1/* $OpenBSD: res_comp.c,v 1.23 2023/03/15 22:12:00 millert Exp $ */ 2 3/* 4 * ++Copyright++ 1985, 1993 5 * - 6 * Copyright (c) 1985, 1993 7 * The Regents of the University of California. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * - 33 * Portions Copyright (c) 1993 by Digital Equipment Corporation. 34 * 35 * Permission to use, copy, modify, and distribute this software for any 36 * purpose with or without fee is hereby granted, provided that the above 37 * copyright notice and this permission notice appear in all copies, and that 38 * the name of Digital Equipment Corporation not be used in advertising or 39 * publicity pertaining to distribution of the document or software without 40 * specific, written prior permission. 41 * 42 * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL 43 * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES 44 * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT 45 * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 46 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 47 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS 48 * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS 49 * SOFTWARE. 50 * - 51 * --Copyright-- 52 */ 53 54#include <sys/types.h> 55#include <netinet/in.h> 56#include <arpa/nameser.h> 57 58#include <stdio.h> 59#include <resolv.h> 60#include <ctype.h> 61 62#include <unistd.h> 63#include <limits.h> 64#include <string.h> 65 66static int dn_find(u_char *, u_char *, u_char **, u_char **); 67 68/* 69 * Expand compressed domain name 'comp_dn' to full domain name. 70 * 'msg' is a pointer to the beginning of the message, 71 * 'eomorig' points to the first location after the message, 72 * 'exp_dn' is a pointer to a buffer of size 'length' for the result. 73 * Return size of compressed name or -1 if there was an error. 74 */ 75int 76dn_expand(const u_char *msg, const u_char *eomorig, const u_char *comp_dn, 77 char *exp_dn, int length) 78{ 79 const u_char *cp; 80 char *dn; 81 int n, c; 82 char *eom; 83 int len = -1, checked = 0; 84 85 if (comp_dn < msg || comp_dn >= eomorig) 86 return (-1); 87 88 dn = exp_dn; 89 cp = comp_dn; 90 if (length > HOST_NAME_MAX) 91 length = HOST_NAME_MAX; 92 eom = exp_dn + length; 93 /* 94 * fetch next label in domain name 95 */ 96 while ((n = *cp++)) { 97 if (cp >= eomorig) /* out of range */ 98 return (-1); 99 100 /* 101 * Check for indirection 102 */ 103 switch (n & INDIR_MASK) { 104 case 0: 105 if (dn != exp_dn) { 106 if (dn >= eom) 107 return (-1); 108 *dn++ = '.'; 109 } 110 if (dn+n >= eom) 111 return (-1); 112 checked += n + 1; 113 while (--n >= 0) { 114 if (((c = *cp++) == '.') || (c == '\\')) { 115 if (dn + n + 2 >= eom) 116 return (-1); 117 *dn++ = '\\'; 118 } 119 *dn++ = c; 120 if (cp >= eomorig) /* out of range */ 121 return (-1); 122 } 123 break; 124 125 case INDIR_MASK: 126 if (len < 0) 127 len = cp - comp_dn + 1; 128 cp = msg + (((n & 0x3f) << 8) | (*cp & 0xff)); 129 if (cp < msg || cp >= eomorig) /* out of range */ 130 return (-1); 131 checked += 2; 132 /* 133 * Check for loops in the compressed name; 134 * if we've looked at the whole message, 135 * there must be a loop. 136 */ 137 if (checked >= eomorig - msg) 138 return (-1); 139 break; 140 141 default: 142 return (-1); /* flag error */ 143 } 144 } 145 *dn = '\0'; 146 if (len < 0) 147 len = cp - comp_dn; 148 return (len); 149} 150DEF_WEAK(dn_expand); 151 152/* 153 * Compress domain name 'exp_dn' into 'comp_dn'. 154 * Return the size of the compressed name or -1. 