1/*	$OpenBSD: res_comp.c,v 1.23 2023/03/15 22:12:00 millert Exp $	*/
2
3/*
4 * ++Copyright++ 1985, 1993
5 * -
6 * Copyright (c) 1985, 1993
7 *    The Regents of the University of California.  All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 *    notice, this list of conditions and the following disclaimer in the
16 *    documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the University nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 * -
33 * Portions Copyright (c) 1993 by Digital Equipment Corporation.
34 *
35 * Permission to use, copy, modify, and distribute this software for any
36 * purpose with or without fee is hereby granted, provided that the above
37 * copyright notice and this permission notice appear in all copies, and that
38 * the name of Digital Equipment Corporation not be used in advertising or
39 * publicity pertaining to distribution of the document or software without
40 * specific, written prior permission.
41 *
42 * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
43 * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
44 * OF MERCHANTABILITY AND FITNESS.   IN NO EVENT SHALL DIGITAL EQUIPMENT
45 * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
46 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
47 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
48 * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
49 * SOFTWARE.
50 * -
51 * --Copyright--
52 */
53
54#include <sys/types.h>
55#include <netinet/in.h>
56#include <arpa/nameser.h>
57
58#include <stdio.h>
59#include <resolv.h>
60#include <ctype.h>
61
62#include <unistd.h>
63#include <limits.h>
64#include <string.h>
65
66static int dn_find(u_char *, u_char *, u_char **, u_char **);
67
68/*
69 * Expand compressed domain name 'comp_dn' to full domain name.
70 * 'msg' is a pointer to the beginning of the message,
71 * 'eomorig' points to the first location after the message,
72 * 'exp_dn' is a pointer to a buffer of size 'length' for the result.
73 * Return size of compressed name or -1 if there was an error.
74 */
75int
76dn_expand(const u_char *msg, const u_char *eomorig, const u_char *comp_dn,
77    char *exp_dn, int length)
78{
79	const u_char *cp;
80	char *dn;
81	int n, c;
82	char *eom;
83	int len = -1, checked = 0;
84
85	if (comp_dn < msg || comp_dn >= eomorig)
86		return (-1);
87
88	dn = exp_dn;
89	cp = comp_dn;
90	if (length > HOST_NAME_MAX)
91		length = HOST_NAME_MAX;
92	eom = exp_dn + length;
93	/*
94	 * fetch next label in domain name
95	 */
96	while ((n = *cp++)) {
97		if (cp >= eomorig)	/* out of range */
98			return (-1);
99
100		/*
101		 * Check for indirection
102		 */
103		switch (n & INDIR_MASK) {
104		case 0:
105			if (dn != exp_dn) {
106				if (dn >= eom)
107					return (-1);
108				*dn++ = '.';
109			}
110			if (dn+n >= eom)
111				return (-1);
112			checked += n + 1;
113			while (--n >= 0) {
114				if (((c = *cp++) == '.') || (c == '\\')) {
115					if (dn + n + 2 >= eom)
116						return (-1);
117					*dn++ = '\\';
118				}
119				*dn++ = c;
120				if (cp >= eomorig)	/* out of range */
121					return (-1);
122			}
123			break;
124
125		case INDIR_MASK:
126			if (len < 0)
127				len = cp - comp_dn + 1;
128			cp = msg + (((n & 0x3f) << 8) | (*cp & 0xff));
129			if (cp < msg || cp >= eomorig)	/* out of range */
130				return (-1);
131			checked += 2;
132			/*
133			 * Check for loops in the compressed name;
134			 * if we've looked at the whole message,
135			 * there must be a loop.
136			 */
137			if (checked >= eomorig - msg)
138				return (-1);
139			break;
140
141		default:
142			return (-1);			/* flag error */
143		}
144	}
145	*dn = '\0';
146	if (len < 0)
147		len = cp - comp_dn;
148	return (len);
149}
150DEF_WEAK(dn_expand);
151
152/*
153 * Compress domain name 'exp_dn' into 'comp_dn'.
154 * Return the size of the compressed name or -1.
155 * 'length' is the size of the array pointed to by 'comp_dn'.
156 * 'dnptrs' is a list of pointers to previous compressed names. dnptrs[0]
157 * is a pointer to the beginning of the message. The list ends with NULL.
158 * 'lastdnptr' is a pointer to the end of the array pointed to
159 * by 'dnptrs'. Side effect is to update the list of pointers for
160 * labels inserted into the message as we compress the name.
