From d563aa0da8f779505302b6c3d2b22b0b6e542cee Mon Sep 17 00:00:00 2001
From: Adam <Adam@anope.org>
Date: Mon, 29 Jun 2015 08:48:08 -0400
Subject: Check name validity after unpackname() to check for bad names in
 questins and ptr/cname rdata

---
 modules/m_dns.cpp | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'modules/m_dns.cpp')

diff --git a/modules/m_dns.cpp b/modules/m_dns.cpp
index 8a2ed5fee..dfa2cc969 100644
--- a/modules/m_dns.cpp
+++ b/modules/m_dns.cpp
@@ -26,6 +26,11 @@ namespace
  */
 class Packet : public Query
 {
+	static bool IsValidName(const Anope::string &name)
+	{
+		return name.find_first_not_of("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.-") == Anope::string::npos;
+	}
+
 	void PackName(unsigned char *output, unsigned short output_size, unsigned short &pos, const Anope::string &name)
 	{
 		if (pos + name.length() + 2 > output_size)
@@ -116,6 +121,9 @@ class Packet : public Query
 		if (pos + 4 > input_size)
 			throw SocketException("Unable to unpack question");
 
+		if (!IsValidName(question.name))
+			throw SocketException("Invalid question name");
+
 		question.type = static_cast<QueryType>(input[pos] << 8 | input[pos + 1]);
 		pos += 2;
 
@@ -179,6 +187,10 @@ class Packet : public Query
 			case QUERY_PTR:
 			{
 				record.rdata = this->UnpackName(input, input_size, pos);
+
+				if (!IsValidName(record.rdata))
+					throw SocketException("Invalid cname/ptr record data");
+
 				break;
 			}
 			default:
-- 
cgit