155 * 'length' is the size of the array pointed to by 'comp_dn'. 156 * 'dnptrs' is a list of pointers to previous compressed names. dnptrs[0] 157 * is a pointer to the beginning of the message. The list ends with NULL. 158 * 'lastdnptr' is a pointer to the end of the array pointed to 159 * by 'dnptrs'. Side effect is to update the list of pointers for 160 * labels inserted into the message as we compress the name. 161 * If 'dnptr' is NULL, we don't try to compress names. If 'lastdnptr' 162 * is NULL, we don't update the list. 163 */ 164int 165dn_comp(const char *exp_dn, u_char *comp_dn, int length, u_char **dnptrs, 166 u_char **lastdnptr) 167{ 168 u_char *cp, *dn; 169 int c, l; 170 u_char **cpp, **lpp, *sp, *eob; 171 u_char *msg; 172 173 dn = (u_char *)exp_dn; 174 cp = comp_dn; 175 eob = cp + length; 176 lpp = cpp = NULL; 177 if (dnptrs != NULL) { 178 if ((msg = *dnptrs++) != NULL) { 179 for (cpp = dnptrs; *cpp != NULL; cpp++) 180 ; 181 lpp = cpp; /* end of list to search */ 182 } 183 } else 184 msg = NULL; 185 for (c = *dn++; c != '\0'; ) { 186 /* look to see if we can use pointers */ 187 if (msg != NULL) { 188 if ((l = dn_find(dn-1, msg, dnptrs, lpp)) >= 0) { 189 if (cp+1 >= eob) 190 return (-1); 191 *cp++ = (l >> 8) | INDIR_MASK; 192 *cp++ = l % 256; 193 return (cp - comp_dn); 194 } 195 /* not found, save it */ 196 if (lastdnptr != NULL && cpp < lastdnptr-1) { 197 *cpp++ = cp; 198 *cpp = NULL; 199 } 200 } 201 sp = cp++; /* save ptr to length byte */ 202 do { 203 if (c == '.') { 204 c = *dn++; 205 break; 206 } 207 if (c == '\\') { 208 if ((c = *dn++) == '\0') 209 break; 210 } 211 if (cp >= eob) { 212 if (msg != NULL) 213 *lpp = NULL; 214 return (-1); 215 } 216 *cp++ = c; 217 } while ((c = *dn++) != '\0'); 218 /* catch trailing '.'s but not '..' */ 219 if ((l = cp - sp - 1) == 0 && c == '\0') { 220 cp--; 221 break; 222 } 223 if (l <= 0 || l > MAXLABEL) { 224 if (msg != NULL) 225 *lpp = NULL; 226 return (-1); 227 } 228 *sp = l; 229 } 230 if (cp >= eob) { 231 if (msg != NULL) 232 *lpp = NULL; 233 return (-1); 234 } 235 *cp++ = '\0'; 236 return (cp - comp_dn); 237} 238 239/* 240 * Skip over a compressed domain name. Return the size or -1. 241 */ 242int 243__dn_skipname(const u_char *comp_dn, const u_char *eom) 244{ 245 const u_char *cp; 246 int n; 247 248 cp = comp_dn; 249 while (cp < eom && (n = *cp++)) { 250 /* 251 * check for indirection 252 */ 253 switch (n & INDIR_MASK) { 254 case 0: /* normal case, n == len */ 255 cp += n; 256 continue; 257 case INDIR_MASK: /* indirection */ 258 cp++; 259 break; 260 default: /* illegal type */ 261 return (-1); 262 } 263 break; 264 } 265 if (cp > eom) 266 return (-1); 267 return (cp - comp_dn); 268} 269 270/* 271 * Search for expanded name from a list of previously compressed names. 272 * Return the offset from msg if found or -1. 273 * dnptrs is the pointer to the first name on the list, 274 * not the pointer to the start of the message. 275 */ 276static int 277dn_find(u_char *exp_dn, u_char *msg, u_char **dnptrs, u_char **lastdnptr) 278{ 279 u_char *dn, *cp, **cpp; 280 int n; 281 u_char *sp; 282 283 for (cpp = dnptrs; cpp < lastdnptr; cpp++) { 284 dn = exp_dn; 285 sp = cp = *cpp; 286 while ((n = *cp++)) { 287 /* 288 * check for indirection 289 */ 290 switch (n & INDIR_MASK) { 291 case 0: /* normal case, n == len */ 292 while (--n >= 0) { 293 if (*dn == '.') 294 goto next; 295 if (*dn == '\\') 296 dn++; 297 if (tolower((unsigned char)*dn++) != 298 tolower((unsigned char)*cp++)) 299 goto next; 300 } 301 if ((n = *dn++) == '\0' && *cp == '\0') 302 return (sp - msg); 303 if (n == '.') 