161 * If 'dnptr' is NULL, we don't try to compress names. If 'lastdnptr'
162 * is NULL, we don't update the list.
163 */
164int
165dn_comp(const char *exp_dn, u_char *comp_dn, int length, u_char **dnptrs,
166    u_char **lastdnptr)
167{
168	u_char *cp, *dn;
169	int c, l;
170	u_char **cpp, **lpp, *sp, *eob;
171	u_char *msg;
172
173	dn = (u_char *)exp_dn;
174	cp = comp_dn;
175	eob = cp + length;
176	lpp = cpp = NULL;
177	if (dnptrs != NULL) {
178		if ((msg = *dnptrs++) != NULL) {
179			for (cpp = dnptrs; *cpp != NULL; cpp++)
180				;
181			lpp = cpp;	/* end of list to search */
182		}
183	} else
184		msg = NULL;
185	for (c = *dn++; c != '\0'; ) {
186		/* look to see if we can use pointers */
187		if (msg != NULL) {
188			if ((l = dn_find(dn-1, msg, dnptrs, lpp)) >= 0) {
189				if (cp+1 >= eob)
190					return (-1);
191				*cp++ = (l >> 8) | INDIR_MASK;
192				*cp++ = l % 256;
193				return (cp - comp_dn);
194			}
195			/* not found, save it */
196			if (lastdnptr != NULL && cpp < lastdnptr-1) {
197				*cpp++ = cp;
198				*cpp = NULL;
199			}
200		}
201		sp = cp++;	/* save ptr to length byte */
202		do {
203			if (c == '.') {
204				c = *dn++;
205				break;
206			}
207			if (c == '\\') {
208				if ((c = *dn++) == '\0')
209					break;
210			}
211			if (cp >= eob) {
212				if (msg != NULL)
213					*lpp = NULL;
214				return (-1);
215			}
216			*cp++ = c;
217		} while ((c = *dn++) != '\0');
218		/* catch trailing '.'s but not '..' */
219		if ((l = cp - sp - 1) == 0 && c == '\0') {
220			cp--;
221			break;
222		}
223		if (l <= 0 || l > MAXLABEL) {
224			if (msg != NULL)
225				*lpp = NULL;
226			return (-1);
227		}
228		*sp = l;
229	}
230	if (cp >= eob) {
231		if (msg != NULL)
232			*lpp = NULL;
233		return (-1);
234	}
235	*cp++ = '\0';
236	return (cp - comp_dn);
237}
238
239/*
240 * Skip over a compressed domain name. Return the size or -1.
241 */
242int
243__dn_skipname(const u_char *comp_dn, const u_char *eom)
244{
245	const u_char *cp;
246	int n;
247
248	cp = comp_dn;
249	while (cp < eom && (n = *cp++)) {
250		/*
251		 * check for indirection
252		 */
253		switch (n & INDIR_MASK) {
254		case 0:			/* normal case, n == len */
255			cp += n;
256			continue;
257		case INDIR_MASK:	/* indirection */
258			cp++;
259			break;
260		default:		/* illegal type */
261			return (-1);
262		}
263		break;
264	}
265	if (cp > eom)
266		return (-1);
267	return (cp - comp_dn);
268}
269
270/*
271 * Search for expanded name from a list of previously compressed names.
272 * Return the offset from msg if found or -1.
273 * dnptrs is the pointer to the first name on the list,
274 * not the pointer to the start of the message.
275 */
276static int
277dn_find(u_char *exp_dn, u_char *msg, u_char **dnptrs, u_char **lastdnptr)
278{
279	u_char *dn, *cp, **cpp;
280	int n;
281	u_char *sp;
282
283	for (cpp = dnptrs; cpp < lastdnptr; cpp++) {
284		dn = exp_dn;
285		sp = cp = *cpp;
286		while ((n = *cp++)) {
287			/*
288			 * check for indirection
289			 */
290			switch (n & INDIR_MASK) {
291			case 0:		/* normal case, n == len */
292				while (--n >= 0) {
293					if (*dn == '.')
294						goto next;
295					if (*dn == '\\')
296						dn++;
297					if (tolower((unsigned char)*dn++) !=
298					    tolower((unsigned char)*cp++))
299						goto next;
300				}
301				if ((n = *dn++) == '\0' && *cp == '\0')
302					return (sp - msg);
303				if (n == '.')
