From e63785611713cab0131599565cb3a1bb505640c7 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 12 Sep 2024 17:08:36 +0200
Subject: resolved: explicitly refuse adding invalid DNS names to DNS packets

Fixes: #33671
---
 src/resolve/resolved-dns-packet.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src')

diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
index 2684944b75..c414ca800c 100644
--- a/src/resolve/resolved-dns-packet.c
+++ b/src/resolve/resolved-dns-packet.c
@@ -564,6 +564,12 @@ int dns_packet_append_name(
         assert(p);
         assert(name);
 
+        r = dns_name_is_valid(name);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return -EINVAL;
+
         if (p->refuse_compression)
                 allow_compression = false;
 
-- 
cgit v1.2.3