ceph/src/c-ares/ares_expand_name.c

   1
   2 /* Copyright 1998, 2011 by the Massachusetts Institute of Technology.
   3  *
   4  * Permission to use, copy, modify, and distribute this
   5  * software and its documentation for any purpose and without
   6  * fee is hereby granted, provided that the above copyright
   7  * notice appear in all copies and that both that copyright
   8  * notice and this permission notice appear in supporting
   9  * documentation, and that the name of M.I.T. not be used in
  10  * advertising or publicity pertaining to distribution of the
  11  * software without specific, written prior permission.
  12  * M.I.T. makes no representations about the suitability of
  13  * this software for any purpose.  It is provided "as is"
  14  * without express or implied warranty.
  15  */
  16
  17 #include "ares_setup.h"
  18
  19 #ifdef HAVE_NETINET_IN_H
  20 #  include <netinet/in.h>
  21 #endif
  22 #ifdef HAVE_ARPA_NAMESER_H
  23 #  include <arpa/nameser.h>
  24 #else
  25 #  include "nameser.h"
  26 #endif
  27 #ifdef HAVE_ARPA_NAMESER_COMPAT_H
  28 #  include <arpa/nameser_compat.h>
  29 #endif
  30
  31 #include "ares.h"
  32 #include "ares_nowarn.h"
  33 #include "ares_private.h" /* for the memdebug */
  34
  35 static int name_length(const unsigned char *encoded, const unsigned char *abuf,
  36                        int alen);
  37
  38 /* Expand an RFC1035-encoded domain name given by encoded.  The
  39  * containing message is given by abuf and alen.  The result given by
  40  * *s, which is set to a NUL-terminated allocated buffer.  *enclen is
  41  * set to the length of the encoded name (not the length of the
  42  * expanded name; the goal is to tell the caller how many bytes to
  43  * move forward to get past the encoded name).
  44  *
  45  * In the simple case, an encoded name is a series of labels, each
  46  * composed of a one-byte length (limited to values between 0 and 63
  47  * inclusive) followed by the label contents.  The name is terminated
  48  * by a zero-length label.
  49  *
  50  * In the more complicated case, a label may be terminated by an
  51  * indirection pointer, specified by two bytes with the high bits of
  52  * the first byte (corresponding to INDIR_MASK) set to 11.  With the
  53  * two high bits of the first byte stripped off, the indirection
  54  * pointer gives an offset from the beginning of the containing
  55  * message with more labels to decode.  Indirection can happen an
  56  * arbitrary number of times, so we have to detect loops.
  57  *
  58  * Since the expanded name uses '.' as a label separator, we use
  59  * backslashes to escape periods or backslashes in the expanded name.
  60  */
  61
  62 int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf,
  63                      int alen, char **s, long *enclen)
  64 {
  65   int len, indir = 0;
  66   char *q;
  67   const unsigned char *p;
  68   union {
  69     ssize_t sig;
  70      size_t uns;
  71   } nlen;
  72
  73   nlen.sig = name_length(encoded, abuf, alen);
  74   if (nlen.sig < 0)
  75     return ARES_EBADNAME;
  76
  77   *s = ares_malloc(nlen.uns + 1);
  78   if (!*s)
  79     return ARES_ENOMEM;
  80   q = *s;
  81
  82   if (nlen.uns == 0) {
  83     /* RFC2181 says this should be ".": the root of the DNS tree.
  84      * Since this function strips trailing dots though, it becomes ""
  85      */
  86     q[0] = '\0';
  87
  88     /* indirect root label (like 0xc0 0x0c) is 2 bytes long (stupid, but
  89        valid) */
  90     if ((*encoded & INDIR_MASK) == INDIR_MASK)
  91       *enclen = 2L;
  92     else
  93       *enclen = 1L;  /* the caller should move one byte to get past this */
  94
  95     return ARES_SUCCESS;
  96   }
  97
  98   /* No error-checking necessary; it was all done by name_length(). */
  99   p = encoded;
 100   while (*p)
 101     {
 102       if ((*p & INDIR_MASK) == INDIR_MASK)
 103         {
 104           if (!indir)
 105             {
 106               *enclen = aresx_uztosl(p + 2U - encoded);
 107               indir = 1;
 108             }
 109           p = abuf + ((*p & ~INDIR_MASK) << 8 | *(p + 1));
 110         }
 111       else
 112         {
 113           len = *p;
 114           p++;
 115           while (len--)
 116             {
 117               if (*p == '.' || *p == '\\')
 118                 *q++ = '\\';
 119               *q++ = *p;
 120               p++;
 121             }
 122           *q++ = '.';
 123         }
 124     }
 125   if (!indir)
 126     *enclen = aresx_uztosl(p + 1U - encoded);
 127
 128   /* Nuke the trailing period if we wrote one. */
 129   if (q > *s)
 130     *(q - 1) = 0;
 131   else
 132     *q = 0; /* zero terminate; LCOV_EXCL_LINE: empty names exit above */
 133
 134   return ARES_SUCCESS;
 135 }
 136
 137 /* Return the length of the expansion of an encoded domain name, or
 138  * -1 if the encoding is invalid.
 139  */
 140 static int name_length(const unsigned char *encoded, const unsigned char *abuf,
 141                        int alen)
 142 {
 143   int n = 0, offset, indir = 0, top;
 144
 145   /* Allow the caller to pass us abuf + alen and have us check for it. */
 146   if (encoded >= abuf + alen)
 147     return -1;
 148
 149   while (*encoded)
 150     {
 151       top = (*encoded & INDIR_MASK);
 152       if (top == INDIR_MASK)
 153         {
 154           /* Check the offset and go there. */
 155           if (encoded + 1 >= abuf + alen)
 156             return -1;
 157           offset = (*encoded & ~INDIR_MASK) << 8 | *(encoded + 1);
 158           if (offset >= alen)
 159             return -1;
 160           encoded = abuf + offset;
 161
 162           /* If we've seen more indirects than the message length,
 163            * then there's a loop.
 164            */
 165           if (++indir > alen)
 166             return -1;
 167         }
 168       else if (top == 0x00)
 169         {
 170           offset = *encoded;
 171           if (encoded + offset + 1 >= abuf + alen)
 172             return -1;
 173           encoded++;
 174           while (offset--)
 175             {
 176               n += (*encoded == '.' || *encoded == '\\') ? 2 : 1;
 177               encoded++;
 178             }
 179           n++;
 180         }
 181       else
 182         {
 183           /* RFC 1035 4.1.4 says other options (01, 10) for top 2
 184            * bits are reserved.
 185            */
 186           return -1;
 187         }
 188     }
 189
 190   /* If there were any labels at all, then the number of dots is one
 191    * less than the number of labels, so subtract one.
 192    */
 193   return (n) ? n - 1 : n;
 194 }
 195
 196 /* Like ares_expand_name but returns EBADRESP in case of invalid input. */
 197 int ares__expand_name_for_response(const unsigned char *encoded,
 198                                    const unsigned char *abuf, int alen,
 199                                    char **s, long *enclen)
 200 {
 201   int status = ares_expand_name(encoded, abuf, alen, s, enclen);
 202   if (status == ARES_EBADNAME)
 203     status = ARES_EBADRESP;
 204   return status;
 205 }