aboutsummaryrefslogtreecommitdiff
path: root/ares
diff options
context:
space:
mode:
authorSteinar H. Gunderson <sesse@google.com>2007-09-29 13:58:23 +0000
committerSteinar H. Gunderson <sesse@google.com>2007-09-29 13:58:23 +0000
commitd0de9663e2df935ac75fc9949cff1e896c2257e9 (patch)
tree160f44996f9583cfda09e03b4b8922082ae1e423 /ares
parentd6dd848523c4887b894de388373a688a40fbd83c (diff)
Reject names that are longer than 255 characters, to avoid problems with strict or buggy DNS server implementations. (Patch from the Google tree)
Diffstat (limited to 'ares')
-rw-r--r--ares/ares_mkquery.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/ares/ares_mkquery.c b/ares/ares_mkquery.c
index 9c84446e7..919ddf3a0 100644
--- a/ares/ares_mkquery.c
+++ b/ares/ares_mkquery.c
@@ -108,6 +108,23 @@ int ares_mkquery(const char *name, int dnsclass, int type, unsigned short id,
if (*name && *(p - 1) != '.')
len++;
+ /* Immediately reject names that are longer than the maximum of 255
+ * bytes that's specified in RFC 1035 ("To simplify implementations,
+ * the total length of a domain name (i.e., label octets and label
+ * length octets) is restricted to 255 octets or less."). We aren't
+ * doing this just to be a stickler about RFCs. For names that are
+ * too long, 'dnscache' closes its TCP connection to us immediately
+ * (when using TCP) and ignores the request when using UDP, and
+ * BIND's named returns ServFail (TCP or UDP). Sending a request
+ * that we know will cause 'dnscache' to close the TCP connection is
+ * painful, since that makes any other outstanding requests on that
+ * connection fail. And sending a UDP request that we know
+ * 'dnscache' will ignore is bad because resources will be tied up
+ * until we time-out the request.
+ */
+ if (len > MAXCDNAME)
+ return ARES_EBADNAME;
+
*buflen = len + HFIXEDSZ + QFIXEDSZ;
*buf = malloc(*buflen);
if (!*buf)