1
2 /* Copyright 1998 by the Massachusetts Institute of Technology.
3 *
4 * Permission to use, copy, modify, and distribute this
5 * software and its documentation for any purpose and without
6 * fee is hereby granted, provided that the above copyright
7 * notice appear in all copies and that both that copyright
8 * notice and this permission notice appear in supporting
9 * documentation, and that the name of M.I.T. not be used in
10 * advertising or publicity pertaining to distribution of the
11 * software without specific, written prior permission.
12 * M.I.T. makes no representations about the suitability of
13 * this software for any purpose. It is provided "as is"
14 * without express or implied warranty.
15 */
16
17 #include "ares_setup.h"
18
19 #ifdef HAVE_SYS_SOCKET_H
20 # include <sys/socket.h>
21 #endif
22 #ifdef HAVE_NETINET_IN_H
23 # include <netinet/in.h>
24 #endif
25 #ifdef HAVE_ARPA_NAMESER_H
26 # include <arpa/nameser.h>
27 #else
28 # include "nameser.h"
29 #endif
30 #ifdef HAVE_ARPA_NAMESER_COMPAT_H
31 # include <arpa/nameser_compat.h>
32 #endif
33
34 #include <stdlib.h>
35 #include "ares.h"
36 #include "ares_private.h" /* for the memdebug */
37
38 static int name_length(const unsigned char *encoded, const unsigned char *abuf,
39 int alen);
40
41 /* Expand an RFC1035-encoded domain name given by encoded. The
42 * containing message is given by abuf and alen. The result given by
43 * *s, which is set to a NUL-terminated allocated buffer. *enclen is
44 * set to the length of the encoded name (not the length of the
45 * expanded name; the goal is to tell the caller how many bytes to
46 * move forward to get past the encoded name).
47 *
48 * In the simple case, an encoded name is a series of labels, each
49 * composed of a one-byte length (limited to values between 0 and 63
50 * inclusive) followed by the label contents. The name is terminated
51 * by a zero-length label.
52 *
53 * In the more complicated case, a label may be terminated by an
54 * indirection pointer, specified by two bytes with the high bits of
55 * the first byte (corresponding to INDIR_MASK) set to 11. With the
56 * two high bits of the first byte stripped off, the indirection
57 * pointer gives an offset from the beginning of the containing
58 * message with more labels to decode. Indirection can happen an
59 * arbitrary number of times, so we have to detect loops.
60 *
61 * Since the expanded name uses '.' as a label separator, we use
62 * backslashes to escape periods or backslashes in the expanded name.
63 */
64
ares_expand_name(const unsigned char * encoded,const unsigned char * abuf,int alen,char ** s,long * enclen)65 int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf,
66 int alen, char **s, long *enclen)
67 {
68 int len, indir = 0;
69 char *q;
70 const unsigned char *p;
71 union {
72 ssize_t sig;
73 size_t uns;
74 } nlen;
75
76 nlen.sig = name_length(encoded, abuf, alen);
77 if (nlen.sig < 0)
78 return ARES_EBADNAME;
79
80 *s = malloc(nlen.uns + 1);
81 if (!*s)
82 return ARES_ENOMEM;
83 q = *s;
84
85 if (nlen.uns == 0) {
86 /* RFC2181 says this should be ".": the root of the DNS tree.
87 * Since this function strips trailing dots though, it becomes ""
88 */
89 q[0] = '\0';
90
91 /* indirect root label (like 0xc0 0x0c) is 2 bytes long (stupid, but
92 valid) */
93 if ((*encoded & INDIR_MASK) == INDIR_MASK)
94 *enclen = 2;
95 else
96 *enclen = 1; /* the caller should move one byte to get past this */
97
98 return ARES_SUCCESS;
99 }
100
101 /* No error-checking necessary; it was all done by name_length(). */
102 p = encoded;
103 while (*p)
104 {
105 if ((*p & INDIR_MASK) == INDIR_MASK)
106 {
107 if (!indir)
108 {
109 *enclen = p + 2 - encoded;
110 indir = 1;
111 }
112 p = abuf + ((*p & ~INDIR_MASK) << 8 | *(p + 1));
113 }
114 else
115 {
116 len = *p;
117 p++;
118 while (len--)
119 {
120 if (*p == '.' || *p == '\\')
121 *q++ = '\\';
122 *q++ = *p;
123 p++;
124 }
125 *q++ = '.';
126 }
127 }
128 if (!indir)
129 *enclen = p + 1 - encoded;
130
131 /* Nuke the trailing period if we wrote one. */
132 if (q > *s)
133 *(q - 1) = 0;
134 else
135 *q = 0; /* zero terminate */
136
137 return ARES_SUCCESS;
138 }
139
140 /* Return the length of the expansion of an encoded domain name, or
141 * -1 if the encoding is invalid.
142 */
name_length(const unsigned char * encoded,const unsigned char * abuf,int alen)143 static int name_length(const unsigned char *encoded, const unsigned char *abuf,
144 int alen)
145 {
146 int n = 0, offset, indir = 0;
147
148 /* Allow the caller to pass us abuf + alen and have us check for it. */
149 if (encoded == abuf + alen)
150 return -1;
151
152 while (*encoded)
153 {
154 if ((*encoded & INDIR_MASK) == INDIR_MASK)
155 {
156 /* Check the offset and go there. */
157 if (encoded + 1 >= abuf + alen)
158 return -1;
159 offset = (*encoded & ~INDIR_MASK) << 8 | *(encoded + 1);
160 if (offset >= alen)
161 return -1;
162 encoded = abuf + offset;
163
164 /* If we've seen more indirects than the message length,
165 * then there's a loop.
166 */
167 if (++indir > alen)
168 return -1;
169 }
170 else
171 {
172 offset = *encoded;
173 if (encoded + offset + 1 >= abuf + alen)
174 return -1;
175 encoded++;
176 while (offset--)
177 {
178 n += (*encoded == '.' || *encoded == '\\') ? 2 : 1;
179 encoded++;
180 }
181 n++;
182 }
183 }
184
185 /* If there were any labels at all, then the number of dots is one
186 * less than the number of labels, so subtract one.
187 */
188 return (n) ? n - 1 : n;
189 }
190
191 /* Like ares_expand_name but returns EBADRESP in case of invalid input. */
ares__expand_name_for_response(const unsigned char * encoded,const unsigned char * abuf,int alen,char ** s,long * enclen)192 int ares__expand_name_for_response(const unsigned char *encoded,
193 const unsigned char *abuf, int alen,
194 char **s, long *enclen)
195 {
196 int status = ares_expand_name(encoded, abuf, alen, s, enclen);
197 if (status == ARES_EBADNAME)
198 status = ARES_EBADRESP;
199 return status;
200 }
201