• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 
2 /* Copyright 1998, 2011 by the Massachusetts Institute of Technology.
3  *
4  * Permission to use, copy, modify, and distribute this
5  * software and its documentation for any purpose and without
6  * fee is hereby granted, provided that the above copyright
7  * notice appear in all copies and that both that copyright
8  * notice and this permission notice appear in supporting
9  * documentation, and that the name of M.I.T. not be used in
10  * advertising or publicity pertaining to distribution of the
11  * software without specific, written prior permission.
12  * M.I.T. makes no representations about the suitability of
13  * this software for any purpose.  It is provided "as is"
14  * without express or implied warranty.
15  */
16 
17 #include "ares_setup.h"
18 
19 #ifdef HAVE_NETINET_IN_H
20 #  include <netinet/in.h>
21 #endif
22 #ifdef HAVE_ARPA_NAMESER_H
23 #  include <arpa/nameser.h>
24 #else
25 #  include "nameser.h"
26 #endif
27 #ifdef HAVE_ARPA_NAMESER_COMPAT_H
28 #  include <arpa/nameser_compat.h>
29 #endif
30 
31 #include "ares.h"
32 #include "ares_nowarn.h"
33 #include "ares_private.h" /* for the memdebug */
34 
35 /* Maximum number of indirections allowed for a name */
36 #define MAX_INDIRS 50
37 
38 static int name_length(const unsigned char *encoded, const unsigned char *abuf,
39                        int alen);
is_reservedch(ch)40 static int is_reservedch(ch)
41 {
42   switch(ch) {
43     case '"':
44     case '.':
45     case ';':
46     case '\\':
47     case '(':
48     case ')':
49     case '@':
50     case '$':
51       return 1;
52     default:
53       break;
54   }
55   return 0;
56 }
57 /* Expand an RFC1035-encoded domain name given by encoded.  The
58  * containing message is given by abuf and alen.  The result given by
59  * *s, which is set to a NUL-terminated allocated buffer.  *enclen is
60  * set to the length of the encoded name (not the length of the
61  * expanded name; the goal is to tell the caller how many bytes to
62  * move forward to get past the encoded name).
63  *
64  * In the simple case, an encoded name is a series of labels, each
65  * composed of a one-byte length (limited to values between 0 and 63
66  * inclusive) followed by the label contents.  The name is terminated
67  * by a zero-length label.
68  *
69  * In the more complicated case, a label may be terminated by an
70  * indirection pointer, specified by two bytes with the high bits of
71  * the first byte (corresponding to INDIR_MASK) set to 11.  With the
72  * two high bits of the first byte stripped off, the indirection
73  * pointer gives an offset from the beginning of the containing
74  * message with more labels to decode.  Indirection can happen an
75  * arbitrary number of times, so we have to detect loops.
76  *
77  * Since the expanded name uses '.' as a label separator, we use
78  * backslashes to escape periods or backslashes in the expanded name.
79  */
80 
ares_expand_name(const unsigned char * encoded,const unsigned char * abuf,int alen,char ** s,long * enclen)81 int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf,
82                      int alen, char **s, long *enclen)
83 {
84   int len, indir = 0;
85   char *q;
86   const unsigned char *p;
87   union {
88     ares_ssize_t sig;
89      size_t uns;
90   } nlen;
91 
92   nlen.sig = name_length(encoded, abuf, alen);
93   if (nlen.sig < 0)
94     return ARES_EBADNAME;
95 
96   *s = ares_malloc(nlen.uns + 1);
97   if (!*s)
98     return ARES_ENOMEM;
99   q = *s;
100 
101   if (nlen.uns == 0) {
102     /* RFC2181 says this should be ".": the root of the DNS tree.