304 continue; 305 goto next; 306 307 case INDIR_MASK: /* indirection */ 308 cp = msg + (((n & 0x3f) << 8) | *cp); 309 break; 310 311 default: /* illegal type */ 312 return (-1); 313 } 314 } 315 if (*dn == '\0') 316 return (sp - msg); 317 next: ; 318 } 319 return (-1); 320} 321 322/* 323 * Verify that a domain name uses an acceptable character set. 324 */ 325 326/* 327 * Note the conspicuous absence of ctype macros in these definitions. On 328 * non-ASCII hosts, we can't depend on string literals or ctype macros to 329 * tell us anything about network-format data. The rest of the BIND system 330 * is not careful about this, but for some reason, we're doing it right here. 331 */ 332#define PERIOD 0x2e 333#define hyphenchar(c) ((c) == 0x2d) 334#define bslashchar(c) ((c) == 0x5c) 335#define underscorechar(c) ((c) == 0x5f) 336#define periodchar(c) ((c) == PERIOD) 337#define asterchar(c) ((c) == 0x2a) 338#define alphachar(c) (((c) >= 0x41 && (c) <= 0x5a) \ 339 || ((c) >= 0x61 && (c) <= 0x7a)) 340#define digitchar(c) ((c) >= 0x30 && (c) <= 0x39) 341 342#define borderchar(c) (alphachar(c) || digitchar(c)) 343#define middlechar(c) (borderchar(c) || hyphenchar(c) || underscorechar(c)) 344#define domainchar(c) ((c) > 0x20 && (c) < 0x7f) 345 346int 347__res_hnok(const char *dn) 348{ 349 int pch = PERIOD, ch = *dn++; 350 351 while (ch != '\0') { 352 int nch = *dn++; 353 354 if (periodchar(ch)) { 355 ; 356 } else if (periodchar(pch)) { 357 if (!borderchar(ch)) 358 return (0); 359 } else if (periodchar(nch) || nch == '\0') { 360 if (!borderchar(ch)) 361 return (0); 362 } else { 363 if (!middlechar(ch)) 364 return (0); 365 } 366 pch = ch, ch = nch; 367 } 368 return (1); 369} 370DEF_STRONG(__res_hnok); 371 372/* 373 * hostname-like (A, MX, WKS) owners can have "*" as their first label 374 * but must otherwise be as a host name. 375 */ 376int 377res_ownok(const char *dn) 378{ 379 if (asterchar(dn[0])) { 380 if (periodchar(dn[1])) 381 return (res_hnok(dn+2)); 382 if (dn[1] == '\0') 383 return (1); 384 } 385 return (res_hnok(dn)); 386} 387 388/* 389 * SOA RNAMEs and RP RNAMEs can have any printable character in their first 390 * label, but the rest of the name has to look like a host name. 391 */ 392int 393res_mailok(const char *dn) 394{ 395 int ch, escaped = 0; 396 397 /* "." is a valid missing representation */ 398 if (*dn == '\0') 399 return(1); 400 401 /* otherwise <label>.<hostname> */ 402 while ((ch = *dn++) != '\0') { 403 if (!domainchar(ch)) 404 return (0); 405 if (!escaped && periodchar(ch)) 406 break; 407 if (escaped) 408 escaped = 0; 409 else if (bslashchar(ch)) 410 escaped = 1; 411 } 412 if (periodchar(ch)) 413 return (res_hnok(dn)); 414 return(0); 415} 416 417/* 418 * This function is quite liberal, since RFC 1034's character sets are only 419 * recommendations. 420 */ 421int 422res_dnok(const char *dn) 423{ 424 int ch; 425 426 while ((ch = *dn++) != '\0') 427 if (!domainchar(ch)) 428 return (0); 429 return (1); 430} 431 432/* 433 * Routines to insert/extract short/long's. 434 */ 435 436u_int16_t 437_getshort(const u_char *msgp) 438{ 439 u_int16_t u; 440 441 GETSHORT(u, msgp); 442 return (u); 443} 444DEF_STRONG(_getshort); 445 446u_int32_t 447_getlong(const u_char *msgp) 448{ 449 u_int32_t u; 450 451 GETLONG(u, msgp); 452 return (u); 453} 454DEF_STRONG(_getlong); 455 456void 457__putshort(u_int16_t s, u_char *msgp) 458{ 459 PUTSHORT(s, msgp); 460} 461 462void 463__putlong(u_int32_t l, u_char *msgp) 464{ 465 PUTLONG(l, msgp); 466} 467