1 
2 /* Copyright 1998 by the Massachusetts Institute of Technology.
3  *
4  * Permission to use, copy, modify, and distribute this
5  * software and its documentation for any purpose and without
6  * fee is hereby granted, provided that the above copyright
7  * notice appear in all copies and that both that copyright
8  * notice and this permission notice appear in supporting
9  * documentation, and that the name of M.I.T. not be used in
10  * advertising or publicity pertaining to distribution of the
11  * software without specific, written prior permission.
12  * M.I.T. makes no representations about the suitability of
13  * this software for any purpose.  It is provided "as is"
14  * without express or implied warranty.
15  */
16 
17 #include "ares_setup.h"
18 
19 #ifdef HAVE_SYS_SOCKET_H
20 #  include <sys/socket.h>
21 #endif
22 #ifdef HAVE_NETINET_IN_H
23 #  include <netinet/in.h>
24 #endif
25 #ifdef HAVE_ARPA_NAMESER_H
26 #  include <arpa/nameser.h>
27 #else
28 #  include "nameser.h"
29 #endif
30 #ifdef HAVE_ARPA_NAMESER_COMPAT_H
31 #  include <arpa/nameser_compat.h>
32 #endif
33 
34 #include <stdlib.h>
35 #include "ares.h"
36 #include "ares_private.h" /* for the memdebug */
37 
38 static int name_length(const unsigned char *encoded, const unsigned char *abuf,
39                        int alen);
40 
41 /* Expand an RFC1035-encoded domain name given by encoded.  The
42  * containing message is given by abuf and alen.  The result given by
43  * *s, which is set to a NUL-terminated allocated buffer.  *enclen is
44  * set to the length of the encoded name (not the length of the
45  * expanded name; the goal is to tell the caller how many bytes to
46  * move forward to get past the encoded name).
47  *
48  * In the simple case, an encoded name is a series of labels, each
49  * composed of a one-byte length (limited to values between 0 and 63
50  * inclusive) followed by the label contents.  The name is terminated
51  * by a zero-length label.
52  *
53  * In the more complicated case, a label may be terminated by an
54  * indirection pointer, specified by two bytes with the high bits of
55  * the first byte (corresponding to INDIR_MASK) set to 11.  With the
56  * two high bits of the first byte stripped off, the indirection
57  * pointer gives an offset from the beginning of the containing
58  * message with more labels to decode.  Indirection can happen an
59  * arbitrary number of times, so we have to detect loops.
60  *
61  * Since the expanded name uses '.' as a label separator, we use
62  * backslashes to escape periods or backslashes in the expanded name.
63  */
64 
ares_expand_name(const unsigned char * encoded,const unsigned char * abuf,int alen,char ** s,long * enclen)65 int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf,
66                      int alen, char **s, long *enclen)
67 {
68   int len, indir = 0;
69   char *q;
70   const unsigned char *p;
71   union {
72     ssize_t sig;
73      size_t uns;
74   } nlen;
75 
76   nlen.sig = name_length(encoded, abuf, alen);
77   if (nlen.sig < 0)
78     return ARES_EBADNAME;
79 
80   *s = malloc(nlen.uns + 1);
81   if (!*s)
82     return ARES_ENOMEM;
83   q = *s;
84 
85   if (nlen.uns == 0) {
86     /* RFC2181 says this should be ".": the root of the DNS tree.
87      * Since this function strips trailing dots though, it becomes ""
88      */
89     q[0] = '\0';
90 
91     /* indirect root label (like 0xc0 0x0c) is 2 bytes long (stupid, but
92        valid) */
93     if ((*encoded & INDIR_MASK) == INDIR_MASK)
94       *enclen = 2;
95     else
96       *enclen = 1;  /* the caller should move one byte to get past this */
97 
98     return ARES_SUCCESS;
99   }
100 
101   /* No error-checking necessary; it was all done by name_length(). */
102   p = encoded;
103   while (*p)
104     {
105       if ((*p & INDIR_MASK) == INDIR_MASK)
106         {
107           if (!indir)
108             {
109               *enclen = p + 2 - encoded;
110               indir = 1;
111             }
112           p = abuf + ((*p & ~INDIR_MASK) << 8 | *(p + 1));
113         }
114       else
115         {
116           len = *p;
117           p++;
118           while (len--)
119             {
120               if (*p == '.' || *p == '\\')
121                 *q++ = '\\';
122               *q++ = *p;
123               p++;
124             }
125           *q++ = '.';
126         }
127     }
128   if (!indir)
129     *enclen = p + 1 - encoded;
130 
131   /* Nuke the trailing period if we wrote one. */
132   if (q > *s)
133     *(q - 1) = 0;
134   else
135     *q = 0; /* zero terminate */
136 
137   return ARES_SUCCESS;
138 }
139 
140 /* Return the length of the expansion of an encoded domain name, or
141  * -1 if the encoding is invalid.
142  */
name_length(const unsigned char * encoded,const unsigned char * abuf,int alen)143 static int name_length(const unsigned char *encoded, const unsigned char *abuf,
144                        int alen)
145 {
146   int n = 0, offset, indir = 0;
147 
148   /* Allow the caller to pass us abuf + alen and have us check for it. */
149   if (encoded == abuf + alen)
150     return -1;
151 
152   while (*encoded)
153     {
154       if ((*encoded & INDIR_MASK) == INDIR_MASK)
155         {
156           /* Check the offset and go there. */
157           if (encoded + 1 >= abuf + alen)
158             return -1;
159           offset = (*encoded & ~INDIR_MASK) << 8 | *(encoded + 1);
160           if (offset >= alen)
161             return -1;
162           encoded = abuf + offset;
163 
164           /* If we've seen more indirects than the message length,
165            * then there's a loop.
166            */
167           if (++indir > alen)
168             return -1;
169         }
170       else
171         {
172           offset = *encoded;
173           if (encoded + offset + 1 >= abuf + alen)
174             return -1;
175           encoded++;
176           while (offset--)
177             {
178               n += (*encoded == '.' || *encoded == '\\') ? 2 : 1;
179               encoded++;
180             }
181           n++;
182         }
183     }
184 
185   /* If there were any labels at all, then the number of dots is one
186    * less than the number of labels, so subtract one.
187    */
188   return (n) ? n - 1 : n;
189 }
190 
191 /* Like ares_expand_name but returns EBADRESP in case of invalid input. */
ares__expand_name_for_response(const unsigned char * encoded,const unsigned char * abuf,int alen,char ** s,long * enclen)192 int ares__expand_name_for_response(const unsigned char *encoded,
193                                    const unsigned char *abuf, int alen,
194                                    char **s, long *enclen)
195 {
196   int status = ares_expand_name(encoded, abuf, alen, s, enclen);
197   if (status == ARES_EBADNAME)
198     status = ARES_EBADRESP;
199   return status;
200 }
201