Check name validity after unpackname() to check for bad names in questins and ptr/cname rdata

author: Adam <Adam@anope.org> 2015-06-29 08:48:08 -0400
committer: Adam <Adam@anope.org> 2015-06-29 08:48:08 -0400
commit: d563aa0da8f779505302b6c3d2b22b0b6e542cee (patch)
tree: bb8608949d7185525b7cbfe495fcbedd3ec17161
parent: 3e3312db259b3126e84ad2c1730c23c6f5ee8284 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/modules/m_dns.cpp b/modules/m_dns.cpp
index 8a2ed5fee..dfa2cc969 100644
--- a/modules/m_dns.cpp
+++ b/modules/m_dns.cpp
@@ -26,6 +26,11 @@ namespace
  */
 class Packet : public Query
 {
+	static bool IsValidName(const Anope::string &name)
+	{
+		return name.find_first_not_of("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.-") == Anope::string::npos;
+	}
+
 	void PackName(unsigned char *output, unsigned short output_size, unsigned short &pos, const Anope::string &name)
 	{
 		if (pos + name.length() + 2 > output_size)
@@ -116,6 +121,9 @@ class Packet : public Query
 		if (pos + 4 > input_size)
 			throw SocketException("Unable to unpack question");
 
+		if (!IsValidName(question.name))
+			throw SocketException("Invalid question name");
+
 		question.type = static_cast<QueryType>(input[pos] << 8 | input[pos + 1]);
 		pos += 2;
 
@@ -179,6 +187,10 @@ class Packet : public Query
 			case QUERY_PTR:
 			{
 				record.rdata = this->UnpackName(input, input_size, pos);
+
+				if (!IsValidName(record.rdata))
+					throw SocketException("Invalid cname/ptr record data");
+
 				break;
 			}
 			default:
author	Adam <Adam@anope.org>	2015-06-29 08:48:08 -0400
committer	Adam <Adam@anope.org>	2015-06-29 08:48:08 -0400
commit	d563aa0da8f779505302b6c3d2b22b0b6e542cee (patch)
tree	bb8608949d7185525b7cbfe495fcbedd3ec17161
parent	3e3312db259b3126e84ad2c1730c23c6f5ee8284 (diff)