From 2abb70c302efe46dfd8fd9e1d64fa00f1376f428 Mon Sep 17 00:00:00 2001 From: Szabolcs Nagy Date: Thu, 5 Jun 2014 22:52:40 +0200 Subject: fix the domain name length limit checks A domain name is at most 255 bytes long (RFC 1035), but the string representation is two bytes smaller so the strlen maximum is 253. --- src/network/lookup_name.c | 4 ++-- src/network/res_mkquery.c | 4 ++-- src/network/res_querydomain.c | 8 ++++---- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/network/lookup_name.c b/src/network/lookup_name.c index f324e547..68b172b4 100644 --- a/src/network/lookup_name.c +++ b/src/network/lookup_name.c @@ -14,7 +14,7 @@ static int is_valid_hostname(const char *host) { const unsigned char *s; - if (strnlen(host, 256)-1 > 254 || mbstowcs(0, host, 0) > 255) return 0; + if (strnlen(host, 254)-1 >= 253 || mbstowcs(0, host, 0) == -1) return 0; for (s=(void *)host; *s>=0x80 || *s=='.' || *s=='-' || isalnum(*s); s++); return !*s; } @@ -153,7 +153,7 @@ int __lookup_name(struct address buf[static MAXADDRS], char canon[static 256], c *canon = 0; if (name) { size_t l; - if ((l = strnlen(name, 256))-1 > 254) + if ((l = strnlen(name, 254))-1 >= 253) return EAI_NONAME; memcpy(canon, name, l+1); } diff --git a/src/network/res_mkquery.c b/src/network/res_mkquery.c index f7e4e9c6..7c49709e 100644 --- a/src/network/res_mkquery.c +++ b/src/network/res_mkquery.c @@ -10,9 +10,9 @@ int __res_mkquery(int op, const char *dname, int class, int type, int id, i, j; unsigned char q[280]; struct timespec ts; - size_t l = strnlen(dname, 256); + size_t l = strnlen(dname, 254); - if (l-1>=254 || buflen<18+l || op>15u || class>255u || type>255u) + if (l-1>=253 || buflen<18+l || op>15u || class>255u || type>255u) return -1; /* Construct query template - ID will be filled later */ diff --git a/src/network/res_querydomain.c b/src/network/res_querydomain.c index c746dbe6..8ba31f45 100644 --- a/src/network/res_querydomain.c +++ b/src/network/res_querydomain.c @@ -3,10 +3,10 @@ int res_querydomain(const char *name, const char *domain, int class, int type, unsigned char *dest, int len) { - char tmp[256]; - size_t nl = strnlen(name, 256); - size_t dl = strnlen(domain, 256); - if (nl+dl+1 > 255) return -1; + char tmp[254]; + size_t nl = strnlen(name, 254); + size_t dl = strnlen(domain, 254); + if (nl+dl+1 > 253) return -1; memcpy(tmp, name, nl); tmp[nl] = '.'; memcpy(tmp+nl+1, domain, dl+1); -- cgit v1.2.1