From 0bf6947f328cfddf320fe81d6c6df94990dad8ad Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Thu, 14 Oct 2021 07:49:49 +0200 Subject: [PATCH] MINOR: resolvers: fix the resolv_str_to_dn_label() API about trailing zero This function is bogus at the API level: it demands that the input string is zero-terminated *and* that its length *including* the trailing zero is passed on input. While that already looks smelly, the trailing zero is copied as-is, and is then explicitly replaced with a zero... Not only all callers have to pass hostname_len+1 everywhere to work around this absurdity, but this requirement causes a bug in the do-resolve() action that passes random string lengths on input, and that will be fixed on a subsequent patch. Let's fix this API issue for now. This patch will have to be backported, and in versions 2.3 and older, the function is in dns.c and is called dns_str_to_dn_label(). (cherry picked from commit bf9498a31beb41078ebf257c54b7acb879bcb98b) Signed-off-by: Willy Tarreau (cherry picked from commit c1c765f27d2a31f90ffe233d218282aa16d52e7c) Signed-off-by: Christopher Faulet --- src/dns.c | 19 ++++++++++--------- src/server.c | 4 ++-- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/src/dns.c b/src/dns.c index 2c44c50..eaec333 100644 --- a/src/dns.c +++ b/src/dns.c @@ -181,7 +181,7 @@ struct dns_srvrq *new_dns_srvrq(struct server *srv, char *fqdn) int fqdn_len, hostname_dn_len; fqdn_len = strlen(fqdn); - hostname_dn_len = dns_str_to_dn_label(fqdn, fqdn_len + 1, trash.area, + hostname_dn_len = dns_str_to_dn_label(fqdn, fqdn_len, trash.area, trash.size); if (hostname_dn_len == -1) { ha_alert("config : %s '%s', server '%s': failed to parse FQDN '%s'\n", @@ -1713,18 +1713,19 @@ int dns_dn_label_to_str(const char *dn, int dn_len, char *str, int str_len) /* Turns a string into domain name label: www.haproxy.org into 3www7haproxy3org * - * must be a null-terminated string. must include the - * terminating null byte. buffer must be allocated and its size must be - * passed in . + * contains the input string that is bytes long (trailing zero + * not needed). buffer must be allocated large enough to contain the + * encoded string and a trailing zero, so it must be at least str_len+2, and + * this allocated buffer size must be passed in . * - * In case of error, -1 is returned, otherwise, the number of bytes copied in + * In case of error, -1 is returned, otherwise, the number of bytes copied in * (excluding the terminating null byte). */ int dns_str_to_dn_label(const char *str, int str_len, char *dn, int dn_len) { int i, offset; - if (dn_len < str_len + 1) + if (dn_len < str_len + 2) return -1; /* First byte of dn will be used to store the length of the first @@ -1737,7 +1738,7 @@ int dns_str_to_dn_label(const char *str, int str_len, char *dn, int dn_len) return -1; /* ignore trailing dot */ - if (i + 2 == str_len) { + if (i + 1 == str_len) { i++; break; } @@ -1748,7 +1749,7 @@ int dns_str_to_dn_label(const char *str, int str_len, char *dn, int dn_len) } dn[i+1] = str[i]; } - dn[offset] = (i - offset - 1); + dn[offset] = (i - offset); dn[i] = '\0'; return i; } @@ -2897,7 +2898,7 @@ static int action_prepare_for_resolution(struct stream *stream, const char *host hostname_len = strlen(hostname); hostname_dn = tmp->area; - hostname_dn_len = dns_str_to_dn_label(hostname, hostname_len + 1, + hostname_dn_len = dns_str_to_dn_label(hostname, hostname_len, hostname_dn, tmp->size); if (hostname_dn_len == -1) goto err; diff --git a/src/server.c b/src/server.c index 7cd0821..a70c096 100644 --- a/src/server.c +++ b/src/server.c @@ -1579,7 +1579,7 @@ static int srv_prepare_for_resolution(struct server *srv, const char *hostname) hostname_len = strlen(hostname); hostname_dn = trash.area; - hostname_dn_len = dns_str_to_dn_label(hostname, hostname_len + 1, + hostname_dn_len = dns_str_to_dn_label(hostname, hostname_len, hostname_dn, trash.size); if (hostname_dn_len == -1) goto err; @@ -4154,7 +4154,7 @@ int srv_set_fqdn(struct server *srv, const char *hostname, int dns_locked) chunk_reset(&trash); hostname_len = strlen(hostname); hostname_dn = trash.area; - hostname_dn_len = dns_str_to_dn_label(hostname, hostname_len + 1, + hostname_dn_len = dns_str_to_dn_label(hostname, hostname_len, hostname_dn, trash.size); if (hostname_dn_len == -1) goto err; -- 1.7.10.4