diff --git a/bin/tests/system/checkzone/zones/bad-svcb-alpn1.db b/bin/tests/system/checkzone/zones/bad-svcb-alpn1.db new file mode 100644 index 0000000000..dcbe0d19e2 --- /dev/null +++ b/bin/tests/system/checkzone/zones/bad-svcb-alpn1.db @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +; invalid zero length alpn (at start) due to missing double escape +svcb SVCB 1 . alpn=\,abc diff --git a/bin/tests/system/checkzone/zones/bad-svcb-alpn2.db b/bin/tests/system/checkzone/zones/bad-svcb-alpn2.db new file mode 100644 index 0000000000..14c0cbad4f --- /dev/null +++ b/bin/tests/system/checkzone/zones/bad-svcb-alpn2.db @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +; invalid zero length alpn (in midddle) due to missing double escape +svcb SVCB 1 . alpn=a\,\,abc diff --git a/bin/tests/system/checkzone/zones/bad-svcb-alpn3.db b/bin/tests/system/checkzone/zones/bad-svcb-alpn3.db new file mode 100644 index 0000000000..a479c2e7e7 --- /dev/null +++ b/bin/tests/system/checkzone/zones/bad-svcb-alpn3.db @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +; invalid zero length alpn (at end) due to missing double escape +svcb SVCB 1 . alpn=abc\, diff --git a/bin/tests/system/checkzone/zones/bad-svcb-alpn4.db b/bin/tests/system/checkzone/zones/bad-svcb-alpn4.db new file mode 100644 index 0000000000..5ba0850a15 --- /dev/null +++ b/bin/tests/system/checkzone/zones/bad-svcb-alpn4.db @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +; invalid zero length alpn at start +svcb SVCB 1 . alpn=,abc diff --git a/bin/tests/system/checkzone/zones/bad-svcb-alpn5.db b/bin/tests/system/checkzone/zones/bad-svcb-alpn5.db new file mode 100644 index 0000000000..349521a0a7 --- /dev/null +++ b/bin/tests/system/checkzone/zones/bad-svcb-alpn5.db @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +; invalid zero length alpn in midddle +svcb SVCB 1 . alpn=a,,abc diff --git a/bin/tests/system/checkzone/zones/bad-svcb-alpn6.db b/bin/tests/system/checkzone/zones/bad-svcb-alpn6.db new file mode 100644 index 0000000000..ae4171013d --- /dev/null +++ b/bin/tests/system/checkzone/zones/bad-svcb-alpn6.db @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +; invalid zero length alpn at end +svcb SVCB 1 . alpn=abc, diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c index 227dfbc795..5f0ab36092 100644 --- a/lib/dns/rdata.c +++ b/lib/dns/rdata.c @@ -1639,21 +1639,26 @@ commatxt_fromtext(isc_textregion_t *source, bool comma, isc_buffer_t *target) { if (comma) { /* - * Disallow empty ALPN at start (",h1") or in the - * middle ("h1,,h2"). + * Disallow empty ALPN at start (",h1" or "\,h1") or + * in the middle ("h1,,h2" or "h1\,\,h2"). */ - if (s == source->base || (seen_comma && s == source->base + 1)) - { + if ((t - tregion.base - 1) == 0) { return (DNS_R_SYNTAX); } - isc_textregion_consume(source, s - source->base); + /* - * Disallow empty ALPN at end ("h1,"). + * Consume this ALPN and possible ending comma. + */ + isc_textregion_consume(source, s - source->base); + + /* + * Disallow empty ALPN at end ("h1," or "h1\,"). */ if (seen_comma && source->length == 0) { return (DNS_R_SYNTAX); } } + *tregion.base = (unsigned char)(t - tregion.base - 1); isc_buffer_add(target, *tregion.base + 1); return (ISC_R_SUCCESS); diff --git a/tests/dns/rdata_test.c b/tests/dns/rdata_test.c index 0a9ec1c00a..0d7c23d6aa 100644 --- a/tests/dns/rdata_test.c +++ b/tests/dns/rdata_test.c @@ -2553,6 +2553,10 @@ ISC_RUN_TEST_IMPL(https_svcb) { TEXT_INVALID("2 svc.example.net. alpn=,h1"), TEXT_INVALID("2 svc.example.net. alpn=h1,"), TEXT_INVALID("2 svc.example.net. alpn=h1,,h2"), + /* empty alpn-id sub fields - RFC 1035 escaped commas */ + TEXT_INVALID("2 svc.example.net. alpn=\\,abc"), + TEXT_INVALID("2 svc.example.net. alpn=abc\\,"), + TEXT_INVALID("2 svc.example.net. alpn=a\\,\\,abc"), /* mandatory */ TEXT_VALID_LOOP(2, "2 svc.example.net. mandatory=alpn " "alpn=\"h2\""),