dns/dnsmessage: reject compressed SRV resource records
Updates golang/go#10622
Change-Id: Iadf0ff0fd223a315130941464040aef5e71f6130
Reviewed-on: https://go-review.googlesource.com/100055
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
diff --git a/dns/dnsmessage/message.go b/dns/dnsmessage/message.go
index 0ab4aab..d8d3b03 100644
--- a/dns/dnsmessage/message.go
+++ b/dns/dnsmessage/message.go
@@ -91,6 +91,7 @@
errTooManyAdditionals = errors.New("too many Additionals to pack (>65535)")
errNonCanonicalName = errors.New("name is not in canonical format (it must end with a .)")
errStringTooLong = errors.New("character string exceeds maximum length (255)")
+ errCompressedSRV = errors.New("compressed name in SRV resource data")
)
// Internal constants.
@@ -1610,6 +1611,10 @@
// unpack unpacks a domain name.
func (n *Name) unpack(msg []byte, off int) (int, error) {
+ return n.unpackCompressed(msg, off, true /* allowCompression */)
+}
+
+func (n *Name) unpackCompressed(msg []byte, off int, allowCompression bool) (int, error) {
// currOff is the current working offset.
currOff := off
@@ -1645,6 +1650,9 @@
name = append(name, '.')
currOff = endOff
case 0xC0: // Pointer
+ if !allowCompression {
+ return off, errCompressedSRV
+ }
if currOff >= len(msg) {
return off, errInvalidPtr
}
@@ -2044,7 +2052,7 @@
return SRVResource{}, &nestedError{"Port", err}
}
var target Name
- if _, err := target.unpack(msg, off); err != nil {
+ if _, err := target.unpackCompressed(msg, off, false /* allowCompression */); err != nil {
return SRVResource{}, &nestedError{"Target", err}
}
return SRVResource{priority, weight, port, target}, nil
diff --git a/dns/dnsmessage/message_test.go b/dns/dnsmessage/message_test.go
index c143d7e..052897f 100644
--- a/dns/dnsmessage/message_test.go
+++ b/dns/dnsmessage/message_test.go
@@ -158,6 +158,28 @@
}
}
+func TestIncompressibleName(t *testing.T) {
+ name := mustNewName("example.com.")
+ compression := map[string]int{}
+ buf, err := name.pack(make([]byte, 0, 100), compression, 0)
+ if err != nil {
+ t.Fatal("First packing failed:", err)
+ }
+ buf, err = name.pack(buf, compression, 0)
+ if err != nil {
+ t.Fatal("Second packing failed:", err)
+ }
+ var n1 Name
+ off, err := n1.unpackCompressed(buf, 0, false /* allowCompression */)
+ if err != nil {
+ t.Fatal("Unpacking incompressible name without pointers failed:", err)
+ }
+ var n2 Name
+ if _, err := n2.unpackCompressed(buf, off, false /* allowCompression */); err != errCompressedSRV {
+ t.Errorf("Unpacking compressed incompressible name with pointers: got err = %v, want = %v", err, errCompressedSRV)
+ }
+}
+
func checkErrorPrefix(err error, prefix string) bool {
e, ok := err.(*nestedError)
return ok && e.s == prefix