304					continue;
305				goto next;
306
307			case INDIR_MASK:	/* indirection */
308				cp = msg + (((n & 0x3f) << 8) | *cp);
309				break;
310
311			default:	/* illegal type */
312				return (-1);
313			}
314		}
315		if (*dn == '\0')
316			return (sp - msg);
317	next:	;
318	}
319	return (-1);
320}
321
322/*
323 * Verify that a domain name uses an acceptable character set.
324 */
325
326/*
327 * Note the conspicuous absence of ctype macros in these definitions.  On
328 * non-ASCII hosts, we can't depend on string literals or ctype macros to
329 * tell us anything about network-format data.  The rest of the BIND system
330 * is not careful about this, but for some reason, we're doing it right here.
331 */
332#define PERIOD 0x2e
333#define	hyphenchar(c) ((c) == 0x2d)
334#define bslashchar(c) ((c) == 0x5c)
335#define underscorechar(c) ((c) == 0x5f)
336#define periodchar(c) ((c) == PERIOD)
337#define asterchar(c) ((c) == 0x2a)
338#define alphachar(c) (((c) >= 0x41 && (c) <= 0x5a) \
339		   || ((c) >= 0x61 && (c) <= 0x7a))
340#define digitchar(c) ((c) >= 0x30 && (c) <= 0x39)
341
342#define borderchar(c) (alphachar(c) || digitchar(c))
343#define middlechar(c) (borderchar(c) || hyphenchar(c) || underscorechar(c))
344#define	domainchar(c) ((c) > 0x20 && (c) < 0x7f)
345
346int
347__res_hnok(const char *dn)
348{
349	int pch = PERIOD, ch = *dn++;
350
351	while (ch != '\0') {
352		int nch = *dn++;
353
354		if (periodchar(ch)) {
355			;
356		} else if (periodchar(pch)) {
357			if (!borderchar(ch))
358				return (0);
359		} else if (periodchar(nch) || nch == '\0') {
360			if (!borderchar(ch))
361				return (0);
362		} else {
363			if (!middlechar(ch))
364				return (0);
365		}
366		pch = ch, ch = nch;
367	}
368	return (1);
369}
370DEF_STRONG(__res_hnok);
371
372/*
373 * hostname-like (A, MX, WKS) owners can have "*" as their first label
374 * but must otherwise be as a host name.
375 */
376int
377res_ownok(const char *dn)
378{
379	if (asterchar(dn[0])) {
380		if (periodchar(dn[1]))
381			return (res_hnok(dn+2));
382		if (dn[1] == '\0')
383			return (1);
384	}
385	return (res_hnok(dn));
386}
387
388/*
389 * SOA RNAMEs and RP RNAMEs can have any printable character in their first
390 * label, but the rest of the name has to look like a host name.
391 */
392int
393res_mailok(const char *dn)
394{
395	int ch, escaped = 0;
396
397	/* "." is a valid missing representation */
398	if (*dn == '\0')
399		return(1);
400
401	/* otherwise <label>.<hostname> */
402	while ((ch = *dn++) != '\0') {
403		if (!domainchar(ch))
404			return (0);
405		if (!escaped && periodchar(ch))
406			break;
407		if (escaped)
408			escaped = 0;
409		else if (bslashchar(ch))
410			escaped = 1;
411	}
412	if (periodchar(ch))
413		return (res_hnok(dn));
414	return(0);
415}
416
417/*
418 * This function is quite liberal, since RFC 1034's character sets are only
419 * recommendations.
420 */
421int
422res_dnok(const char *dn)
423{
424	int ch;
425
426	while ((ch = *dn++) != '\0')
427		if (!domainchar(ch))
428			return (0);
429	return (1);
430}
431
432/*
433 * Routines to insert/extract short/long's.
434 */
435
436u_int16_t
437_getshort(const u_char *msgp)
438{
439	u_int16_t u;
440
441	GETSHORT(u, msgp);
442	return (u);
443}
444DEF_STRONG(_getshort);
445
446u_int32_t
447_getlong(const u_char *msgp)
448{
449	u_int32_t u;
450
451	GETLONG(u, msgp);
452	return (u);
453}
454DEF_STRONG(_getlong);
455
456void
457__putshort(u_int16_t s, u_char *msgp)
458{
459	PUTSHORT(s, msgp);
460}
461
462void
463__putlong(u_int32_t l, u_char *msgp)
464{
465	PUTLONG(l, msgp);
466}
467