diff options
| author | Ronan Pigott <ronan@rjp.ie> | 2024-10-29 05:26:51 +0100 |
|---|---|---|
| committer | Ronan Pigott <ronan@rjp.ie> | 2024-10-29 22:18:37 +0100 |
| commit | b31b99d76fa221bd2f01f593e8426d64fa1b40d1 (patch) | |
| tree | f7b89aee84e28216ce2be1d5ae4c56759a729a04 | |
| parent | network: add missing else in dhcp_lease_load (diff) | |
| download | systemd-b31b99d76fa221bd2f01f593e8426d64fa1b40d1.tar.xz systemd-b31b99d76fa221bd2f01f593e8426d64fa1b40d1.zip | |
network: Restrict the valid charset of DNR names
Not all possible DNS names will survive serialization. Restrict the set
of valid dns names to LDH encoded names.
Fixes: 25c33e350042 (network: parse RFC9463 DHCPv4 DNR option, 2024-01-16)
Fixes: a07e83cc58f6 (network: Parse RFC9463 DHCPv6 DNR option, 2024-01-17)
Fixes: 0c90d1d2f243 (ndisc: Parse RFC9463 encrypted DNS (DNR) option, 2024-01-19)
| -rw-r--r-- | src/libsystemd-network/ndisc-option.c | 5 | ||||
| -rw-r--r-- | src/libsystemd-network/sd-dhcp-lease.c | 5 | ||||
| -rw-r--r-- | src/libsystemd-network/sd-dhcp6-lease.c | 6 |
3 files changed, 16 insertions, 0 deletions
diff --git a/src/libsystemd-network/ndisc-option.c b/src/libsystemd-network/ndisc-option.c index 1071d98b19..d784ffb3ff 100644 --- a/src/libsystemd-network/ndisc-option.c +++ b/src/libsystemd-network/ndisc-option.c @@ -1358,6 +1358,11 @@ static int ndisc_option_parse_encrypted_dns(Set **options, size_t offset, size_t r = ndisc_get_dns_name(opt + off, ilen, &res.auth_name); if (r < 0) return r; + r = dns_name_is_valid_ldh(res.auth_name); + if (r < 0) + return r; + if (!r) + return -EBADMSG; if (dns_name_is_root(res.auth_name)) return -EBADMSG; off += ilen; diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c index 6b2d810645..fc891a0b04 100644 --- a/src/libsystemd-network/sd-dhcp-lease.c +++ b/src/libsystemd-network/sd-dhcp-lease.c @@ -628,6 +628,11 @@ static int lease_parse_dnr(const uint8_t *option, size_t len, sd_dns_resolver ** r = lease_parse_dns_name(option + offset, ilen, &res.auth_name); if (r < 0) return r; + r = dns_name_is_valid_ldh(res.auth_name); + if (r < 0) + return r; + if (!r) + return -EBADMSG; if (dns_name_is_root(res.auth_name)) return -EBADMSG; offset += ilen; diff --git a/src/libsystemd-network/sd-dhcp6-lease.c b/src/libsystemd-network/sd-dhcp6-lease.c index bc054c42b2..2ff1e87a2e 100644 --- a/src/libsystemd-network/sd-dhcp6-lease.c +++ b/src/libsystemd-network/sd-dhcp6-lease.c @@ -8,6 +8,7 @@ #include "alloc-util.h" #include "dhcp6-internal.h" #include "dhcp6-lease-internal.h" +#include "dns-domain.h" #include "network-common.h" #include "sort-util.h" #include "strv.h" @@ -465,6 +466,11 @@ static int dhcp6_lease_add_dnr(sd_dhcp6_lease *lease, const uint8_t *optval, siz r = dhcp6_option_parse_domainname(optval + offset, ilen, &res.auth_name); if (r < 0) return r; + r = dns_name_is_valid_ldh(res.auth_name); + if (r < 0) + return r; + if (!r) + return -EBADMSG; offset += ilen; /* RFC9463 ยง 3.1.6: adn only mode */ |