From ce8356905c0eb9ec29c6173c7b2dcde14c6cdb3c Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 17 Jun 2024 23:16:28 +1000
Subject: [PATCH 1/3] Properly reject zero length ALPN in commatxt_fromtext

ALPN are defined as 1*255OCTET in RFC 9460.  commatxt_fromtext was not
rejecting invalid inputs produces by missing a level of escaping
which where later caught be dns_rdata_fromwire on reception.

These inputs should have been rejected

	svcb in svcb 1 1.svcb alpn=\,abc
	svcb1 in svcb 1 1.svcb alpn=a\,\,abc

and generated 00 03 61 62 63 and 01 61 00 02 61 62 63 respectively.

The correct inputs to include commas in the alpn requires double
escaping.

	svcb in svcb 1 1.svcb alpn=\\,abc
	svcb1 in svcb 1 1.svcb alpn=a\\,\\,abc

and generate 04 2C 61 62 63 and 06 61 2C 2C 61 62 63 respectively.

(cherry picked from commit b51c9eb7975ad883fc6380347b9be56d4976e730)
---
 lib/dns/rdata.c        | 17 +++++++++++------
 tests/dns/rdata_test.c |  4 ++++
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c
index 227dfbc795..5f0ab36092 100644
--- a/lib/dns/rdata.c
+++ b/lib/dns/rdata.c
@@ -1639,21 +1639,26 @@ commatxt_fromtext(isc_textregion_t *source, bool comma, isc_buffer_t *target) {
 
 	if (comma) {
 		/*
-		 * Disallow empty ALPN at start (",h1") or in the
-		 * middle ("h1,,h2").
+		 * Disallow empty ALPN at start (",h1" or "\,h1") or
+		 * in the middle ("h1,,h2" or "h1\,\,h2").
 		 */
-		if (s == source->base || (seen_comma && s == source->base + 1))
-		{
+		if ((t - tregion.base - 1) == 0) {
 			return (DNS_R_SYNTAX);
 		}
-		isc_textregion_consume(source, s - source->base);
+
 		/*
-		 * Disallow empty ALPN at end ("h1,").
+		 * Consume this ALPN and possible ending comma.
+		 */
+		isc_textregion_consume(source, s - source->base);
+
+		/*
+		 * Disallow empty ALPN at end ("h1," or "h1\,").
 		 */
 		if (seen_comma && source->length == 0) {
 			return (DNS_R_SYNTAX);
 		}
 	}
+
 	*tregion.base = (unsigned char)(t - tregion.base - 1);
 	isc_buffer_add(target, *tregion.base + 1);
 	return (ISC_R_SUCCESS);
diff --git a/tests/dns/rdata_test.c b/tests/dns/rdata_test.c
index 0a9ec1c00a..0d7c23d6aa 100644
--- a/tests/dns/rdata_test.c
+++ b/tests/dns/rdata_test.c
@@ -2553,6 +2553,10 @@ ISC_RUN_TEST_IMPL(https_svcb) {
 		TEXT_INVALID("2 svc.example.net. alpn=,h1"),
 		TEXT_INVALID("2 svc.example.net. alpn=h1,"),
 		TEXT_INVALID("2 svc.example.net. alpn=h1,,h2"),
+		/* empty alpn-id sub fields - RFC 1035 escaped commas */
+		TEXT_INVALID("2 svc.example.net. alpn=\\,abc"),
+		TEXT_INVALID("2 svc.example.net. alpn=abc\\,"),
+		TEXT_INVALID("2 svc.example.net. alpn=a\\,\\,abc"),
 		/* mandatory */
 		TEXT_VALID_LOOP(2, "2 svc.example.net. mandatory=alpn "
 				   "alpn=\"h2\""),

From 74a8cc9db63719b7e17871997f8d6a1300953277 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 17 Jun 2024 17:00:36 +1000
Subject: [PATCH 2/3] Check invalid alpn produced due to missing double escapes

(cherry picked from commit a49b2a3568a3cc4c5396add46ea35700ef87058e)
---
 .../system/checkzone/zones/bad-svcb-alpn1.db    | 17 +++++++++++++++++
 .../system/checkzone/zones/bad-svcb-alpn2.db    | 17 +++++++++++++++++
 .../system/checkzone/zones/bad-svcb-alpn3.db    | 17 +++++++++++++++++
 3 files changed, 51 insertions(+)
 create mode 100644 bin/tests/system/checkzone/zones/bad-svcb-alpn1.db
 create mode 100644 bin/tests/system/checkzone/zones/bad-svcb-alpn2.db
 create mode 100644 bin/tests/system/checkzone/zones/bad-svcb-alpn3.db