103      * Since this function strips trailing dots though, it becomes ""
104      */
105     q[0] = '\0';
106 
107     /* indirect root label (like 0xc0 0x0c) is 2 bytes long (stupid, but
108        valid) */
109     if ((*encoded & INDIR_MASK) == INDIR_MASK)
110       *enclen = 2L;
111     else
112       *enclen = 1L;  /* the caller should move one byte to get past this */
113 
114     return ARES_SUCCESS;
115   }
116 
117   /* No error-checking necessary; it was all done by name_length(). */
118   p = encoded;
119   while (*p)
120     {
121       if ((*p & INDIR_MASK) == INDIR_MASK)
122         {
123           if (!indir)
124             {
125               *enclen = aresx_uztosl(p + 2U - encoded);
126               indir = 1;
127             }
128           p = abuf + ((*p & ~INDIR_MASK) << 8 | *(p + 1));
129         }
130       else
131         {
132           int name_len = *p;
133 	  len = name_len;
134           p++;
135           while (len--)
136             {
137               if(!isprint(*p) && !(name_len == 1 && *p == 0)) {
138                 *q++ = '\\';
139 		*q++ = '0' + *p / 100;
140 		*q++ = '0' + (*p % 100) /10;
141 		*q++ = '0' + (*p % 10);
142 	      } else if (is_reservedch(*p)) {
143                 *q++ = '\\';
144 		*q++ = *p;
145 	      } else {
146                 *q++ = *p;
147 	      }
148               p++;
149             }
150           *q++ = '.';
151         }
152     }
153   if (!indir)
154     *enclen = aresx_uztosl(p + 1U - encoded);
155 
156   /* Nuke the trailing period if we wrote one. */
157   if (q > *s)
158     *(q - 1) = 0;
159   else
160     *q = 0; /* zero terminate; LCOV_EXCL_LINE: empty names exit above */
161 
162   return ARES_SUCCESS;
163 }
164 
165 /* Return the length of the expansion of an encoded domain name, or
166  * -1 if the encoding is invalid.
167  */
name_length(const unsigned char * encoded,const unsigned char * abuf,int alen)168 static int name_length(const unsigned char *encoded, const unsigned char *abuf,
169                        int alen)
170 {
171   int n = 0, offset, indir = 0, top;
172 
173   /* Allow the caller to pass us abuf + alen and have us check for it. */
174   if (encoded >= abuf + alen)
175     return -1;
176 
177   while (*encoded)
178     {
179       top = (*encoded & INDIR_MASK);
180       if (top == INDIR_MASK)
181         {
182           /* Check the offset and go there. */
183           if (encoded + 1 >= abuf + alen)
184             return -1;
185           offset = (*encoded & ~INDIR_MASK) << 8 | *(encoded + 1);
186           if (offset >= alen)
187             return -1;
188           encoded = abuf + offset;
189 
190           /* If we've seen more indirects than the message length,
191            * then there's a loop.
192            */
193           ++indir;
194           if (indir > alen || indir > MAX_INDIRS)
195             return -1;
196         }
197       else if (top == 0x00)
198         {
199 	  int name_len = *encoded;
200 	  offset = name_len;
201           if (encoded + offset + 1 >= abuf + alen)
202             return -1;
203           encoded++;
204 
205           while (offset--)
206             {
207               if(!isprint(*encoded) && !(name_len == 1 && *encoded == 0)) {
208                 n += 4;
209 	      } else if (is_reservedch(*encoded)) {
210                 n += 2;
211 	      } else {
212                 n += 1;
213 	      }
214 	      encoded++;
215             }
216           n++;
217         }
218       else
219         {
220           /* RFC 1035 4.1.4 says other options (01, 10) for top 2
221            * bits are reserved.
222            */
223           return -1;
224         }
225     }
226 
227   /* If there were any labels at all, then the number of dots is one
228    * less than the number of labels, so subtract one.
229    */
230   return (n) ? n - 1 : n;
231 }
232 
233 /* Like ares_expand_name but returns EBADRESP in case of invalid input. */
ares__expand_name_for_response(const unsigned char * encoded,const unsigned char * abuf,int alen,char ** s,long * enclen)234 int ares__expand_name_for_response(const unsigned char *encoded,
235                                    const unsigned char *abuf, int alen,
236                                    char **s, long *enclen)
237 {
238   int status = ares_expand_name(encoded, abuf, alen, s, enclen);
239   if (status == ARES_EBADNAME)
240     status = ARES_EBADRESP;
241   return status;
242 }
243