From bf194fef750abdf0119974cf4ee7f908bc687a12 Mon Sep 17 00:00:00 2001 From: Max Lv Date: Wed, 31 Aug 2016 09:45:47 +0800 Subject: [PATCH] Add validation of domain name --- src/netutils.c | 18 ++++++++++++++++++ src/netutils.h | 2 ++ src/server.c | 6 ++++++ 3 files changed, 26 insertions(+) diff --git a/src/netutils.c b/src/netutils.c index 58dbae6b..bd4fbe68 100644 --- a/src/netutils.c +++ b/src/netutils.c @@ -251,3 +251,21 @@ int sockaddr_cmp_addr(struct sockaddr_storage *addr1, return memcmp(addr1, addr2, len); } } + +int validate_domain_name(const char *hostname, const int len) +{ + int i; + for (i = 0; i < len; i++) + { + char c = hostname[i]; + + int is_hyphen = c == 0x2D; + int is_stop = c == 0x2E; + int is_digit = c >= 0x30 && c <= 0x39; + int is_letter = (c >= 0x41 && c <= 0x5A) || (c >= 0x61 && c <= 0x7A); + + if (!is_hyphen && !is_stop && !is_digit && !is_letter) + return 0; + } + return 1; +} diff --git a/src/netutils.h b/src/netutils.h index a0b47fc1..aed08781 100644 --- a/src/netutils.h +++ b/src/netutils.h @@ -93,4 +93,6 @@ int sockaddr_cmp(struct sockaddr_storage *addr1, int sockaddr_cmp_addr(struct sockaddr_storage *addr1, struct sockaddr_storage *addr2, socklen_t len); +int validate_domain_name(const char *hostname, const int len); + #endif diff --git a/src/server.c b/src/server.c index bf5b4c36..f4cf53df 100644 --- a/src/server.c +++ b/src/server.c @@ -781,6 +781,12 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents) close_and_free_server(EV_A_ server); return; } + if (!validate_domain_name(host, name_len)) { + LOGE("invalid domain name"); + report_addr(server->fd); + close_and_free_server(EV_A_ server); + return; + } struct cork_ip ip; if (cork_ip_init(&ip, host) != -1) { info.ai_socktype = SOCK_STREAM;