Gitiles
Code Review Sign In
192.168.1.100 / R306 / 2dbc1526a2b84342aa5d5d2a0b7c25c960d13710 / . / ap / app / c-ares / src / ares_parse_naptr_reply.c
blob: a845df1c37a6bd1286303446da0146384ab419ed [file] [log] [blame]
yuezonghe824eb0c2024-06-27 02:32:26 -0700[diff] [blame]1
2/* Copyright 1998 by the Massachusetts Institute of Technology.
3 * Copyright (C) 2009 by Jakub Hrozek <jhrozek@redhat.com>
4 *
5 * Permission to use, copy, modify, and distribute this
6 * software and its documentation for any purpose and without
7 * fee is hereby granted, provided that the above copyright
8 * notice appear in all copies and that both that copyright
9 * notice and this permission notice appear in supporting
10 * documentation, and that the name of M.I.T. not be used in
11 * advertising or publicity pertaining to distribution of the
12 * software without specific, written prior permission.
13 * M.I.T. makes no representations about the suitability of
14 * this software for any purpose. It is provided "as is"
15 * without express or implied warranty.
16 */
17
18#include "ares_setup.h"
19
20#ifdef HAVE_NETINET_IN_H
21# include <netinet/in.h>
22#endif
23#ifdef HAVE_NETDB_H
24# include <netdb.h>
25#endif
26#ifdef HAVE_ARPA_INET_H
27# include <arpa/inet.h>
28#endif
29#ifdef HAVE_ARPA_NAMESER_H
30# include <arpa/nameser.h>
31#else
32# include "nameser.h"
33#endif
34#ifdef HAVE_ARPA_NAMESER_COMPAT_H
35# include <arpa/nameser_compat.h>
36#endif
37
38#include "ares.h"
39#include "ares_dns.h"
40#include "ares_data.h"
41#include "ares_private.h"
42
43/* AIX portability check */
44#ifndef T_NAPTR
45 #define T_NAPTR 35 /* naming authority pointer */
46#endif
47
48int
49ares_parse_naptr_reply (const unsigned char *abuf, int alen,
50 struct ares_naptr_reply **naptr_out)
51{
52 unsigned int qdcount, ancount, i;
53 const unsigned char *aptr, *vptr;
54 int status, rr_type, rr_class, rr_len;
55 long len;
56 char *hostname = NULL, *rr_name = NULL;
57 struct ares_naptr_reply *naptr_head = NULL;
58 struct ares_naptr_reply *naptr_last = NULL;
59 struct ares_naptr_reply *naptr_curr;
60
61 /* Set *naptr_out to NULL for all failure cases. */
62 *naptr_out = NULL;
63
64 /* Give up if abuf doesn't have room for a header. */
65 if (alen < HFIXEDSZ)
66 return ARES_EBADRESP;
67
68 /* Fetch the question and answer count from the header. */
69 qdcount = DNS_HEADER_QDCOUNT (abuf);
70 ancount = DNS_HEADER_ANCOUNT (abuf);
71 if (qdcount != 1)
72 return ARES_EBADRESP;
73 if (ancount == 0)
74 return ARES_ENODATA;
75
76 /* Expand the name from the question, and skip past the question. */
77 aptr = abuf + HFIXEDSZ;
78 status = ares_expand_name (aptr, abuf, alen, &hostname, &len);
79 if (status != ARES_SUCCESS)
80 return status;
81
82 if (aptr + len + QFIXEDSZ > abuf + alen)
83 {
84 ares_free (hostname);
85 return ARES_EBADRESP;
86 }
87 aptr += len + QFIXEDSZ;
88
89 /* Examine each answer resource record (RR) in turn. */
90 for (i = 0; i < ancount; i++)
91 {
92 /* Decode the RR up to the data field. */
93 status = ares_expand_name (aptr, abuf, alen, &rr_name, &len);
94 if (status != ARES_SUCCESS)
95 {
96 break;
97 }
98 aptr += len;
99 if (aptr + RRFIXEDSZ > abuf + alen)
100 {
101 status = ARES_EBADRESP;
102 break;
103 }
104 rr_type = DNS_RR_TYPE (aptr);
105 rr_class = DNS_RR_CLASS (aptr);
106 rr_len = DNS_RR_LEN (aptr);
107 aptr += RRFIXEDSZ;
108 if (aptr + rr_len > abuf + alen)
109 {
110 status = ARES_EBADRESP;
111 break;
112 }
113 /*CVE-2017-1000381 https://c-ares.haxx.se/CVE-2017-1000381.patch*/
114 /* RR must contain at least 7 bytes = 2 x int16 + 3 x name */
115 if (rr_len < 7)
116 {
117 status = ARES_EBADRESP;
118 break;
119 }
120 /* Check if we are really looking at a NAPTR record */
121 if (rr_class == C_IN && rr_type == T_NAPTR)
122 {
123 /* parse the NAPTR record itself */
124
125 /* Allocate storage for this NAPTR answer appending it to the list */
126 naptr_curr = ares_malloc_data(ARES_DATATYPE_NAPTR_REPLY);
127 if (!naptr_curr)
128 {
129 status = ARES_ENOMEM;
130 break;
131 }
132 if (naptr_last)
133 {
134 naptr_last->next = naptr_curr;
135 }
136 else
137 {
138 naptr_head = naptr_curr;
139 }
140 naptr_last = naptr_curr;
141
142 vptr = aptr;
143 naptr_curr->order = DNS__16BIT(vptr);
144 vptr += sizeof(unsigned short);
145 naptr_curr->preference = DNS__16BIT(vptr);
146 vptr += sizeof(unsigned short);
147
148 status = ares_expand_string(vptr, abuf, alen, &naptr_curr->flags, &len);
149 if (status != ARES_SUCCESS)
150 break;
151 vptr += len;
152
153 status = ares_expand_string(vptr, abuf, alen, &naptr_curr->service, &len);
154 if (status != ARES_SUCCESS)
155 break;
156 vptr += len;
157
158 status = ares_expand_string(vptr, abuf, alen, &naptr_curr->regexp, &len);
159 if (status != ARES_SUCCESS)
160 break;
161 vptr += len;
162
163 status = ares_expand_name(vptr, abuf, alen, &naptr_curr->replacement, &len);
164 if (status != ARES_SUCCESS)
165 break;
166 }
167
168 /* Don't lose memory in the next iteration */
169 ares_free (rr_name);
170 rr_name = NULL;
171
172 /* Move on to the next record */
173 aptr += rr_len;
174 }
175
176 if (hostname)
177 ares_free (hostname);
178 if (rr_name)
179 ares_free (rr_name);
180
181 /* clean up on error */
182 if (status != ARES_SUCCESS)
183 {
184 if (naptr_head)
185 ares_free_data (naptr_head);
186 return status;
187 }
188
189 /* everything looks fine, return the data */
190 *naptr_out = naptr_head;
191
192 return ARES_SUCCESS;
193}
194