Add validation of domain name

8 years ago · bf194fef75
3 changed files with 26 additions and 0 deletions
--- a/src/netutils.c
+++ b/src/netutils.c
@ -251,3 +251,21 @@ int sockaddr_cmp_addr(struct sockaddr_storage *addr1,
        return memcmp(addr1, addr2, len);
    }
 }
+
+int validate_domain_name(const char *hostname, const int len)
+{
+    int i;
+    for (i = 0; i < len; i++)
+    {
+        char c = hostname[i];
+
+        int is_hyphen = c == 0x2D;
+        int is_stop = c == 0x2E;
+        int is_digit = c >= 0x30 && c <= 0x39;
+        int is_letter = (c >= 0x41 && c <= 0x5A) || (c >= 0x61 && c <= 0x7A);
+
+        if (!is_hyphen && !is_stop && !is_digit && !is_letter)
+            return 0;
+    }
+    return 1;
+}
--- a/src/netutils.h
+++ b/src/netutils.h
@ -93,4 +93,6 @@ int sockaddr_cmp(struct sockaddr_storage *addr1,
 int sockaddr_cmp_addr(struct sockaddr_storage *addr1,
                      struct sockaddr_storage *addr2, socklen_t len);

+int validate_domain_name(const char *hostname, const int len);
+
 #endif
--- a/src/server.c
+++ b/src/server.c
@ -781,6 +781,12 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
                close_and_free_server(EV_A_ server);
                return;
            }
+            if (!validate_domain_name(host, name_len)) {
+                LOGE("invalid domain name");
+                report_addr(server->fd);
+                close_and_free_server(EV_A_ server);
+                return;
+            }
            struct cork_ip ip;
            if (cork_ip_init(&ip, host) != -1) {
                info.ai_socktype = SOCK_STREAM;