diff --git a/bin/tests/system/checkzone/zones/bad-svcb-alpn1.db b/bin/tests/system/checkzone/zones/bad-svcb-alpn1.db
new file mode 100644
index 0000000000..dcbe0d19e2
--- /dev/null
+++ b/bin/tests/system/checkzone/zones/bad-svcb-alpn1.db
@@ -0,0 +1,17 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0.  If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 600
+@		SOA	ns hostmaster 2011012708 3600 1200 604800 1200
+		NS	ns
+ns		A	192.0.2.1
+; invalid zero length alpn (at start) due to missing double escape
+svcb		SVCB	1 . alpn=\,abc
diff --git a/bin/tests/system/checkzone/zones/bad-svcb-alpn2.db b/bin/tests/system/checkzone/zones/bad-svcb-alpn2.db
new file mode 100644
index 0000000000..14c0cbad4f
--- /dev/null
+++ b/bin/tests/system/checkzone/zones/bad-svcb-alpn2.db
@@ -0,0 +1,17 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0.  If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 600
+@		SOA	ns hostmaster 2011012708 3600 1200 604800 1200
+		NS	ns
+ns		A	192.0.2.1
+; invalid zero length alpn (in midddle) due to missing double escape
+svcb            SVCB    1 . alpn=a\,\,abc
diff --git a/bin/tests/system/checkzone/zones/bad-svcb-alpn3.db b/bin/tests/system/checkzone/zones/bad-svcb-alpn3.db
new file mode 100644
index 0000000000..a479c2e7e7
--- /dev/null
+++ b/bin/tests/system/checkzone/zones/bad-svcb-alpn3.db
@@ -0,0 +1,17 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0.  If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 600
+@		SOA	ns hostmaster 2011012708 3600 1200 604800 1200
+		NS	ns
+ns		A	192.0.2.1
+; invalid zero length alpn (at end) due to missing double escape
+svcb            SVCB    1 . alpn=abc\,

From a8d86f05315bf8446d610f7f927042cb6438e4d5 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 1 Jul 2024 09:23:31 +1000
Subject: [PATCH 3/3] Check invalid alpn empty value

(cherry picked from commit fa35c673018cadcaca0d238e5a53d68b68164081)
---
 .../system/checkzone/zones/bad-svcb-alpn4.db    | 17 +++++++++++++++++
 .../system/checkzone/zones/bad-svcb-alpn5.db    | 17 +++++++++++++++++
 .../system/checkzone/zones/bad-svcb-alpn6.db    | 17 +++++++++++++++++
 3 files changed, 51 insertions(+)
 create mode 100644 bin/tests/system/checkzone/zones/bad-svcb-alpn4.db
 create mode 100644 bin/tests/system/checkzone/zones/bad-svcb-alpn5.db
 create mode 100644 bin/tests/system/checkzone/zones/bad-svcb-alpn6.db

diff --git a/bin/tests/system/checkzone/zones/bad-svcb-alpn4.db b/bin/tests/system/checkzone/zones/bad-svcb-alpn4.db
new file mode 100644
index 0000000000..5ba0850a15
--- /dev/null
+++ b/bin/tests/system/checkzone/zones/bad-svcb-alpn4.db
@@ -0,0 +1,17 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0.  If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 600
+@		SOA	ns hostmaster 2011012708 3600 1200 604800 1200
+		NS	ns
+ns		A	192.0.2.1
+; invalid zero length alpn at start
+svcb		SVCB	1 . alpn=,abc
diff --git a/bin/tests/system/checkzone/zones/bad-svcb-alpn5.db b/bin/tests/system/checkzone/zones/bad-svcb-alpn5.db
new file mode 100644
index 0000000000..349521a0a7
--- /dev/null
+++ b/bin/tests/system/checkzone/zones/bad-svcb-alpn5.db
@@ -0,0 +1,17 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0.  If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 600
+@		SOA	ns hostmaster 2011012708 3600 1200 604800 1200
+		NS	ns
+ns		A	192.0.2.1
+; invalid zero length alpn in midddle
+svcb            SVCB    1 . alpn=a,,abc
diff --git a/bin/tests/system/checkzone/zones/bad-svcb-alpn6.db b/bin/tests/system/checkzone/zones/bad-svcb-alpn6.db
new file mode 100644
index 0000000000..ae4171013d
--- /dev/null
+++ b/bin/tests/system/checkzone/zones/bad-svcb-alpn6.db
@@ -0,0 +1,17 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0.  If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 600
+@		SOA	ns hostmaster 2011012708 3600 1200 604800 1200
+		NS	ns
+ns		A	192.0.2.1
+; invalid zero length alpn at end
+svcb            SVCB    1 . alpn=abc,