upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-03 13:29:36 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fix #1035: Potential Bug while parsing port from the "stub-host"

Browse source 
string; also affected forward-zones and remote-control host
  directives.
This commit is contained in:
Yorgos Thessalonikefs 2024-04-03 13:37:57 +02:00
parent dfff8d23cf
commit 91e8e0e511
2 changed files with 25 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
doc/Changelog
View file

@ -4,6 +4,11 @@
- For #1040: adjust error text and disallow negative ports in other
parts of cfg_mark_ports.
3 April 2024: Yorgos
- Fix #1035: Potential Bug while parsing port from the "stub-host"
string; also affected forward-zones and remote-control host
directives.
28 March 2024: Wouter
- Fix #1034: DoT forward-zone via unbound-control.
- Fix for crypto related failures to have a better error string.

28
util/net_help.c
View file

@ -77,6 +77,8 @@
/** max length of an IP address (the address portion) that we allow */
#define MAX_ADDR_STRLEN 128 /* characters */
/** max length of a hostname (with port and tls name) that we allow */
#define MAX_HOST_STRLEN (LDNS_MAX_DOMAINLEN * 3) /* characters */
/** default value for EDNS ADVERTISED size */
uint16_t EDNS_ADVERTISED_SIZE = 4096;
@ -486,28 +488,38 @@ uint8_t* authextstrtodname(char* str, int* port, char** auth_name)
*port = UNBOUND_DNS_PORT;
*auth_name = NULL;
if((s=strchr(str, '@'))) {
char buf[MAX_HOST_STRLEN];
size_t len = (size_t)(s-str);
char* hash = strchr(s+1, '#');
if(hash) {
*auth_name = hash+1;
} else {
*auth_name = NULL;
}
if(len >= MAX_HOST_STRLEN) {
return NULL;
}
(void)strlcpy(buf, str, sizeof(buf));
buf[len] = 0;
*port = atoi(s+1);
if(*port == 0) {
if(!hash && strcmp(s+1,"0")!=0)
return 0;
return NULL;
if(hash && strncmp(s+1,"0#",2)!=0)
return 0;
return NULL;
}
*s = 0;
dname = sldns_str2wire_dname(str, &dname_len);
*s = '@';
dname = sldns_str2wire_dname(buf, &dname_len);
} else if((s=strchr(str, '#'))) {
char buf[MAX_HOST_STRLEN];
size_t len = (size_t)(s-str);
if(len >= MAX_HOST_STRLEN) {
return NULL;
}
(void)strlcpy(buf, str, sizeof(buf));
buf[len] = 0;
*port = UNBOUND_DNS_OVER_TLS_PORT;
*auth_name = s+1;
*s = 0;
dname = sldns_str2wire_dname(str, &dname_len);
*s = '#';
dname = sldns_str2wire_dname(buf, &dname_len);
} else {
dname = sldns_str2wire_dname(str, &dname_len);
}