 1 . alpn=\,abc

17
bin/tests/system/checkzone/zones/bad-svcb-alpn2.db Normal file
View file

@ -0,0 +1,17 @@
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; SPDX-License-Identifier: MPL-2.0
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, you can obtain one at https://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
$TTL 600
@ SOA ns hostmaster 2011012708 3600 1200 604800 1200
NS ns
ns A 192.0.2.1
; invalid zero length alpn (in midddle) due to missing double escape
svcb SVCB 1 . alpn=a\,\,abc

17
bin/tests/system/checkzone/zones/bad-svcb-alpn3.db Normal file
View file

@ -0,0 +1,17 @@
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; SPDX-License-Identifier: MPL-2.0
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, you can obtain one at https://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
$TTL 600
@ SOA ns hostmaster 2011012708 3600 1200 604800 1200
NS ns
ns A 192.0.2.1
; invalid zero length alpn (at end) due to missing double escape
svcb SVCB 1 . alpn=abc\,

17
bin/tests/system/checkzone/zones/bad-svcb-alpn4.db Normal file
View file

@ -0,0 +1,17 @@
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; SPDX-License-Identifier: MPL-2.0
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, you can obtain one at https://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
$TTL 600
@ SOA ns hostmaster 2011012708 3600 1200 604800 1200
NS ns
ns A 192.0.2.1
; invalid zero length alpn at start
svcb SVCB 1 . alpn=,abc

17
bin/tests/system/checkzone/zones/bad-svcb-alpn5.db Normal file
View file

@ -0,0 +1,17 @@
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; SPDX-License-Identifier: MPL-2.0
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, you can obtain one at https://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
$TTL 600
@ SOA ns hostmaster 2011012708 3600 1200 604800 1200
NS ns
ns A 192.0.2.1
; invalid zero length alpn in midddle
svcb SVCB 1 . alpn=a,,abc

17
bin/tests/system/checkzone/zones/bad-svcb-alpn6.db Normal file
View file

@ -0,0 +1,17 @@
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; SPDX-License-Identifier: MPL-2.0
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, you can obtain one at https://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
$TTL 600
@ SOA ns hostmaster 2011012708 3600 1200 604800 1200
NS ns
ns A 192.0.2.1
; invalid zero length alpn at end
svcb SVCB 1 . alpn=abc,

17
lib/dns/rdata.c
View file

@ -1639,21 +1639,26 @@ commatxt_fromtext(isc_textregion_t *source, bool comma, isc_buffer_t *target) {
if (comma) {
/*
* Disallow empty ALPN at start (",h1") or in the
* middle ("h1,,h2").
* Disallow empty ALPN at start (",h1" or "\,h1") or
* in the middle ("h1,,h2" or "h1\,\,h2").
*/
if (s == source->base || (seen_comma && s == source->base + 1))
{
if ((t - tregion.base - 1) == 0) {
return (DNS_R_SYNTAX);
}
isc_textregion_consume(source, s - source->base);
/*
* Disallow empty ALPN at end ("h1,").
* Consume this ALPN and possible ending comma.
*/
isc_textregion_consume(source, s - source->base);
/*
* Disallow empty ALPN at end ("h1," or "h1\,").
*/
if (seen_comma && source->length == 0) {
return (DNS_R_SYNTAX);
}
}
*tregion.base = (unsigned char)(t - tregion.base - 1);
isc_buffer_add(target, *tregion.base + 1);
return (ISC_R_SUCCESS);

4
tests/dns/rdata_test.c
View file

@ -2553,6 +2553,10 @@ ISC_RUN_TEST_IMPL(https_svcb) {
TEXT_INVALID("2 svc.example.net. alpn=,h1"),
TEXT_INVALID("2 svc.example.net. alpn=h1,"),
TEXT_INVALID("2 svc.example.net. alpn=h1,,h2"),
/* empty alpn-id sub fields - RFC 1035 escaped commas */
TEXT_INVALID("2 svc.example.net. alpn=\\,abc"),
TEXT_INVALID("2 svc.example.net. alpn=abc\\,"),
TEXT_INVALID("2 svc.example.net. alpn=a\\,\\,abc"),
/* mandatory */
TEXT_VALID_LOOP(2, "2 svc.example.net. mandatory=alpn "
"alpn=\"h2\""),