From 11fc8f8632d6bf6b71d8dcc505b3fab0d1abf714 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfaulet@haproxy.com>
Date: Fri, 28 Jan 2022 17:47:57 +0100
Subject: [PATCH] BUG/MEDIUM: resolvers: Really ignore trailing dot in domain
 names

When a string is converted to a domain name label, the trailing dot must be
ignored. In resolv_str_to_dn_label(), there is a test to do so. However, the
trailing dot is not really ignored. The character itself is not copied but
the string index is still moved to the next char. Thus, this trailing dot is
counted in the length of the last encoded part of the domain name. Worst,
because the copy is skipped, a garbage character is included in the domain
name.

This patch should fix the issue #1528. It must be backported as far as 2.0.

(cherry picked from commit 0a82cf4c1662b8ab00036f65b5e3543a9c1a6ff5)
Signed-off-by: William Lallemand <wlallemand@haproxy.org>
---
 src/resolvers.c |    4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/resolvers.c b/src/resolvers.c
index a583e28..62f901f 100644
--- a/src/resolvers.c
+++ b/src/resolvers.c
@@ -1749,10 +1749,8 @@ int resolv_str_to_dn_label(const char *str, int str_len, char *dn, int dn_len)
 				return -1;
 
 			/* ignore trailing dot */
-			if (i + 1 == str_len) {
-				i++;
+			if (i + 1 == str_len)
 				break;
-			}
 
 			dn[offset] = (i - offset);
 			offset = i+1;
-- 
1.7.10.4